Jessica Hyde’s post of Giving Back in DFIR from 2018 is a great write up on contributing to the DFIR … More Add a Dab of Balance in your DFIR World
All articles by Brett Shavers
Summary There is no easy way to learn DFIR. You can stop reading from here if you want. Longer version … More The Easy Way to Learn DFIR
Short post and quick opinion. I came across some tweets today about how bad people are in the #infosec/#DFIR community … More Game of Thrones, DFIR Style
Admittedly, the title of this post is intentionally gross, because I am going to heave a few things at you, … More Puking in DFIR
Lesley Carhart tweeted today that a journalist used one of her tweets in an article that would have been … More The #1 Reason that DFIR practitioners don’t post opinions
I hate USB drives. My first experiences with the darn things was when I was a young patrol officer and … More If USB flash drives were shaped like spiders, we wouldn’t have these problems
I have seen people be overcommitted, realize that they are overcommitted, yet continue forward in the most serious of situations. … More Overcommitted in DFIR
Swift on Security tweeted a great article. The article is not great as a well-written piece or containing earth shattering … More ‘You’re guilty unless you can prove it’
During a recent workshop, one person in the class kept asking me for the magic bullet to work his case. By … More All you need is a tiny spark to solve your case.
The bad cons are the criminals that victimize you. The good CONS are the conferences that you were glad to … More Some CONS are good. Some cons are bad.
The #1 factor is not giving up. The #2 factor is talent. Actually, scratch #2. You can make it without … More This is how I know someone will make it in DFIR (or in anything)
Short version: Bring your A Game Don’t hold back Be prepared Know what you claim to know Fight complacency The … More 5 tips in how not to be outdone, outmaneuvered, or just outright embarrassed in DFIR.
This week, @taosecurity (Richard Bejtlich) wrote an important blog post on managing burnout (Managing Burnout). As he mentions in the … More Only race cars should burnout.
Stand by, here comes my opinion on forensic tools (software and hardware) I tend to prefer having the option to … More What is the best way to get to Spokane from Seattle?
The mechanics of digital forensics (and its related cousin, incident response) are fairly easy. A computer is a computer is … More Digital Forensics is Really Easy
For engagements where my clients ask for help in preparing for a ransomware attack, the most asked question is, “Do … More On ransomware, my advice is different from that other guy’s advice.
I’m big on attribution in crimes. It is my personality and attitude, which you can probably tell from the things … More Don’t totally discount attribution in Incident Response work
Some have found a Patreon page that I created for the DFIR Training website (http://www.patreon.com/dfirtraining). Here is a short description … More What is this thing called “Patreon?”
For those working in DFIR, there are some who don’t travel, some who travel a lot, and some who travel all … More #DFIR Traveling Isn’t
If you haven’t seen yet, I started a Patreon page for DFIR Training (www.dfir.training). I’ve done this for a few reasons … More Patreon at DFIR Training
Let me get something out of the way: X-Ways Forensics (XWF) is not the only forensic suite I use. It just … More 101+ Tips & Tricks with X-Ways Forensics
So, you want to start a brand new, right-out-of-the-box, digital forensics lab in your police department? Want some tips? If … More How to Start a Digital Forensic Lab in Your Police Department
I had the pleasure of talking to a group of high schoolers about digital forensics recently. After showing some neat … More X-Ways Forensics Cheat Sheet and “Three Things”
I’ve read some really good material on the importance of taking notes over the years and a recent post written … More Brett’s opinion on DFIR notes and note-taking
Low Hanging Fruit: Evidence Based Solutions to the Digital Evidence Challenge When I first saw the title, I thought this … More Low-Hanging Fruit Report