Info

Digital Forensic Survival Podcast

Listen to talk about computer forensic analysis, techniques, methodology, tool reviews and more.
RSS Feed
Digital Forensic Survival Podcast
2024
December
November
October
September
August
July
June
May
April
March
February
January


2023
December
November
October
September
August
July
June
May
April
March
February
January


2022
December
November
October
September
August
July
June
May
April
March
February
January


2021
December
November
October
September
August
July
June
May
April
March
February
January


2020
December
November
October
September
August
July
June
May
April
March
February
January


2019
December
November
October
September
August
July
June
May
April
March
February
January


2018
December
November
October
September
August
July
June
May
April
March
February
January


2017
December
November
October
September
August
July
June
May
April
March
February
January


2016
December
November
October
September
August
July
June
May
April
March
February


All Episodes
Archives
Now displaying: July, 2024
Jul 30, 2024

CIS (Center for Internet Security) Benchmarks provide a comprehensive set of best practices for securing IT systems and data, which are vital for security response investigations. These benchmarks, developed through a consensus-driven process by cybersecurity experts, offer detailed guidelines for configuring operating systems, applications, and network devices to enhance their security posture. In the context of security response investigations, adhering to CIS Benchmarks helps ensure that systems are resilient against common threats and vulnerabilities. By implementing these benchmarks, organizations can better detect, respond to, and recover from security incidents, thereby minimizing potential damage and improving overall cybersecurity hygiene.

Jul 23, 2024

Business Email Compromise (BEC) forensics involves the meticulous investigation of cyberattacks where attackers infiltrate email systems to manipulate business communications for financial gain. These attacks often entail phishing, social engineering, and credential theft to impersonate trusted entities within or outside an organization. Forensic analysis of BEC incidents focuses on tracing the attacker's entry point, examining email headers, metadata, and logs to uncover the methods used for unauthorized access. It also involves identifying compromised accounts, understanding the scope of the attack, and preserving evidence for legal proceedings. Effective BEC forensics is crucial for mitigating financial losses, strengthening cybersecurity defenses, and preventing future incidents.

Jul 16, 2024

Remote Desktop Protocol (RDP) is a crucial artifact in digital forensics due to its extensive use for remote system access. Analyzing RDP activities can uncover vital information about unauthorized access, insider threats, and attacker lateral movement within a network. Forensic examination of RDP logs enables investigators to trace an attacker's steps, identify compromised accounts, and assess the breach's extent. For instance, RDP forensics can detect brute force attacks on login credentials, track the use of stolen credentials, and monitor suspicious reconnection attempts to previously established sessions.

Jul 9, 2024

This week, I will be discussing the Linux operating system from a DFIR perspective. It is highly recommended for every examiner to become proficient in Linux, especially with the increasing prevalence of cloud-based infrastructures in enterprise environments. As these platforms become the norm, you can expect to encounter Linux systems frequently during your investigations.

Jul 2, 2024

In Windows forensics, understanding the intricacies of autorun functionalities and the Windows Registry is essential for effective incident response and investigation. Autorun mechanisms, which allow programs to execute automatically when the system starts or specific actions are performed, can be exploited by malicious actors to persist on a system. The Windows Registry, a hierarchical database that stores low-level settings for the operating system and applications, plays a crucial role in tracking these autorun entries. Forensic analysis of the Windows Registry can reveal information about auto-starting applications, system configurations, and user activities, providing insights into potential security breaches and unauthorized changes.

1