This week I talk about network share access events and lateral movement detection.
This week Jason Roslewicz from SUMURI returns for some cloud talk.
This week I talk about the exploitation of the Windows Management Instrumentation application.
This week Chris Currier and I talk about mobile forensics and protocol buffers.
This week I cover Windows events commonly associated with data spoliation and insider threats.
This week Jason Roslewicz from SUMURI returns for some ransomware talk.
This week I Cover my all-time favorite Windows event, security event 4688: new process creation. If you do windows, incident, response, forensics, this is a must-know know artifact.
This week I talk about SVCHOST; how it fits into the Windows operating system, and how to think about it from a DFIR point of view.
This week I talk with Interview with Yugal Pathak about organizational forensic readiness.
This week I talk about the role and typical responsibilities DFIR professionals may be called up to take to assist with a zero-day response.
This week Jason Roslewicz from SUMURI returns to talk more about AI issues.
This week I break down the Windows System Resource Usage Monitor from a DFIR point of view.
This week I cover some malware detection methods for Linux.
This week I talk about different ways to approach windows process triage. There are so many processes, especially in enterprise environments, having a standard approach that is fast and effective is key for security incident response.
This week Jason Roslewicz from SUMURI shares his insights about the impact of artificial intelligence and provides advice for navigating through changing times.
This week is a Windows artifact breakdown on a common source of evidence.
This week I cover malware on Linux file systems for new examiners.
This week is a guide to understanding SVCHOST from a DFIR point of view. It is one of the most abused Windows processes, and having a firm working knowledge for investigations is essential.
This week is a Windows artifact breakdown on a common source of evidence.
This week I cover the Linux file system for new examiners.
This week I breakdown the elements within a standard CVSS report for fast triage application.
This week I talk about how to triage Windows events for network connection activity.
This week I talk about how to approach investigations involving remote desktop connections.
This week I talk about Windows core processes from a DFIR point of view.
This week I talk about Powershell attack IOCs.