Swift on Security tweeted a great article. The article is not great as a well-written piece or containing earth shattering news piece, but more that the article brings up a few questions and assumptions to think about on any legal matter. &l...
Continue reading
18312 Hits
EasyBlog.require()
.script("site/bookmarklet")
.done(function($) {
$('#sb-1460252619').bookmarklet('facebook', {
"url": "https://brettshavers.com/brett-s-blog/entry/you-re-guilty-unless-you-can-prove-it",
"send": "1",
"size": "small",
"verb": "like",
"locale": "en_GB",
"theme": "light",
"tracking" : false });
});
EasyBlog.require()
.script("site/bookmarklet")
.done(function($) {
$('#sb-569672676').bookmarklet('linkedin', {
"url": "https://brettshavers.com/brett-s-blog/entry/you-re-guilty-unless-you-can-prove-it",
"size": "small"
});
});
Tweet
18312 Hits
{
"@context": "http://schema.org",
"mainEntityOfPage": "https://brettshavers.com/brett-s-blog/entry/you-re-guilty-unless-you-can-prove-it",
"@type": "BlogPosting",
"headline": "'You're guilty unless you can prove it'",
"image": "https://brettshavers.com/images/tufts.jpg",
"editor": "Brett Shavers",
"genre": "Digital Forensics",
"publisher": {
"@type": "Organization",
"name": "Brett Shavers",
"logo": {"@type":"ImageObject","url":"https:\/\/brettshavers.com\/media\/com_easyblog\/images\/schema\/logo.png","width":60,"height":60} },
"datePublished": "2019-03-09",
"dateCreated": "2019-03-09",
"dateModified": "2019-03-09",
"description": "forensics and things",
"author": {
"@type": "Person",
"name": "Brett Shavers",
"image": "https://brettshavers.com/images/easyblog_avatar/42_brett.JPG"
}
}
MAR
05
0
“I've answered questions, responded to emails, and been on phone calls...when asked.” – Harlan Carvey
Posted by Brett Shavers
in
Digital Forensics
I feel obligated to respond to one of Harlan Carvey’s points in his recent blog post, Book Writing Misconceptions ( https://windowsir.blogspot.com/2019/03/book-writing-misconceptions.html ). I agree with everything he points out about book writ...
Continue reading
2696 Hits
EasyBlog.require()
.script("site/bookmarklet")
.done(function($) {
$('#sb-1647596965').bookmarklet('facebook', {
"url": "https://brettshavers.com/brett-s-blog/entry/i-ve-answered-questions-responded-to-emails-and-been-on-phone-calls-when-asked-harlan-carvey",
"send": "1",
"size": "small",
"verb": "like",
"locale": "en_GB",
"theme": "light",
"tracking" : false });
});
EasyBlog.require()
.script("site/bookmarklet")
.done(function($) {
$('#sb-801424976').bookmarklet('linkedin', {
"url": "https://brettshavers.com/brett-s-blog/entry/i-ve-answered-questions-responded-to-emails-and-been-on-phone-calls-when-asked-harlan-carvey",
"size": "small"
});
});
Tweet
2696 Hits
{
"@context": "http://schema.org",
"mainEntityOfPage": "https://brettshavers.com/brett-s-blog/entry/i-ve-answered-questions-responded-to-emails-and-been-on-phone-calls-when-asked-harlan-carvey",
"@type": "BlogPosting",
"headline": "“I've answered questions, responded to emails, and been on phone calls...when asked.” – Harlan Carvey",
"image": "https://brettshavers.com/images/images/phone.jpg",
"editor": "Brett Shavers",
"genre": "Digital Forensics",
"publisher": {
"@type": "Organization",
"name": "Brett Shavers",
"logo": {"@type":"ImageObject","url":"https:\/\/brettshavers.com\/media\/com_easyblog\/images\/schema\/logo.png","width":60,"height":60} },
"datePublished": "2019-03-05",
"dateCreated": "2019-03-05",
"dateModified": "2019-03-06",
"description": "forensics and things",
"author": {
"@type": "Person",
"name": "Brett Shavers",
"image": "https://brettshavers.com/images/easyblog_avatar/42_brett.JPG"
}
}
Previous
Next
1
2
3
4
5
6
7
8
9
10
EasyBlog.require()
.script('site/posts/posts')
.done(function($) {
$('[data-blog-posts]').implement(EasyBlog.Controller.Posts, {
"ratings": false });
});
EasyBlog.ready(function($){
$('[data-show-all-authors]').on('click', function() {
$('[data-author-item]').each(function() {
$(this).find('img').attr('src', $(this).data('src'));
$(this).removeClass('hide');
});
// Hide the button block
$(this).addClass('hide');
});
$('[data-more-categories-link]').on('click', function() {
$(this).hide();
$('[data-more-categories]').css('display', 'inline-block');
});
});
EasyBlog.ready(function($){
// Prevent closing
$(document).on('click.toolbar', '[data-eb-toolbar-dropdown]', function(event) {
event.stopPropagation();
});
// Logout
$(document).on('click', '[data-blog-toolbar-logout]', function(event) {
$('[data-blog-logout-form]').submit();
});
// Search
$('[data-eb-toolbar-search]').on('click', function() {
$('[data-eb-toolbar-search-wrapper]').toggleClass('hide');
});
});
Brett's blog
Posts List
EasyBlog.ready(function($) {
$('[data-module-easybloglist-5dd64aab60e3d]').on('change', function() {
var item = $(this).children(':selected');
window.location = item.data('permalink');
});
});
Select a blog entry
FTK Imager 3.0 in the Windows Forensic Environment
What makes WinFE better/different than other forensic boot discs?
WinFE and Triage
MobaLiveCD
WinBuilder Revisited
Do you wanna be a beta tester for WinFE?
Updated video and other things
Portable Internet Evidence Finder and WinFE
It's time to build your WinFE!
But does it do Mac?
WinFE Demo Online
OSForensics
Triage Notes and WinFE
How easy (or difficult) is it to build a WinFE with WinBuilder?
Friendly reminders are always nice
Sharing the love with WinFE
An update to a long awaited project
Building your WinFE Update
Colin's Write Protect Application
WinFE Script Updated
For those that still haven't tried WinFE....
Winbuilder Tutorial
WinFE "Lite"
Creating a VMware Virtual Machine from a Raw Image File
How many users of WinFE?
Getting Ready for a Shadow Volume Exam
Adding Our Target System to Our SEAT Workstation
"Remote" Collections with WinFE, a neat trick
Mounting Shadow Volumes
A little reminder about 'write protection'
Colin's Final Version of his write protect application
X-Ways Forensics Practitioner's Guide is coming!
Windows 8 and WinFE
Getting a Quick Look at Shadow Volumes
RAIDs & Virtual Machines
WinFE Presentation
WinFE updated
Build questions
2012 in review
2012 in review
WinFE Presentation in Seattle
X-Ways Forensics Install Manager
Chapter 3 is in tech review!
CTIN 2013 Presentation
Talking about XWF in the CTIN Digital Forensics Conference
Chapter 6 is wrapping up!
Placing the Suspect Behind the Keyboard - NEW BOOK!
X-Tensions, what would you like to see it do?
XWFIM updated
Coming soon...X-Ways Forensics Report Tweaker, or XWFRT for short
XWFRT now available
XWFRT 0.0.4.6 released
XWFRT and XWFIM updated
XWFIM goes International!
XWFRT updated to 0.4.8
Table of contents updated!
Case Studies with X-Ways
WinFE and UEFI Secure Boot!
Starting the last chapter!
Starting the last chapter!
Multiple File Finder X-Tension for X-Ways Forensics
Case Studies
XWFIM updated
Take the XWF class or buy the book?
Is WinFE still being used?
Writing is done!
About those case studies.....
The bar is now closed...
"This book is going to be great!"
XWFIM version 0.0.5.4 released
Hitler rants about Encase training policies - Downfall parody
Running Autopsy 3 Digital Forensics Platform on WinFE Lite for Triage Forensics
XWF Practitioner's Guide Date Change
A great interview with Author Eric Zimmerman.
Making the build even easier
A few more days...
Now this is good.
Another free tool for X-Ways, from Magnet Forensics
40% Discount off the X-Ways Forensics Practitioner's Guide
Some bad news and some good news on the XWF Guide...
Temporary 40% discount on a book I wrote
Last day for the 40% discount on the XWF Guide!
The XWF Guide discount ship has sailed
The X-Ways Forensics Practitioners Guide is available in Kindle!
Book stuff
Guess I'm not the only one with a Kindle...
Elsevier SciTechConnect
The XWF Guide aka, "going like hot cakes"
Positive Feedback
Want a free and signed copy of the XWF Guide? It's yours!
XWF Guide Review by Ken Pryor
Another short-run sale
XWF Guide as #2 best seller (in Forensic Science) on Amazon
Clean up on aisle 7...
X-Ways Users Conference
Cool. Download the XWF Guide to your iPad, iPhone, iTouch, or iPod
Hindsight is 20-20
Creating distributable test images
Best publicly available testing of WinFE I've seen to date
Another discount on the XWF Guide at $37.96
Updated link on the Mistype project
Mini-WinFE
X-Ways Forensics and WinFE
Mini-WinFE is out of beta!
Quick video on building a Mini-WinFE
WinFE article in eForensics Magazine
Imaging with X-Ways Forensics
Cloud Storage Forensics and XWF
Something else cool about XWF
A very kind review of Placing the Suspect Behind the Keyboard
X-PERT Certification Program
CyberCrime 2013 Symposium
XWF Guide translations
X-Ways Forensics Imaging Article
X-Ways Forensics Install Manager
Cool update to the XWFIM, Portable Install
Integrated Scripts to WinFE
Thesis on WinFE, shared by Alex Van Ginkel
Cloud Storage Forensics book review
Cloud Storage Forensics
Natural Progression for New Users of WinFE
More WinFE work and research!
Windows Forensic Analysis, Fourth Edition
WFA/4e
No surprise. XWF does something other tools don't
WinFE has some street cred with the Scientific Working Group on Digital Evidence
Hacking Exposed - Daily Blog #242, How to build WinFE to add to the Multiboot thumbdrive
Another reason to use, try, or at least just learn about XWF
A gathering of the X-Ways users in Australia
From Hacking Exposed: Adding the WinFE Image to the Multiboot Thumbdrive Image (Video)
WinFE (and of course, XWF)
Not X-Ways, but of interest to Encase users
Network Investigation & Digital Triage by SEARCH.org
Hey look! Now there is a book on FTK.
"Placing the Suspect Behind the Keyboard" discount code
Humbled and honored
Vote for your favorite book.
Vote for your favorite book
Book Review: Windows Forensic Analysis Toolkit, 4th Edition
WinFE Success Story
Free Course Materials - Placing the Suspect Behind the Keyboard
Mini-WinFE Updated
www.reboot.pro discussion | DMDE - Basic Disk Imaging Test (and results)
Suggestions for a WinFE Imaging Tool Based on Clonedisk?
"Based upon the test results it is possible to run all versions of WinPE on a system with only 128 MB of system RAM"
Coming Soon, Online WinFE Training Program
A Quicker Way to the Shadow Volumes and Dealing with Win 8 VHDXs
Some Interesting WinFE Related Stuff I Found Online
Vote for the best book right away!
WinFE Course
Don't blame me...
WinFE online is done, except for a few little things
Digital Forensics Book of the Year!
New X-Tension: Up to 30GB min speeds on SSD drives!
Windows Forensic Environment - WinFE Online Course Now Available
WinFE course snafu
Keep up with WinFE on Twitter
X-Ways Forensics Online Training
Mini-WinFE has been updated
X-Ways Forensics Practitioner's Guide Online II
Thanks to Ken Pryor for his kind review of the WinFE online course
Last day of discounted X-Ways Forensics online course
Cool work at the Windows Triage Environment
Free WinFE course
SEARCH High-Tech Crime Trainers to Debut WinFE as a new topic
X-Ways MD5 Hash Manipulator
BlockHasher for XWF
WinFE Taught in Australia
C4All X-Tension for CETS users
Forensic Training with WinFE. Cool.
XWF II and III...
New version of X-Tension
USB Malware and WinFE
Workarounds to Workarounds (and some hints & reminders)
Image a Surface Pro using bootable UEFI WinFE
Updates to X-tension and Hash File Manipultator
Barely any updates to WinFE :(
C4All X-tension update
Is it worth the time to figure out WinFE?
More on Autopsy and WInFE
Another Discount on the XWF Guide at $37.96
Book Review: Windows Forensic Analysis Toolkit, 4th Edition
X-Ways Online Training Course
I had a blast presenting for ICAC at Microsot
Tor is perfect! (except for the user....)
A little update coming for Mini-WinFE
Teaching Digital Forensics at the University of Washington
Libraries and the Tor Browser
Massive Government Surveillance - Not a new thing
RegRipper
The best part of writing a book is finishing the book.
What is this thing "privacy" you speak of?
Tech Talk Can Get You Lost in Lingo
Bio-hacked humans and digital forensic issues...
Books written by practitioners are many times better than those written by those who 'never done it'
Apple. Oranges. And Encryption.
Let's not go all Patriot Act on this Apple - FBI encryption thing.
Dude, just write the book.
The four corners of the Apple v FBI encryption debacle
Barking up the Encryption Tree. You're doing it wrong.
Tag Cloudwindows forensic environment
forensics
wiretap
Windows Forensic Environment
4cast
investigations
Hiding Behind the Keyboard
writing
winfe
privacy
training
Placing the Suspect Behind the Keyboard
dfir
bitcoin forensics
Registry Forensics
email
tor browser
presentations
X-Ways Forensics Practitioner's Guide
windows fe
North korea
imaging
X-Ways Forensics
book
gmail
Virtualization
Bitcoin Forensics
RegRipper
Jimmy Weg
surveillance
case studies
phishing
bitcoin
Hacker
investigation
Volume Shadow Copy
University of Washington
Search Blog
Search
DFIR Training
Be sure to check out my DFIR Training website for practically the best resources for all things Digital Forensics/Incident Response related.
Even better, support DFIR Training at Patreon and get access to multiple online courses in digital forensics with included ebooks!
http://www.patreon.com/DFIRTraining
(adsbygoogle = window.adsbygoogle || []).push({});
{source}
