Menu
  • Home
  • My Books
  • Courses
  • About Me
  • Contact
  • Home
  • My Books
  • Courses
  • About Me
  • Contact

Brett Shavers | Ramblings

Brett's Ramblings

Subscribe to blog
Unsubscribe from blog
Settings
Sign In
If you are new here, Register
  • Forget Username
  • Reset Password

Digital Forensics

JAN
01
2

5 tips in how not to be outdone, outmaneuvered, or just outright embarrassed in DFIR.

Posted by Brett Shavers
in  Digital Forensics
Even a monkey can fall out of a tree.
Short version:
  1. Bring your A Game
  2. Don’t hold back
  3. Be prepared
  4. Know what you claim to know
  5. Fight complacency&... Continue reading 8165 Hits EasyBlog.require() .script("site/bookmarklet") .done(function($) { $('#sb-1239697309').bookmarklet('facebook', { "url": "https://brettshavers.com/brett-s-blog/entry/5-tips-in-how-not-to-be-outdone-outmaneuvered-or-just-outright-embarrassed-in-dfir", "send": "1", "size": "small", "verb": "like", "locale": "en_GB", "theme": "light", "tracking" : false }); }); EasyBlog.require() .script("site/bookmarklet") .done(function($) { $('#sb-1282565293').bookmarklet('linkedin', { "url": "https://brettshavers.com/brett-s-blog/entry/5-tips-in-how-not-to-be-outdone-outmaneuvered-or-just-outright-embarrassed-in-dfir", "size": "small" }); }); Tweet Recent Comments Steve Whalen Awesome blog post Brett! I've always been a big fan of yours! We are making the blog post required reading for everyone on our te... Read More Thursday, 03 January 2019 20:06 Brett Shavers way kind, and right back at ya. Thursday, 03 January 2019 23:09 8165 Hits { "@context": "http://schema.org", "mainEntityOfPage": "https://brettshavers.com/brett-s-blog/entry/5-tips-in-how-not-to-be-outdone-outmaneuvered-or-just-outright-embarrassed-in-dfir", "@type": "BlogPosting", "headline": "5 tips in how not to be outdone, outmaneuvered, or just outright embarrassed in DFIR.", "image": "https://brettshavers.com/images/easyblog_articles/621/b2ap3_thumbnail_RPDwreck.jpg", "editor": "Brett Shavers", "genre": "Digital Forensics", "publisher": { "@type": "Organization", "name": "Brett Shavers", "logo": {"@type":"ImageObject","url":"https:\/\/brettshavers.com\/media\/com_easyblog\/images\/schema\/logo.png","width":60,"height":60} }, "datePublished": "2019-01-01", "dateCreated": "2019-01-01", "dateModified": "2019-01-04", "description": "forensics and things", "author": { "@type": "Person", "name": "Brett Shavers", "image": "https://brettshavers.com/images/easyblog_avatar/42_brett.JPG" } } DEC 23 0 Only race cars should burnout. Posted by Brett Shavers in Digital Forensics This week, @taosecurity ( Richard Bejtlich ) wrote an important blog post on managing burnout ( Managing Burnout ). As he mentions in the first sentence, he is not talking only about information security, but burnout in any profession. I’m certainly ... Continue reading 25591 Hits EasyBlog.require() .script("site/bookmarklet") .done(function($) { $('#sb-379374782').bookmarklet('facebook', { "url": "https://brettshavers.com/brett-s-blog/entry/only-race-cars-should-burnout", "send": "1", "size": "small", "verb": "like", "locale": "en_GB", "theme": "light", "tracking" : false }); }); EasyBlog.require() .script("site/bookmarklet") .done(function($) { $('#sb-1779345549').bookmarklet('linkedin', { "url": "https://brettshavers.com/brett-s-blog/entry/only-race-cars-should-burnout", "size": "small" }); }); Tweet 25591 Hits { "@context": "http://schema.org", "mainEntityOfPage": "https://brettshavers.com/brett-s-blog/entry/only-race-cars-should-burnout", "@type": "BlogPosting", "headline": "Only race cars should burnout.", "image": "https://brettshavers.com/images/images/burnout.JPG", "editor": "Brett Shavers", "genre": "Digital Forensics", "publisher": { "@type": "Organization", "name": "Brett Shavers", "logo": {"@type":"ImageObject","url":"https:\/\/brettshavers.com\/media\/com_easyblog\/images\/schema\/logo.png","width":60,"height":60} }, "datePublished": "2018-12-23", "dateCreated": "2018-12-23", "dateModified": "2019-09-02", "description": "forensics and things", "author": { "@type": "Person", "name": "Brett Shavers", "image": "https://brettshavers.com/images/easyblog_avatar/42_brett.JPG" } } DEC 19 0 Break dancing does not increase officer safety. Posted by Brett Shavers in Digital Forensics Call me paranoid. It’s okay. I’ve been called worse. Nothing I am saying in this post will harm officer safety and actually should increase it. The public needs to tell cops to stop being online marketing tools. PIOs choose to be a public figure, but... Continue reading 1612 Hits EasyBlog.require() .script("site/bookmarklet") .done(function($) { $('#sb-1127545').bookmarklet('facebook', { "url": "https://brettshavers.com/brett-s-blog/entry/break-dancing-does-not-increase-officer-safety", "send": "1", "size": "small", "verb": "like", "locale": "en_GB", "theme": "light", "tracking" : false }); }); EasyBlog.require() .script("site/bookmarklet") .done(function($) { $('#sb-100801542').bookmarklet('linkedin', { "url": "https://brettshavers.com/brett-s-blog/entry/break-dancing-does-not-increase-officer-safety", "size": "small" }); }); Tweet 1612 Hits { "@context": "http://schema.org", "mainEntityOfPage": "https://brettshavers.com/brett-s-blog/entry/break-dancing-does-not-increase-officer-safety", "@type": "BlogPosting", "headline": "Break dancing does not increase officer safety.", "image": "https://brettshavers.com/images/face.JPG", "editor": "Brett Shavers", "genre": "Digital Forensics", "publisher": { "@type": "Organization", "name": "Brett Shavers", "logo": {"@type":"ImageObject","url":"https:\/\/brettshavers.com\/media\/com_easyblog\/images\/schema\/logo.png","width":60,"height":60} }, "datePublished": "2018-12-19", "dateCreated": "2018-12-19", "dateModified": "2018-12-20", "description": "forensics and things", "author": { "@type": "Person", "name": "Brett Shavers", "image": "https://brettshavers.com/images/easyblog_avatar/42_brett.JPG" } } Previous Next 3 4 5 6 7 8 9 10 11 12 EasyBlog.require() .script('site/posts/posts') .done(function($) { $('[data-blog-posts]').implement(EasyBlog.Controller.Posts, { "ratings": false }); }); EasyBlog.ready(function($){ $('[data-show-all-authors]').on('click', function() { $('[data-author-item]').each(function() { $(this).find('img').attr('src', $(this).data('src')); $(this).removeClass('hide'); }); // Hide the button block $(this).addClass('hide'); }); $('[data-more-categories-link]').on('click', function() { $(this).hide(); $('[data-more-categories]').css('display', 'inline-block'); }); }); EasyBlog.ready(function($){ // Prevent closing $(document).on('click.toolbar', '[data-eb-toolbar-dropdown]', function(event) { event.stopPropagation(); }); // Logout $(document).on('click', '[data-blog-toolbar-logout]', function(event) { $('[data-blog-logout-form]').submit(); }); // Search $('[data-eb-toolbar-search]').on('click', function() { $('[data-eb-toolbar-search-wrapper]').toggleClass('hide'); }); }); Brett's blog Posts List EasyBlog.ready(function($) { $('[data-module-easybloglist-5e813e8e05983]').on('change', function() { var item = $(this).children(':selected'); window.location = item.data('permalink'); }); }); Select a blog entry But does it do Mac? WinFE Demo Online OSForensics Triage Notes and WinFE How easy (or difficult) is it to build a WinFE with WinBuilder? Friendly reminders are always nice Sharing the love with WinFE An update to a long awaited project Building your WinFE Update Colin's Write Protect Application WinFE Script Updated For those that still haven't tried WinFE.... Winbuilder Tutorial WinFE "Lite" Creating a VMware Virtual Machine from a Raw Image File How many users of WinFE? Getting Ready for a Shadow Volume Exam Adding Our Target System to Our SEAT Workstation "Remote" Collections with WinFE, a neat trick Mounting Shadow Volumes A little reminder about 'write protection' Colin's Final Version of his write protect application X-Ways Forensics Practitioner's Guide is coming! Windows 8 and WinFE Getting a Quick Look at Shadow Volumes RAIDs & Virtual Machines WinFE Presentation WinFE updated Build questions 2012 in review 2012 in review WinFE Presentation in Seattle X-Ways Forensics Install Manager Chapter 3 is in tech review! CTIN 2013 Presentation Talking about XWF in the CTIN Digital Forensics Conference Chapter 6 is wrapping up! Placing the Suspect Behind the Keyboard - NEW BOOK! X-Tensions, what would you like to see it do? XWFIM updated Coming soon...X-Ways Forensics Report Tweaker, or XWFRT for short XWFRT now available XWFRT 0.0.4.6 released XWFRT and XWFIM updated XWFIM goes International! XWFRT updated to 0.4.8 Table of contents updated! Case Studies with X-Ways WinFE and UEFI Secure Boot! Starting the last chapter! Starting the last chapter! Multiple File Finder X-Tension for X-Ways Forensics Case Studies XWFIM updated Take the XWF class or buy the book? Is WinFE still being used? Writing is done! About those case studies..... The bar is now closed... "This book is going to be great!" XWFIM version 0.0.5.4 released Hitler rants about Encase training policies - Downfall parody Running Autopsy 3 Digital Forensics Platform on WinFE Lite for Triage Forensics XWF Practitioner's Guide Date Change A great interview with Author Eric Zimmerman. Making the build even easier A few more days... Now this is good. Another free tool for X-Ways, from Magnet Forensics 40% Discount off the X-Ways Forensics Practitioner's Guide Some bad news and some good news on the XWF Guide... Temporary 40% discount on a book I wrote Last day for the 40% discount on the XWF Guide! The XWF Guide discount ship has sailed The X-Ways Forensics Practitioners Guide is available in Kindle! Book stuff Guess I'm not the only one with a Kindle... Elsevier SciTechConnect The XWF Guide aka, "going like hot cakes" Positive Feedback Want a free and signed copy of the XWF Guide? It's yours! XWF Guide Review by Ken Pryor Another short-run sale XWF Guide as #2 best seller (in Forensic Science) on Amazon Clean up on aisle 7... X-Ways Users Conference Cool. Download the XWF Guide to your iPad, iPhone, iTouch, or iPod Hindsight is 20-20 Creating distributable test images Best publicly available testing of WinFE I've seen to date Another discount on the XWF Guide at $37.96 Updated link on the Mistype project Mini-WinFE X-Ways Forensics and WinFE Mini-WinFE is out of beta! Quick video on building a Mini-WinFE WinFE article in eForensics Magazine Imaging with X-Ways Forensics Cloud Storage Forensics and XWF Something else cool about XWF A very kind review of Placing the Suspect Behind the Keyboard X-PERT Certification Program CyberCrime 2013 Symposium XWF Guide translations X-Ways Forensics Imaging Article X-Ways Forensics Install Manager Cool update to the XWFIM, Portable Install Integrated Scripts to WinFE Thesis on WinFE, shared by Alex Van Ginkel Cloud Storage Forensics book review Cloud Storage Forensics Natural Progression for New Users of WinFE More WinFE work and research! Windows Forensic Analysis, Fourth Edition WFA/4e No surprise. XWF does something other tools don't WinFE has some street cred with the Scientific Working Group on Digital Evidence Hacking Exposed - Daily Blog #242, How to build WinFE to add to the Multiboot thumbdrive Another reason to use, try, or at least just learn about XWF A gathering of the X-Ways users in Australia From Hacking Exposed: Adding the WinFE Image to the Multiboot Thumbdrive Image (Video) WinFE (and of course, XWF) Not X-Ways, but of interest to Encase users Network Investigation & Digital Triage by SEARCH.org Hey look! Now there is a book on FTK. "Placing the Suspect Behind the Keyboard" discount code Humbled and honored Vote for your favorite book. Vote for your favorite book Book Review: Windows Forensic Analysis Toolkit, 4th Edition WinFE Success Story Free Course Materials - Placing the Suspect Behind the Keyboard Mini-WinFE Updated www.reboot.pro discussion | DMDE - Basic Disk Imaging Test (and results) Suggestions for a WinFE Imaging Tool Based on Clonedisk? "Based upon the test results it is possible to run all versions of WinPE on a system with only 128 MB of system RAM" Coming Soon, Online WinFE Training Program A Quicker Way to the Shadow Volumes and Dealing with Win 8 VHDXs Some Interesting WinFE Related Stuff I Found Online Vote for the best book right away! WinFE Course Don't blame me... WinFE online is done, except for a few little things Digital Forensics Book of the Year! New X-Tension: Up to 30GB min speeds on SSD drives! Windows Forensic Environment - WinFE Online Course Now Available WinFE course snafu Keep up with WinFE on Twitter X-Ways Forensics Online Training Mini-WinFE has been updated X-Ways Forensics Practitioner's Guide Online II Thanks to Ken Pryor for his kind review of the WinFE online course Last day of discounted X-Ways Forensics online course Cool work at the Windows Triage Environment Free WinFE course SEARCH High-Tech Crime Trainers to Debut WinFE as a new topic X-Ways MD5 Hash Manipulator BlockHasher for XWF WinFE Taught in Australia C4All X-Tension for CETS users Forensic Training with WinFE. Cool. XWF II and III... New version of X-Tension USB Malware and WinFE Workarounds to Workarounds (and some hints & reminders) Image a Surface Pro using bootable UEFI WinFE Updates to X-tension and Hash File Manipultator Barely any updates to WinFE :( C4All X-tension update Is it worth the time to figure out WinFE? More on Autopsy and WInFE Another Discount on the XWF Guide at $37.96 Book Review: Windows Forensic Analysis Toolkit, 4th Edition X-Ways Online Training Course I had a blast presenting for ICAC at Microsot Tor is perfect! (except for the user....) A little update coming for Mini-WinFE Teaching Digital Forensics at the University of Washington Libraries and the Tor Browser Massive Government Surveillance - Not a new thing RegRipper The best part of writing a book is finishing the book. What is this thing "privacy" you speak of? Tech Talk Can Get You Lost in Lingo Bio-hacked humans and digital forensic issues... Books written by practitioners are many times better than those written by those who 'never done it' Apple. Oranges. And Encryption. Let's not go all Patriot Act on this Apple - FBI encryption thing. Dude, just write the book. The four corners of the Apple v FBI encryption debacle Barking up the Encryption Tree. You're doing it wrong. I'm just a Tor exit node! I'm just a Tor exit node! When everyone's talking about it Reviewing a tech book technically makes you a peer reviewer… Behind the Keyboard - Enfuse 2016 Presentation download The Secret to Becoming More-Than-Competent in Your Job Compiling Identity in Cyber Investigations Never a shortage of examples Mini-WinFE and XWF The Value of a Good Book in the Forensics World of Things Tag Cloudimaging case studies Bitcoin Forensics Registry Forensics wiretap investigation privacy X-Ways Forensics dfir windows forensic environment North korea Windows Forensic Environment book Jimmy Weg Hacker windows fe bitcoin Hiding Behind the Keyboard writing bitcoin forensics tor browser email Placing the Suspect Behind the Keyboard 4cast investigations X-Ways Forensics Practitioner's Guide training surveillance phishing Volume Shadow Copy presentations gmail RegRipper Virtualization forensics winfe University of Washington Search Blog Search DFIR Training Be sure to check out my DFIR Training website for practically the best resources for all things Digital Forensics/Incident Response related. Even better, support DFIR Training at Patreon and get access to multiple online courses in digital forensics with included ebooks! http://www.patreon.com/DFIRTraining {source}

© 2020 Brett Shavers