Dec 31, 2019
This week I talk about dealing with Base64 evidence.
Dec 24, 2019
This week I talk about identifying REGSVC \ REGASM abuse
Dec 17, 2019
This week I talk about different types of audit log clearing and detection strategies
Dec 10, 2019
This week I talk about using Hashdeep for forensic triage
Dec 3, 2019
This week I talk about LMD, an openly available tool to increase Linux security posture.
Nov 26, 2019
This week I talk about network forensic methodology.
Nov 19, 2019
This week I talk about autoLLR, a script to automate evidence collection on live Linux systems as well as artifact post processing.
Nov 15, 2019
This week I talk about the Windows Background Activity Monitor, an artifact that may be used to find evidence of execution.
Nov 5, 2019
This week I talk about some issues surrounding powershell when used as a digital forensic collection tool.
Oct 29, 2019
This week I talk about LOKI, a tool designed to help analyst scan for APT IOCs.
Oct 22, 2019
This week I talk about KAPE, a freely available forensic evidence collection and triage tool.
Oct 15, 2019
This week I talk about the common Linux file systems and what to expect when dealing with different hosts.
Oct 9, 2019
This week I go over how to create a boot disk using the native capability of Ubuntu. You'll never have to rely on third-party tools again!
Oct 1, 2019
This week I breakdown container attack vectors for Cloud Incident Response.
Oct 1, 2019
This week I breakdown the SUDOERS file for forensic triage.
Oct 1, 2019
This week I talk about Powershell through the lens of the Service Control Manager.
Oct 1, 2019
This week I talk about NVMe, a data storage technology, from a forensic point of view.
Sep 30, 2019
This week I cover how to approach Linux binaries during investigations.
Aug 27, 2019
This week I continue the series about the DFIR changes on the horizon with cloud technology and focus on AWS EC2 forensics.
Aug 20, 2019
This week I talk about using WMI to create processes remotely.
Aug 13, 2019
This week I talk about Density Scout, an open source tool for malware triage.
Aug 6, 2019
This week I cover a resource you can use to develop windows remote execution triage methodology and threat hunting.
Jul 30, 2019
This week I talk about the Windows credential guard process.
Jul 23, 2019
This week I talk about OWASP's Number 10 vulnerability category from their top 10 list, insufficient logging and monitoring.
Jul 16, 2019
This week I talk about the most frequently seen attacker recon commands.