Menu
  • Home
  • My Books
  • Courses
  • My Events
  • About Me
  • Contact
  • Home
  • My Books
  • Courses
  • My Events
  • About Me
  • Contact

Brett Shavers | Ramblings

Brett's Ramblings

Subscribe to blog
Unsubscribe from blog
Settings
Sign In
If you are new here, Register
  • Forget Username
  • Reset Password

WinFE Presentation
I'll be giving a presentation at the CTIN Conference in Seattle, March 2013 on forensic boot systems...
By Brett Shavers
Saturday, 06 October 2012
Continue reading
WinFE Presentation
2012 in review
Brett Shavers
The WordPress.com stats helper monkeys prepared a 2012 annual report for this blog. Here's an excerp...
Sunday, 30 December 2012
2012 in review
Brett Shavers
The WordPress.com stats helper monkeys prepared a 2012 annual report for this blog. Here's an excerp...
Sunday, 30 December 2012
Build questions
Brett Shavers
I've fielded a few questions via email on building a WinFE over the past few days that I'd like to s...
Saturday, 27 October 2012
WinFE updated
Brett Shavers
Colin Ramsden updated his write protect applications and WinFE Lite files. http://www.ramsdens.org.u...
Monday, 15 October 2012
RAIDs & Virtual Machines
Brett Shavers
After a colleague posed a question about building VMs from RAIDs, I thought it might be a good topic...
Friday, 14 September 2012
Getting a Quick Look at Shadow Volumes
Brett Shavers
We’ve come to the point where we can conduct a rather complete exam of shadow volumes using dd and E...
Saturday, 08 September 2012
Windows 8 and WinFE
Brett Shavers
Just when you thought WinFE development was done.... Troy Larson (developer of WinFE) has created a ...
Wednesday, 22 August 2012
X-Ways Forensics Practitioner's Guide is coming!
Brett Shavers
Eric Zimmerman and Brett Shavers have started writing the "X-Ways Forensics Practitioner's Guide", d...
Monday, 20 August 2012
Colin's Final Version of his write protect application
Brett Shavers
This posting is copied from www.reboot.pro, posted by Colin Ramsden on his final version of the WinF...
Tuesday, 24 July 2012
A little reminder about 'write protection'
Brett Shavers
If you try hard enough, you can circumvent just about anything.  That includes hard drive write prot...
Sunday, 22 July 2012
Mounting Shadow Volumes
Brett Shavers
We’ve built our SEAT VM and added our target image to it as a virtual disk.  The first thing th...
Thursday, 12 July 2012
"Remote" Collections with WinFE, a neat trick
Brett Shavers
In civil litigation , the procedures for data collection are a little more relaxed as compared to cr...
Monday, 09 July 2012
Adding Our Target System to Our SEAT Workstation
Brett Shavers
In this step we’ll add our target system virtual disk to our SEAT VM.  We already have the targ...
Sunday, 08 July 2012
Getting Ready for a Shadow Volume Exam
Brett Shavers
We now have built a virtual machine from an image of the target system.  Next, we’ll build a Wi...
Friday, 29 June 2012
    Previous     Next
14 15 16 17 18 19 20 21 22 23

Brett's blog

Posts List

Tag Cloud

Windows Forensic Environment email forensics privacy tor browser dfir windows fe Bitcoin Forensics book training case studies North korea Hiding Behind the Keyboard X-Ways Forensics Practitioner's Guide bitcoin RegRipper winfe surveillance Virtualization 4cast University of Washington phishing writing bitcoin forensics windows forensic environment gmail Jimmy Weg Placing the Suspect Behind the Keyboard investigations Registry Forensics Volume Shadow Copy X-Ways Forensics presentations Hacker imaging investigation wiretap

Search Blog

DFIR Training

Be sure to check out my DFIR Training website for practically the best resources for all things Digital Forensics/Incident Response related.

Even better, support DFIR Training at Patreon and get access to multiple online courses in digital forensics with included ebooks!

http://www.patreon.com/DFIRTraining 

© 2019 Brett Shavers