Apr 25, 2017
This week I take you through some of the "pain points" of using VirtualBox as a forensic machine virtualization platform. VirtualBox is freely available and is a great tool to scale your lab and field systems at a low cost. VirtualBox does not have the "easy" buttons the pay tools have but do not let that stop you. In this episode I talk about the solutions that will have you up and running.
Apr 18, 2017
This week I talk Firefox forensics and identify the artifacts examiners need to know about.
Apr 11, 2017
This week I’m talking about the Windows browser some are still surprised to learn about, MS Edge. Windows 10 comes with two browsers and in this week’s podcast I’m going to go over one of them, MS Edge, and what computer forensic examiners need to know about it.
Apr 4, 2017
This week I talk about surviving Windows Thumbcache forensics. A great source of evidence for File Use & Knowledge investigations.
Mar 28, 2017
This week I talk Linux forensics and breakdown some useful artifacts that may generate leads for investigations.
Mar 21, 2017
This week I talk about a methodology to collect webmail using freely available tools as well as the things you must consider before you do so.
Mar 14, 2017
This week I go over my survival tips for imaging solid state drives (SSDs).
Mar 7, 2017
This week I talk about threat intelligence tool Hostintel by Keith Jones.
Feb 28, 2017
This week I share some thoughts on how to approach DFIR conferences to maximize the experience. There are many to choose from and having an analytical approach may get you exactly what you want for your time and money.
Feb 21, 2017
This week I talk about my favorite Volatility plugins for File Use & Knowledge investigations to get at the volatile evidence most often targeted during a dead box exam.
Feb 14, 2017
This week I talk about FreeMind, a freely available visualization tool that can be used to enhance the computer forensic investigation process.
Feb 7, 2017
This week I talk about an openly available library and tool repository all examiners should be aware of as well as a tool by Didier Stevens called "AnalyzePESig" which is perfect for bulk analysis of executables on Windows systems.
Jan 31, 2017
This week I talk File Use & Knowledge investigations involving virtual machines. This is mainly from a dead-box exam point-of-view.
Jan 24, 2017
This week I talk about SRUM, a windows artifact with some significant forensic value for both File Use & Knowledge investigations as well as Incident Response.
Jan 17, 2017
This week I talk about considerations for digital evidence integrity when collection evidence on-scene from a live system.
Jan 10, 2017
This week I talk about surviving mobile App timestamps.
Jan 3, 2017
This week I share my thoughts on setting DFIR goals for the coming year. I go over seven points worth focusing on for professional development.
Dec 27, 2016
This week I talk DMA (direct memory access) exploits as a technique to bypass passwords of a live system to conduct imaging - with legal authority of course.
Dec 20, 2016
This week I talk about a useful automated file intelligence resource for dead box exam as well as IR investigations.
Dec 13, 2016
This week I go over survival tips for imaging a Mac.
Dec 6, 2016
This week I about the format change for Windows 10 Prefetch files as well as a freely available tool to decompress and present .pf file data.
Nov 29, 2016
This week I'm talking .Trash. I cover the forensic basics of this Mac artifact that examiners need to know.
Nov 22, 2016
This week I talk about Mac Log files that are useful for File Use & Knowledge investigations as well as Incident Response.
Nov 15, 2016
This week I talk about Apache weblogs and a great resource for foundational knowledge at aid newer examiners with forensic analysis. In addition, big news for the SDF series!
Nov 8, 2016
This week it's back to Mac forensics with a look at the the Finder Sidebar and it's value for File Use & Knowledge investigations.