This week I talk about SVCHOST. This Windows core process is one of the most targeted artifacts that comes up again and again during investigations.
This week I go over how to approach windows core processes from the standpoint of fast triage methodology. Since these processes are found on all window systems it makes sense to develop and investigative approach that focuses on quickly reviewing each process for anomalies.
This week I talk about the investigative value of creating a mobile compromise assessment strategy.
This week I share my thoughts on DFIR job interviews. How to prepare. Things to consider. Pitfalls to avoid.