Info

Digital Forensic Survival Podcast

Listen to talk about computer forensic analysis, techniques, methodology, tool reviews and more.
RSS Feed
Digital Forensic Survival Podcast
2022
June
May
April
March
February
January


2021
December
November
October
September
August
July
June
May
April
March
February
January


2020
December
November
October
September
August
July
June
May
April
March
February
January


2019
December
November
October
September
August
July
June
May
April
March
February
January


2018
December
November
October
September
August
July
June
May
April
March
February
January


2017
December
November
October
September
August
July
June
May
April
March
February
January


2016
December
November
October
September
August
July
June
May
April
March
February


All Episodes
Archives
Now displaying: March, 2022
Mar 29, 2022
This week is a back to basics episode where I am going to cover Windows shellbags. This is a core Windows artifact that gets included in pretty much most every file use and knowledge investigation or any investigation where you’re looking to tie a specific account to directory access activity. Like most Windows artifacts you must know how user interaction affects the artifact in order to properly interpreted it as evidence. You must also be aware of any caveats or pitfalls that may affect your evidence. Spoiler alert, there is a huge one associated with Windows shellbags that I’ll cover at the end of the episode-it’s nothing new but if you’re unfamiliar with it you definitely need to know about it.
Mar 22, 2022
This week I am talking about a program language called rust and the advantages it has for DFIR analyst. I’m also covering Chainsaw, a toolset that you can use for Windows event log analysis.
Mar 15, 2022
This week it’s back to basics with a Windows artifact for tracking program execution. I’m covering the user assist key which is a mainstay for both live triage and dead box forensics. This artifact is useful for profiling system usage, identifying malware, and general file use and knowledge applications. There are some caveats you need to be aware of and in this episode I’m covering  five different experiments to document the effects that different types of user activity had on the artifact. If you want to better understand this artifact and how to work with it stay tuned.
Mar 8, 2022
This week I am covering how different common protocols are secured in the cloud. Part of your effectiveness as a security analyst is your knowledge and understanding of how environments work in a typical scenario. I know that all environments are different but there is some foundational knowledge that you can learn that will be useful no matter what environment you’re working. My goal with this episode is to provide you with a better understanding of how insecure protocols are handled in cloud environments.
Mar 1, 2022

This we can talk about Arthir, an open source platform for windows incident response and threat hunting.

1