Brett Shavers brettshavers - Bluesky Statics

Thanks for joining!

25.02.2026 06:20 — 👍 1 🔁 0 💬 0 📌 0

On Feb 24 at Magnet's FREE virtual summit, @dwmetz.bsky.social and I will be talking about DF and IR, but not about "DFIR", if you know what I mean. magnetvirtualsummit.com/registration... #DFIR

20.02.2026 17:45 — 👍 2 🔁 2 💬 1 📌 0

Investigative Decision-Making in #DFIR.
Thursday. Feb 5, 2026. 11AM PT.
A 24-hour replay, and then it's gone.
You will see attribution in a totally different light.
www.suspectbehindthekeyboard.com/offers/fUKjJ...

03.02.2026 22:24 — 👍 0 🔁 0 💬 1 📌 0

Eventually, human-created content (audio, visual, written word) is going to become really expensive.

22.01.2026 04:12 — 👍 1 🔁 0 💬 0 📌 0

📢 Publication du FACT Attribution Framework v1.0 pour relier preuves numériques et attribution humaine
📝 Selon la notice de publication of…
https://cyberveille.ch/posts/2025-12-10-publication-du-fact-attribution-framework-v1-0-pour-relier-preuves-numeriques-et-attribution-humaine/ #DFIR #Cyberveille

11.12.2025 10:30 — 👍 1 🔁 1 💬 0 📌 0

accurate

16.01.2026 06:24 — 👍 1 🔁 0 💬 0 📌 0

Sharing #DigitalEvidence shouldn’t slow a case down. With Portable Case, you can securely share case data—without needing full forensic tools.

Learn about some of the most powerful features of Portable Case and see how they can be particularly effective for investigators: ow.ly/9aZQ50XXnmt

15.01.2026 17:45 — 👍 1 🔁 1 💬 0 📌 0

haha because true!

12.01.2026 14:48 — 👍 0 🔁 0 💬 0 📌 0

The DFIR Three-Body Problem Let me first interject first this so you don’t miss it - Magnet MVS 2026 The Magnet Virtual Summit 2026 is free (Feb 23–26). When you register, you’re entered to win a full year of Magnet Forensics tr...

The same people who pushed you for speed during the primary incident will ask you, with a straight face, why you didn’t preserve the things they now need.
www.linkedin.com/pulse/dfir-t... #DFIR

12.01.2026 04:53 — 👍 4 🔁 2 💬 2 📌 0

Week 02 – 2026 No sponsor this week. If your organisation is interested, head over here to find out more. Akash PatelCase Studies: Building Effective Timelines with Plaso (Log2Timeline) Christian Peter“Far over t…

Week 02 - 2026 #DFIR
thisweekin4n6.com/2026/01/11/w...

11.01.2026 11:53 — 👍 2 🔁 3 💬 0 📌 0

Week 01 – 2026 Strengthen Your Identity Posture Before Attackers Find the GapsIn this cheat sheet, you’ll discover:• The four highest-risk identity categories to remediate today.• A step-by-step ISPM maturity mod…

Week 01 - 2026 #DFIR
thisweekin4n6.com/2026/01/04/w...

04.01.2026 10:31 — 👍 2 🔁 2 💬 0 📌 0

What a world where we have to edit 3x more than usual to make sure we don't sound like AI, then eventually, we start sounding like AI in our writing...

It's almost to the point of having to intentionally plant errors in our writing, but eventually, AI will do that too to avoid sounding like itself.

30.12.2025 20:29 — 👍 3 🔁 0 💬 1 📌 0

Your DF/IR Tool Can’t Tell You Who Did It. FACT Tells You When You’re Allowed To. DF/IR doesn’t usually fail on the technical work. It fails at the exact moment someone gets impatient and confuses activity with identity, and then confuses identity with attribution. “This account di...

Your #DFIR report is fine… until you name a person.
brettshavers.com/brett-s-blog...

14.12.2025 23:10 — 👍 1 🔁 0 💬 0 📌 0

Week 50 – 2025 Strengthen Your Identity Posture Before Attackers Find the GapsIn this cheat sheet, you’ll discover:• The four highest-risk identity categories to remediate today.• A step-by-step ISPM maturity mod…

Week 50 - 2025 #DFIR
thisweekin4n6.com/2025/12/14/w...

14.12.2025 11:47 — 👍 2 🔁 1 💬 0 📌 0

Tie the Act to the Actor — DFIR Soundtrack (Official Music Video) - YouTube Track 1: Tie the Act to the ActorTrack 2: Pattern of LifeTrack 3: Tracing Criminals OnlineTrack 4: Investigative MindsetTrack 5: CaseworkTrack 6: Order of Vo...

Soundtrack for #DFIR get into the mood.
www.youtube.com/playlist?lis...

09.12.2025 01:17 — 👍 1 🔁 0 💬 0 📌 0

An Attribution Framework for #DFIR.
zenodo.org/records/1774...

08.12.2025 21:38 — 👍 0 🔁 0 💬 0 📌 0

I was on Darknet Diaries Ep. 165! Learn about dumb buildings with malware, how going to the dentist can get you in hot water, and that sharing breach information can you get buy in with software developers.
YouTube: https://twp.ai/9PYHxj
Or any podcast platform

06.12.2025 03:56 — 👍 13 🔁 3 💬 2 📌 0

Legal Unpacked E3: Proving who was holding the phone: Drafting warrants that explain the need for user attribution - Magnet Forensics Knowing what happened on a device is only half the story—proving who was behind the activity is critical.

On Dec 3, join us for our next episode of #LegalUnpacked, where Justin Fitzsimmons will focus on how to draft search warrants specifically designed to uncover evidence of user attribution.

Save your spot here: ow.ly/hRSM50XALPi

#DFIR

02.12.2025 16:20 — 👍 1 🔁 1 💬 0 📌 0

Week 48 – 2025 Inside the Salesloft-Drift Breach: What It Means for SaaS & Identity SecurityIn this session, Permiso’s CTO will cover:- How attackers moved from GitHub → AWS → Salesforce using stolen OAuth to…

Week 48 - 2025 #DFIR
thisweekin4n6.com/2025/11/30/w...

30.11.2025 11:02 — 👍 2 🔁 3 💬 0 📌 0

DF/IR Investigative Mindset Course

If you want to develop how you think, not just what to click in DFIR work, this is it.

On-demand course, take it anytime over the next year.
One-day opportunity, Black Friday only.
Only 50 spots, because I’m only printing 50 signed hardcovers.

www.suspectbehindthekeyboard.com/mindset

#DFIR

24.11.2025 15:59 — 👍 0 🔁 1 💬 0 📌 0

I fell in love at first sight.
Then I realized the timestamp was in UTC and I was mistaken.

21.11.2025 21:00 — 👍 3 🔁 0 💬 0 📌 0

In this #CustomerStory, find out how Vigo County High Tech CyberCrime Unit is using #MagnetReview to get #DigitalEvidence into the hands of their investigators faster than ever.

Want to dive deeper into their story? Read the written case study here: ow.ly/3MQx50XtNI4 #DFIR

18.11.2025 21:35 — 👍 1 🔁 1 💬 0 📌 0

You'd think, right?

14.11.2025 23:17 — 👍 0 🔁 0 💬 1 📌 0

I spent two years in litigation hell. Trial was worse.

Thirty years of courtroom experience made me cocky, but the court fixed that.

This is the first and only time I talk about this case, as this is the case that made me think of quitting DFIR.

brettshavers.com/brett-s-blog...

14.11.2025 18:34 — 👍 1 🔁 2 💬 1 📌 0

In case you missed it last week, a new Arsenal Image Mounter (v3.12.331) has been released with a long list of improvements for #DFIR practitioners including Arm on Arm virtualization. You can see some highlights in our Insights article at arsenalrecon.com/insights/qui....

05.11.2025 16:44 — 👍 1 🔁 1 💬 0 📌 0

Fighting City Hall: DFIR Lessons from a Pro se Plaintiff

I once beat a 20-year DFIR forensic expert in court. Not because I was better, but because I had a $1,500 certificate. → www.suspectbehindthekeyboard.com/fighting-cit...

03.11.2025 20:22 — 👍 2 🔁 0 💬 0 📌 0

TBH. I enjoy seeing typos in anything online. It is a subtle hint that a human wrote it and made a human error with a human touch that AI cannot reproduce (yet).

The prose layout of perfected AI content with "em dashes" and "brutal truths" are tiresome and speak to no one.

03.11.2025 18:46 — 👍 1 🔁 0 💬 0 📌 0

Are you a #DFIR practitioner in the New England area? Want to see Arsenal Image Mounter’s new functionality in person? Contact us & let’s set something up soon so you can see Arm on Arm virtualization, AIM Remote Agent enhancements, & more! arsenalrecon.com

03.11.2025 14:17 — 👍 1 🔁 1 💬 0 📌 0

Week 44 – 2025 Inside the Salesloft-Drift Breach: What It Means for SaaS & Identity SecurityIn this session, Permiso’s CTO will cover:- How attackers moved from GitHub → AWS → Salesforce using stolen OAuth to…

Week 44 – 2025 #DFIR
thisweekin4n6.com/2025/11/02/w...

02.11.2025 11:27 — 👍 1 🔁 2 💬 0 📌 0

Do you have a digital forensics workstation running Windows on Arm (WoA) in your lab yet? We have some thoughts about this towards the end of our latest Insights article at arsenalrecon.com/insights/qui.... Let’s discuss! #DFIR

02.11.2025 18:54 — 👍 1 🔁 1 💬 1 📌 0

Posts by Brett Shavers (@brettshavers.bsky.social)