Info

Digital Forensic Survival Podcast

Listen to talk about computer forensic analysis, techniques, methodology, tool reviews and more.
RSS Feed
Digital Forensic Survival Podcast
2022
June
May
April
March
February
January


2021
December
November
October
September
August
July
June
May
April
March
February
January


2020
December
November
October
September
August
July
June
May
April
March
February
January


2019
December
November
October
September
August
July
June
May
April
March
February
January


2018
December
November
October
September
August
July
June
May
April
March
February
January


2017
December
November
October
September
August
July
June
May
April
March
February
January


2016
December
November
October
September
August
July
June
May
April
March
February


All Episodes
Archives
Now displaying: April, 2022
Apr 26, 2022

This week I’m talking about SRUM, a Windows artifact that you don’t hear that much about. It has a lot of great potential as evidence and it is something worth the time to check it out and see how it fits into your daily DFIR work.

Apr 19, 2022
This week is some thoughts on live evidence integrity. Years ago evidence validation was fairly standard with few exceptions. Nowadays it’s more of a challenge when considering live evidence collections either on scene, remotely or even in lab environments where physical level access to your evidence is becoming more the exception. It is something that needs to be part of your collection process as it may impact the reliability of your results. 
Apr 12, 2022
This week I will talk about investigating data spill cases involving exposed URLs. This is a typical privacy investigation many incident response teams handle and I thought it would be useful to go over some standard guidelines for handling such cases. To be effective with these investigations you need to know how to determine liability and responsibility, a little Google foo, and a number of odds and ends concerning mitigation, containment and remediation strategies depending on what you are dealing with.
Apr 5, 2022

This week I’m going to cover detecting lateral movement using Windows event logs. This is not the Windows fast triage method I covered in previous episodes. This is more in-depth and focuses on specific attack tools and strategies seen in actual cases. Going into this level of detail is beyond the scope of a typical episode, however there is some research that has very granular details on the tools and methods you can use. I’ll have that coming up right after this.

1