Info

Digital Forensic Survival Podcast

Listen to talk about computer forensic analysis, techniques, methodology, tool reviews and more.
RSS Feed
Digital Forensic Survival Podcast
2024
March
February
January


2023
December
November
October
September
August
July
June
May
April
March
February
January


2022
December
November
October
September
August
July
June
May
April
March
February
January


2021
December
November
October
September
August
July
June
May
April
March
February
January


2020
December
November
October
September
August
July
June
May
April
March
February
January


2019
December
November
October
September
August
July
June
May
April
March
February
January


2018
December
November
October
September
August
July
June
May
April
March
February
January


2017
December
November
October
September
August
July
June
May
April
March
February
January


2016
December
November
October
September
August
July
June
May
April
March
February


All Episodes
Archives
Now displaying: 2022
Dec 27, 2022

This week I talk about how to triage Windows events for network listening activity.

Dec 20, 2022

This week I talk about an approach for reviewing Windows event logs.

Dec 13, 2022

This week I talk about an approach for reviewing CMD syntax for findings.

Dec 6, 2022

This week I talk about essential network basics necessary for triage.

Nov 29, 2022

This week I talk about Webshell forensics.

Nov 22, 2022

This week I talk about Webshell forensics.

Nov 15, 2022

This week I talk about Windows startup locations.

Nov 8, 2022

This week I talk about Windows Prefetch forensics.

Nov 1, 2022

This week I talk about fileless attacks Linux systems.

Oct 25, 2022

This week I talk about how to find evidence of malicious autoruns in the windows registry using Windows event codes.

Oct 18, 2022

This week I talk about strategies to determine root cause early during an investigation.

Oct 11, 2022

This week is a breakdown of HTTP log forensic triage.

Oct 4, 2022

This week I talk about finding evidence of Kernel file masquerading on Linux systems.

Sep 27, 2022

This week I talk about how to find evidence of malicious autoruns in the windows registry.

Sep 20, 2022

This week I talk about the forensic value of the Apple Spotlight DB.

Sep 13, 2022

When you talk autoruns you must talk about the Windows registry. This artifact is very dense and it may be difficult to zero in on the elements that are important for compromise assessment. Given that, I am going to begin the series with a breakdown of the Windows Registry from a DFIR point of view. This is crucial in understanding ...

Sep 6, 2022

This week I talk about the attack methodology known as Fast Flux.

Aug 30, 2022

This week’s focus is on other scheduled task events useful for DFIR triage.

Aug 23, 2022

This week I talk about a popular Windows utility attackers often exploit.

Aug 16, 2022

This week I breakdown the SUDOERS file for forensic triage.

Aug 9, 2022

This week’s focus is on new scheduled tasks, which are a common way of establishing longevity on system. I will have my breakdown of the artifact and how to interpret it for fast analysis coming up….

Aug 2, 2022

The must-attend event for Cyber First Responders who must detect and deal with ransomware, zero-day events, and more!

Jul 26, 2022

This week I talk about the Windows Background Activity Monitor, an artifact that may be used to find evidence of execution.

Jul 19, 2022

This week I breakdown CRON for the uninitiated.

Jul 12, 2022

This week is about persistence artifacts. Namely the records for when services fail to start, are either started or stopped, have crashed have had their start type changed. Since services are one of the common ways attackers achieve persistence, understanding how these events may be used for triage purposes is very important...

1 2 3 Next »