I was asked an age-old question via a Twitter DM today:”Should I pull the plug or…
Brett Shavers
When OSINT is turned into the Baseball Bat of Internet Mob Justice
We are of a curious mind, we the forensic examiners, private investigators, OSINT professionals, and journalists.…
I took a look at Instagram’s Terms of Service so that you won’t have to.
Who really reads the Terms of Service anyway?Are EULAs and TOSs intentionally designed as multi-page, single-spaced,…
White Paper: The Susceptibility of Interconnected Devices in a Global Concept as Surveillance Affects the Consumer-user
I read an article that China used technology to spy on users via their phones (https://www.theguardian.com/us-news/2020/dec/15/revealed-china-suspected-of-spying-on-americans-via-caribbean-phone-networks). Here…
How long does it take to get into the DFIR field?
Question I received: How long does it take before I can expect to get into a…
An expert is just one page in a book ahead of you
Let me dispel your notion of what an “expert” is. An expert is someone who has…
Should you improve your DFIR skills on your personal time?
Almost two years ago, I wrote about burning out in DFIR (“Only race cars should burn…
TikTok is like a big, greasy cheeseburger. We know it is bad for us, but don’t care.
Short version: Any social media platform can be compared to the biggest, greasiest cheeseburger that you…
Jessica Hyde and I talk about forensic stuff
Jessica Hyde of Magnet Forensics sat down together (virtually…) to talk about forensics. In case you…
Facebook Spoofing: Your Reputation, Investigations, and Massive Data Collection
A “new” article on imposter Facebook accounts was published today in the Philippines. I put “new”…
Language translation service: for fast and accurate data translation
Language failures caused by incorrectly translated documents can be costly to the company. This type of…
Add a Dab of Balance in your DFIR World
Jessica Hyde’s post of Giving Back in DFIR from 2018 is a great write up on…
The Easy Way to Learn DFIR
Summary There is no easy way to learn DFIR. You can stop reading from here if…
Game of Thrones, DFIR Style
Short post and quick opinion. I came across some tweets today about how bad people are…
Puking in DFIR
Admittedly, the title of this post is intentionally gross, because I am going to heave a…
The #1 Reason that DFIR practitioners don’t post opinions
Lesley Carhart tweeted today that a journalist used one of her tweets in an article…
If USB flash drives were shaped like spiders, we wouldn’t have these problems
I hate USB drives. My first experiences with the darn things was when I was a…
Overcommitted in DFIR
I have seen people be overcommitted, realize that they are overcommitted, yet continue forward in the…
‘You’re guilty unless you can prove it’
Swift on Security tweeted a great article. The article is not great as a well-written piece…
All you need is a tiny spark to solve your case.
During a recent workshop, one person in the class kept asking me for the magic bullet…
Some CONS are good. Some cons are bad.
The bad cons are the criminals that victimize you. The good CONS are the conferences that…
This is how I know someone will make it in DFIR (or in anything)
The #1 factor is not giving up. The #2 factor is talent. Actually, scratch #2. You…
5 tips in how not to be outdone, outmaneuvered, or just outright embarrassed in DFIR.
Short version: Bring your A Game Don’t hold back Be prepared Know what you claim to…
Only race cars should burnout.
This week, @taosecurity (Richard Bejtlich) wrote an important blog post on managing burnout (Managing Burnout). As…
What is the best way to get to Spokane from Seattle?
Stand by, here comes my opinion on forensic tools (software and hardware) I tend to prefer…