Info

Digital Forensic Survival Podcast

Listen to talk about computer forensic analysis, techniques, methodology, tool reviews and more.
RSS Feed
Digital Forensic Survival Podcast
2021
November
October
September
August
July
June
May
April
March
February
January


2020
December
November
October
September
August
July
June
May
April
March
February
January


2019
December
November
October
September
August
July
June
May
April
March
February
January


2018
December
November
October
September
August
July
June
May
April
March
February
January


2017
December
November
October
September
August
July
June
May
April
March
February
January


2016
December
November
October
September
August
July
June
May
April
March
February


All Episodes
Archives
Now displaying: 2020
Dec 29, 2020

This week is the third part of the Network-Fast-Triage mini-series. In this installation I cover triage techniques for Windows event logs that record network port-binding.

Dec 22, 2020

This week is the second part of the Network-Fast-Triage mini-series. In this installation I cover triage techniques for Windows event logs that record network connections.

Dec 15, 2020

This week I cover triage techniques for werfault.exe. The process does not have the best documentation which makes it a challenge to triage.

Dec 8, 2020

This week I interview Haseeb Awan, CEO of EFANI, about the rise of SIM swapping attacks. Haseeb explains the attack, how attackers carry it out, and provides some mitigation strategies.

Dec 1, 2020

This week is the first part of the Network-Fast-Triage mini-series. The first installation is the network investigation primer.

Nov 24, 2020

This week I go over a method to detect fileless malware on Linux systems.

Nov 17, 2020

This week I talk utilizing the ExploitDB for DFIR investigations. Searchsploit is a command line search tool for Exploit-DB that allows you the power to perform detailed off-line searches through your locally checked-out copy of the repository. This capability is particularly useful for security assessments on segregated or air-gapped networks without Internet access.

Nov 10, 2020

This week is the last part of the Persistence-Fast-Triage mini-series. The final installation covers Windows startup locations.

Nov 3, 2020

This week I talk about the IR Investigation Lifecycle, or, the elements included within the incident handling process to ensure a complete investigation.

Oct 27, 2020

This week I talk about the use of RUNDLL32 to exploit information files (.INF) to "fetch and execute" malware.

Oct 20, 2020

This week is part 3 of examining the Windows Registry for evidence of persistence and the focus is on Windows Registry Modification Event Records.

Oct 13, 2020

This week I talk about detecting time stomping on Windows and Linux systems.

Oct 6, 2020

This week I talk about examining the Windows Registry for evidence of persistence.

Sep 29, 2020

This week I interview JASON ROSLEWICZ of SUMURI about the hardware that drives your forensics system.

Sep 22, 2020

This week is part 3 of the Mobile Attack series.

Sep 15, 2020

This week I talk about examining the Windows Registry for evidence of persistence.

Sep 8, 2020

This week I talk about the use of Bash commands in crypto-mining attacks.

Sep 1, 2020

This week I talk about detecting persistence via Attack Shimming artifacts.

Aug 25, 2020

This week I interview Steve Whalen of SUMURI about Apple FSEvent artifacts. Learn what they are and how to leverage them for investigations.

Aug 18, 2020

This week I talk about examining Windows Scheduled Task change events for evidence of persistence.

Aug 11, 2020

This week I interview Brian Carrier, SVP & CTO of Basis Technology about his "Divide & Conquer" approach to DFIR investigations.

Aug 4, 2020

This week I talk about examining Windows New Scheduled Task events for evidence of persistence.

Jul 28, 2020

This week Chris of MSAB shares his recommended process for DFIR exam standardization.

Jul 21, 2020

This week I talk about examining Windows Service modification events for evidence of persistence.

Jul 14, 2020

This week I talk about the artifacts and methodology for examining user activity on Windows systems.

1 2 3 Next »