Brett Shavers

I was on Darknet Diaries Ep. 165! Learn about dumb buildings with malware, how going to the dentist can get you in hot water, and that sharing breach information can you get buy in with software developers.
YouTube: https://twp.ai/9PYHxj
Or any podcast platform

Legal Unpacked E3: Proving who was holding the phone: Drafting warrants that explain the need for user attribution - Magnet Forensics Knowing what happened on a device is only half the story—proving who was behind the activity is critical.

On Dec 3, join us for our next episode of #LegalUnpacked, where Justin Fitzsimmons will focus on how to draft search warrants specifically designed to uncover evidence of user attribution.

Save your spot here: ow.ly/hRSM50XALPi

#DFIR

Week 48 – 2025 Inside the Salesloft-Drift Breach: What It Means for SaaS & Identity SecurityIn this session, Permiso’s CTO will cover:- How attackers moved from GitHub → AWS → Salesforce using stolen OAuth to…

Week 48 - 2025 #DFIR
thisweekin4n6.com/2025/11/30/w...

DF/IR Investigative Mindset Course

If you want to develop how you think, not just what to click in DFIR work, this is it.

On-demand course, take it anytime over the next year.
One-day opportunity, Black Friday only.
Only 50 spots, because I’m only printing 50 signed hardcovers.

www.suspectbehindthekeyboard.com/mindset

#DFIR

I fell in love at first sight.
Then I realized the timestamp was in UTC and I was mistaken.

In this #CustomerStory, find out how Vigo County High Tech CyberCrime Unit is using #MagnetReview to get #DigitalEvidence into the hands of their investigators faster than ever.

Want to dive deeper into their story? Read the written case study here: ow.ly/3MQx50XtNI4 #DFIR

You'd think, right?

I spent two years in litigation hell. Trial was worse.

Thirty years of courtroom experience made me cocky, but the court fixed that.

This is the first and only time I talk about this case, as this is the case that made me think of quitting DFIR.

brettshavers.com/brett-s-blog...

In case you missed it last week, a new Arsenal Image Mounter (v3.12.331) has been released with a long list of improvements for #DFIR practitioners including Arm on Arm virtualization. You can see some highlights in our Insights article at arsenalrecon.com/insights/qui....

I once beat a 20-year DFIR forensic expert in court. Not because I was better, but because I had a $1,500 certificate. → www.suspectbehindthekeyboard.com/fighting-cit...

TBH. I enjoy seeing typos in anything online. It is a subtle hint that a human wrote it and made a human error with a human touch that AI cannot reproduce (yet).

The prose layout of perfected AI content with "em dashes" and "brutal truths" are tiresome and speak to no one.

Are you a #DFIR practitioner in the New England area? Want to see Arsenal Image Mounter’s new functionality in person? Contact us & let’s set something up soon so you can see Arm on Arm virtualization, AIM Remote Agent enhancements, & more! arsenalrecon.com

Week 44 – 2025 Inside the Salesloft-Drift Breach: What It Means for SaaS & Identity SecurityIn this session, Permiso’s CTO will cover:- How attackers moved from GitHub → AWS → Salesforce using stolen OAuth to…

Week 44 – 2025 #DFIR
thisweekin4n6.com/2025/11/02/w...

Do you have a digital forensics workstation running Windows on Arm (WoA) in your lab yet? We have some thoughts about this towards the end of our latest Insights article at arsenalrecon.com/insights/qui.... Let’s discuss! #DFIR

I got a little luv and a wink today.
www.youtube.com/watch?v=K5D1... @abrignoni.com @charpy4n6.bsky.social #DFIR

I'm charging my client 2x for making me miss this today. www.youtube.com/watch?v=K5D1... @abrignoni.com @charpy4n6.bsky.social #DFIR

Time is almost up to participate in our State of Enterprise #DFIR survey!

Complete the survey before Oct 31 to let us know your thoughts on the latest developments in DFIR along with emerging threats, operational challenges, and areas for improvement: ow.ly/6hV750XgYic

Keep in mind, AIM Remote Agent also runs on Windows on Arm… so in addition to attaching WoA disk images & actual physical disks to AIM locally, WoA disks can be connected to AIM across a network when their hosts are booted safely with (e.g.) WinFE! #DFIR

Ever wonder what happens when a DFIR investigator ends up on the other side of the case file?

I fought city hall, literally, and learned DFIR lesasons no training ever covered.

www.suspectbehindthekeyboard.com/fighting-cit...

Ever try to out-document a team of Harvard attorneys?
It’s like fighting gravity with paper cuts.

Still, it works if you know the rules.

DFIR comes down to one thing.

Week 43 – 2025 Inside the Salesloft-Drift Breach: What It Means for SaaS & Identity SecurityIn this session, Permiso’s CTO will cover:- How attackers moved from GitHub → AWS → Salesforce using stolen OAuth to…

Week 43 – 2025 #DFIR
thisweekin4n6.com/2025/10/26/w...

Your Lab Is Ready: Free Evidence Samples + Free Software to Work Practice Cases. Yesterday’s release of the free forensic test images and CTFs took off fast. Downloads, shares, and discussions across social media haven’t slowed down. Over 38,000 views in just 2 days. Goodness.Tha...

Need free or demo forensic tools to go through that data? Here you go!

www.dfir.training/blog/your-la...

If you got no plans for the weekend....here's this!

TERABYTES OF FREE FORENSIC TEST IMAGES AND HUNDREDS OF CTFs!
www.dfir.training/downloads/te... #DFIR #digitalforensics

Week 42 – 2025 Inside the Salesloft-Drift Breach: What It Means for SaaS & Identity SecurityIn this session, Permiso’s CTO will cover:- How attackers moved from GitHub → AWS → Salesforce using stolen OAuth to…

Week 42 - 2025 #DFIR thisweekin4n6.com/2025/10/19/w...

AI Assisted Forensics & Forensics on AI Systems at DFRWS APAC! 🧠 Papers on LLMs timeline analysis, investigating local AI apps, & new comms data tools. See the full program! 👉 Reserve your seat: https://dfrws.org/conferences/dfrws-apac-2025/ #research #dfrws #DFIR #apac #digitalforensics #seoul

AI Assisted Forensics & Forensics on AI Systems at DFRWS APAC! 🧠 Papers on LLMs timeline analysis, investigating local AI apps, & new comms data tools. See the full program!

👉 Reserve your seat: buff.ly/JV23sUN
#research #dfrws #DFIR #apac #digitalforensics #seoul #korea

Week 41 – 2025 Inside the Salesloft-Drift Breach: What It Means for SaaS & Identity SecurityIn this session, Permiso’s CTO will cover:- How attackers moved from GitHub → AWS → Salesforce using stolen OAuth to…

Week 41 - 2025 #DFIR
thisweekin4n6.com/2025/10/12/w...

#DFIR is facing a huge inflection point and no one knows that like those who are living it day in and day out.

We’ve just opened our survey for our State of #EnterpriseDFIR Report until Oct 31 and your insights are incredibly valuable: ow.ly/NBsa50X9eCv

Week 40 – 2025 Inside the Salesloft-Drift Breach: What It Means for SaaS & Identity SecurityIn this session, Permiso’s CTO will cover:- How attackers moved from GitHub → AWS → Salesforce using stolen OAuth to…

Week 40 - 2025 #DFIR

thisweekin4n6.com/2025/10/05/w...

Introducing the new Magnet Nexus hybrid collection agent Enjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.

The new #MagnetNexus hybrid collection agent gives #DFIR teams the flexibility to collect data from remote endpoints using either cloud-powered workflows with Nexus or on-prem workflows with #AxiomCyber, all with a single, lightweight endpoint agent: ow.ly/kKWr50X6gsW