Info

Digital Forensic Survival Podcast

Listen to talk about computer forensic analysis, techniques, methodology, tool reviews and more.
RSS Feed
Digital Forensic Survival Podcast
2022
August
July
June
May
April
March
February
January


2021
December
November
October
September
August
July
June
May
April
March
February
January


2020
December
November
October
September
August
July
June
May
April
March
February
January


2019
December
November
October
September
August
July
June
May
April
March
February
January


2018
December
November
October
September
August
July
June
May
April
March
February
January


2017
December
November
October
September
August
July
June
May
April
March
February
January


2016
December
November
October
September
August
July
June
May
April
March
February


All Episodes
Archives
Now displaying: June, 2022
Jun 28, 2022

This week is about bash history forensics.

Jun 21, 2022
In the past I’ve talked about fast triage from a high-level, addressing the different artifacts and some interesting elements in each of those artifacts. I decided to start going a bit deeper and focus on one or a few artifacts at a time and really talk about the important details they may record for your investigation and how to interpret that information quickly. I’m going to start with the New Service Installation details recorded in Windows event logs. These have a number of advantages for your triage methodology and I will have all the details coming up.
Jun 14, 2022

Every so often I like to revisit certifications. Everyone seems to have their own opinion as to the value of one certification over another, whether or not certifications should carry as much weight as they do, or preference of certain certifications over others, and so on. In this episode I’m sharing my thoughts on the topic as well as how I would approach certifications if I were new in the field but also retained everything I have learned over the years about the impact certifications have or can have on your career.

Jun 7, 2022
This week is a back to basics episode where I cover Windows shell bags. This is a core Windows artifact that gets included in pretty much  every file use and knowledge investigation. Any investigation where you’re looking to tie a specific account to directory access activity. Like most Windows artifacts you must know how user interaction affects the artifact in order to properly interpreted as evidence and you must also be aware of any caveats or pitfalls that may affect your evidence. Spoiler alert, there is a huge one associated with Windows shell bags that I’ll cover at the end of the episode-it’s nothing new but if you’re unfamiliar with it you definitely need to know about it.
1