Info

Digital Forensic Survival Podcast

Listen to talk about computer forensic analysis, techniques, methodology, tool reviews and more.
RSS Feed
Digital Forensic Survival Podcast
2024
March
February
January


2023
December
November
October
September
August
July
June
May
April
March
February
January


2022
December
November
October
September
August
July
June
May
April
March
February
January


2021
December
November
October
September
August
July
June
May
April
March
February
January


2020
December
November
October
September
August
July
June
May
April
March
February
January


2019
December
November
October
September
August
July
June
May
April
March
February
January


2018
December
November
October
September
August
July
June
May
April
March
February
January


2017
December
November
October
September
August
July
June
May
April
March
February
January


2016
December
November
October
September
August
July
June
May
April
March
February


All Episodes
Archives
Now displaying: 2016
Dec 27, 2016

This week I talk DMA (direct memory access) exploits as a technique to bypass passwords of a live system to conduct imaging - with legal authority of course.

Dec 20, 2016

This week I talk about a useful automated file intelligence resource for dead box exam as well as IR investigations.

Dec 13, 2016

This week I go over survival tips for imaging a Mac.

Dec 6, 2016

This week I about the format change for Windows 10 Prefetch files as well as a freely available tool to decompress and present .pf file data.

Nov 29, 2016

This week I'm talking .Trash. I cover the forensic basics of this Mac artifact that examiners need to know.

Nov 22, 2016

This week I talk about Mac Log files that are useful for File Use & Knowledge investigations as well as Incident Response.

Nov 15, 2016

This week I talk about Apache weblogs and a great resource for foundational knowledge at aid newer examiners with forensic analysis. In addition, big news for the SDF series!

Nov 8, 2016

This week it's back to Mac forensics with a look at the the Finder Sidebar and it's value for File Use & Knowledge investigations.

Nov 1, 2016

This week I pull back the focus for newer examiners and share some thoughts on creating a system that works for you to organize, and keep readily accessible, all the knowledge you accumulate..... and a few words about Shimcache on Windows 10.

Oct 25, 2016

This week I breakdown iCloud forensic artifacts.

Oct 18, 2016

This week I talk about where to find different listing of different recently accessed files on a Mac as well as how to break out the data for interpretation.

Oct 11, 2016

This week I go over some of my favorite Mac tools.

Oct 4, 2016

This week I talk about some common PLISTS to check as part of an initial system triage.

Sep 27, 2016

This week I talk about common Mac file formats, Libraries and Keychains.

Sep 20, 2016

This week I talk about Mac Home Folders to give Mac Examiners an idea of how it is structured and where to look for certain artifacts.

Sep 13, 2016

This week I talk about OS X's Spotlight feature, a powerful indexing and search engine built into your Mac that may be harnessed for computer forensic purposes.

Sep 6, 2016

This week I talk Apple double files and what to make of them during a forensic exam.

Aug 30, 2016

This week I am taking a breather and doing some planning for future topics. If you have a topic you would like to see covered mention it in the show notes. Full episodes will return the first week of September.

Aug 23, 2016

This week I go over some of my top reasons why Macs should be considered as a computer forensic platform.

Aug 16, 2016

File Juicer is an easy to use data carving tool that runs on OS X. Take most any file, drop it on File Juicer, and watch it spin out embedded image, movie, document files and text. Perfect for on-scene triage, lab work and exploring new file types.

Aug 9, 2016

This is part two of RAM extraction tools. Part 1 looked at why RAM extraction is an important part of forensic analysis. In Part 2 the results of a benchmark experiment with four different RAM Extraction tools is discussed: DumpIt, Belkasoft's RAM Capturer, Magnet RAM Capture and the RAM extraction feature in FTK Imager.

Aug 2, 2016

This episode is a two-parter looking at RAM extraction tools. Part 1 will take a look at why RAM extraction is an important part of forensic analysis. Part 2 will go over an experiment I did with four different tools: DumpIt, Belkasoft's RAM Capturer, Magnet RAM Capture and the RAM extraction feature in FTK Imager.

Jul 25, 2016

This week I take a look at three popular computer forensic suites: FTK, Encase and WinHex. I offer my opinion as to the strengths and weaknesses of each.

Jul 19, 2016

If you take a look at all the different DFIR certifications that exist today you can easily get overwhelmed. There are so many to choose from it puts meaning to the saying that too many choices is no choice at all. In this episode I take a look at digital forensic certifications from two different vantage points to provide a little guidance to those that may be trying to advance themselves through a certification or two.

Jul 12, 2016

For those looking to get some real world hands-on experience in DFIR to build up or expand your skill set, check out honeynet.org. The non-profit offers information and challenges to help sharpen your skills.

1 2 Next »