Info

Digital Forensic Survival Podcast

Listen to talk about computer forensic analysis, techniques, methodology, tool reviews and more.
RSS Feed
Digital Forensic Survival Podcast
2024
March
February
January


2023
December
November
October
September
August
July
June
May
April
March
February
January


2022
December
November
October
September
August
July
June
May
April
March
February
January


2021
December
November
October
September
August
July
June
May
April
March
February
January


2020
December
November
October
September
August
July
June
May
April
March
February
January


2019
December
November
October
September
August
July
June
May
April
March
February
January


2018
December
November
October
September
August
July
June
May
April
March
February
January


2017
December
November
October
September
August
July
June
May
April
March
February
January


2016
December
November
October
September
August
July
June
May
April
March
February


All Episodes
Archives
Now displaying: Page 2
Sep 26, 2023

This week I'm talking about the linux file system from the point of view of a forensic analyst. In general, it's a good idea to have a solid working knowledge of the linux file system so you understand what directories hold what artifacts… Or if you're looking for a specific category of artifact, you at least have an idea of where you may find it. I will cover the home directory this week and breakdown the typical forensic artifacts you find there……

Sep 19, 2023

This week I will talk about investigating data spill cases involving exposed URLs. This is a typical privacy investigation many incident response teams handle and I thought it would be useful to go over some standard guidelines for handling such cases. To be effective with these investigations you need to know how to determine liability and responsibility, a little Google foo, and a number of odds and ends concerning mitigation, containment and remediation strategies....

Sep 12, 2023

This week is on lateral movement detection techniques. Inspecting Domain Admin account logons is a key component to lateral movement triage. Admin accounts are sought after by attackers for their elevated privileges. Evidence is often left behind both on the targeted system and on the domain controller. Both these factors provide protection opportunity through Windows event log analysis. I’ll break down the method....

Sep 5, 2023

This week I want to talk about the value of having functional documentation for your organization, or, at least for your team. Functional documentation means you have thoughtful and up-to-date incident run books, and play books that provide utility and usefulness for a responder. Without such documentation, you are always in danger of some dangerous pitfalls, some of which I'll discuss. This episode I cover what functional documentation is, it's investigative value for an organization, how to get started...

Aug 29, 2023

The linux subsystem for windows, create both opportunity and challenges for forensic analysts. It makes Windows an excellent platform for multi platform forensic analysis tasks, allowing it to take it vantage of the many many Linux tools available. The challenges are foreseeable, you have Linux artifacts, now commingled on a Windows platform, which makes forensic analysis that much more difficult when examining such a system as evidence. This week I'm going to break down the linux subsystems for forensic investigators…

Aug 22, 2023

This week I'm going to talk about tabletop exercises as part of a security training program. I feel that there is too much focus on technical skill training and not enough focus on actual incident management training in the industry. There are plenty of highly skilled professionals that can do DFIR work… However, a roadblock, many organizations and practitioners encounter is in the struggle of how to actually implement their knowledge and skills for a security incident response investigation within a specific organization. They may know what to do, but there are many challenges in identifying actually how to do it when the time comes. I will share my thoughts on how to improve your security program through simulation training…

Aug 15, 2023

This week I'm talking about The NIST (National Institute of Standards and Technology) investigation lifecycle. The NIST investigation lifecycle encompasses a series of well-defined steps, starting from problem identification and scoping, through data collection and analysis, to the formulation of conclusions and recommendations. This comprehensive framework ensures that investigations conducted by NIST are rigorous, unbiased, and provide reliable results that can be used to inform decision-making, improve practices, and promote innovation across a wide range of disciplines. More about it...

Aug 8, 2023

This week I'm talking about linux forensic triage strategy. In particular, I'm covering SSH. SSH traffic comes up in many different types of investigations. For that reason, it is a common and standard artifact every examiner should be familiar with. I will provide you the artifact background and the triage strategy…..

Aug 1, 2023

The USN Journal, also known as the Update Sequence Number Journal, is a feature of the Windows operating system that serves as a record of changes made to files and directories on a disk volume. It provides valuable information and insights into file system activities, which can aid investigators in reconstructing events, understanding system behavior, and uncovering evidence. This week I break down the artifact from a DFIR point of view provide triage strategy.....

Jul 25, 2023

This week Jason Roslewicz from SUMURI returns for some web 3.0 and virtual reality talk.

Jul 18, 2023

This week I talk about adding, modifying, and removing network shares through the lens of detecting lateral movement.

Jul 11, 2023

This week I break down the three Windows task hosts from a DFIR point of view.

Jul 4, 2023

This week I talk about network share access events and lateral movement detection.

Jun 27, 2023

This week Jason Roslewicz from SUMURI returns for some cloud talk.

Jun 20, 2023

This week I talk about the exploitation of the Windows Management Instrumentation application.

Jun 13, 2023

This week Chris Currier and I talk about mobile forensics and protocol buffers.

Jun 6, 2023

This week I cover Windows events commonly associated with data spoliation and insider threats.

May 30, 2023

This week Jason Roslewicz from SUMURI returns for some ransomware talk.

May 23, 2023

This week I Cover my all-time favorite Windows event, security event 4688: new process creation. If you do windows, incident, response, forensics, this is a must-know know artifact.

May 16, 2023

This week I talk about SVCHOST; how it fits into the Windows operating system, and how to think about it from a DFIR point of view.

May 9, 2023

This week I talk with Interview with Yugal Pathak about organizational forensic readiness.

May 2, 2023

This week I talk about the role and typical responsibilities DFIR professionals may be called up to take to assist with a zero-day response.

Apr 25, 2023

This week Jason Roslewicz from SUMURI returns to talk more about AI issues.

Apr 18, 2023

This week I break down the Windows System Resource Usage Monitor from a DFIR point of view.

Apr 11, 2023

This week I cover some malware detection methods for Linux.

1 « Previous 1 2 3 4 5 6 7 Next » 17