Info

Digital Forensic Survival Podcast

Listen to talk about computer forensic analysis, techniques, methodology, tool reviews and more.
RSS Feed
Digital Forensic Survival Podcast
2022
January


2021
December
November
October
September
August
July
June
May
April
March
February
January


2020
December
November
October
September
August
July
June
May
April
March
February
January


2019
December
November
October
September
August
July
June
May
April
March
February
January


2018
December
November
October
September
August
July
June
May
April
March
February
January


2017
December
November
October
September
August
July
June
May
April
March
February
January


2016
December
November
October
September
August
July
June
May
April
March
February


All Episodes
Archives
Now displaying: 2021
Jul 6, 2021

This week I’m doing another walk-through to illustrate how standard triage methodology can detect advanced attack techniques. Sometimes as a newer examiner, it’s easy to become overwhelmed with the technical detail necessary to understand and attack. It’s also easy to become discouraged and convince yourself that it’s way too complicated for your current skill set and you may not even feel useful as a team member. This episode is going to dispel all of that and show you how a focus on the standard fast triage method provides all the knowledge you need to detect and advanced breach into an environment.

Jun 29, 2021

This week I’m covering malware fast triage. It occurred to me that I should revisit this issue for a couple of different reasons. I remember covering this many years ago and I believe that’s why I haven’t thought about doing anything on it lately. However, it does go hand-in-hand with the Windows fast triage series that I am doing. Part of that strategy is to look for “common malware patterns.” In an effort to maximize what the listeners get from the episodes I figured this topic definitely needs to be revisited so that when I use that term, you are at least clear on what I mean by it and the method it represents.

Jun 22, 2021

This week is about the top threats to cloud computing.

Jun 15, 2021

This week is a continuation of the Windows fast triage miniseries. While other aspects of the triage miniseries had fairly contained artifacts to examine, new process triage presents a large and complex landscape to the analyst. I have already broken down a number of effective analysis methods to make this more manageable. This week I focus on key applications to look for during a review. These applications tend to be associated more with malicious activity, at least according to threat intelligence research, so being aware of them and recognizing the potential is important. I also spend some time talking about the nuances of CMD.

Jun 8, 2021

A while back I did an episode on “learning from the red team” which focused on methods blue team members can utilize to better understand attacks and the artifacts affected by those attacks. One of the advantages of this method that I did not mention in that episode was how to use open source vulnerability scanners for the same purpose. This week, will be part two and I will go over freely available resources and the method to help you gain better insight into forensic artifacts.

Jun 1, 2021

This week is about how size up a reported vulnerability quickly.

May 25, 2021

This week I tackle .NET. It is an ecosystem that is associated with malicious Powershell activity.

May 18, 2021

This week I revisited powershell from a process fast triage context.

May 11, 2021

This week is about the top threats to cloud computing.

May 4, 2021

This week I continue with the fast triage method for processes with a focus on historical records.

Apr 27, 2021

This week I cover threat modeling from a DFIR point-of-view. It provides a standard framework to classify and rate the severity of vulnerabilities discovered during investigations.

Apr 20, 2021

This week I run through a threat intel resource you may use for standardized attack information.

Apr 13, 2021

This week I revisit Svchost and the triage methods to apply.

Apr 6, 2021

This week is about the top threats to cloud computing.

Mar 30, 2021

This week is a case study that demonstrates the power behind IR fundamental methodology.

Mar 23, 2021

This week I continue with the fast triage method for processes with a focus on, well, everything else!

Mar 16, 2021

This week is about the top threats to cloud computing.

Mar 9, 2021

This week is about preparing for Golden SAML attacks for both Incident Response and Threat Hunting.

Mar 2, 2021

This week is about applying basic statistical analysis to threat hunting. The results are effective!

Feb 23, 2021

This week is about theatrics in security and how to avoid the trap.

Feb 16, 2021

This week I revisit Windows Core Processes and the triage methods to apply to them.

Feb 9, 2021

This week I talk about vulnhub, a free resource to practice ethical hacking skills and sharpen your DFIR skills.

Feb 2, 2021

This week I revisit Windows Core Processes and the triage methods to apply to them.

Jan 26, 2021

This week is the fourth part of the Network-Fast-Triage mini-series. In this installation I cover triage techniques for Windows event logs that record blocked network activity.

Jan 19, 2021

This week is about supply chain security posture from a DFIR point-of-view.

« Previous 1 2 3 Next »