Info

Digital Forensic Survival Podcast

Listen to talk about computer forensic analysis, techniques, methodology, tool reviews and more.
RSS Feed
Digital Forensic Survival Podcast
2024
March
February
January


2023
December
November
October
September
August
July
June
May
April
March
February
January


2022
December
November
October
September
August
July
June
May
April
March
February
January


2021
December
November
October
September
August
July
June
May
April
March
February
January


2020
December
November
October
September
August
July
June
May
April
March
February
January


2019
December
November
October
September
August
July
June
May
April
March
February
January


2018
December
November
October
September
August
July
June
May
April
March
February
January


2017
December
November
October
September
August
July
June
May
April
March
February
January


2016
December
November
October
September
August
July
June
May
April
March
February


All Episodes
Archives
Now displaying: Page 4
Oct 18, 2022

This week I talk about strategies to determine root cause early during an investigation.

Oct 11, 2022

This week is a breakdown of HTTP log forensic triage.

Oct 4, 2022

This week I talk about finding evidence of Kernel file masquerading on Linux systems.

Sep 27, 2022

This week I talk about how to find evidence of malicious autoruns in the windows registry.

Sep 20, 2022

This week I talk about the forensic value of the Apple Spotlight DB.

Sep 13, 2022

When you talk autoruns you must talk about the Windows registry. This artifact is very dense and it may be difficult to zero in on the elements that are important for compromise assessment. Given that, I am going to begin the series with a breakdown of the Windows Registry from a DFIR point of view. This is crucial in understanding ...

Sep 6, 2022

This week I talk about the attack methodology known as Fast Flux.

Aug 30, 2022

This week’s focus is on other scheduled task events useful for DFIR triage.

Aug 23, 2022

This week I talk about a popular Windows utility attackers often exploit.

Aug 16, 2022

This week I breakdown the SUDOERS file for forensic triage.

Aug 9, 2022

This week’s focus is on new scheduled tasks, which are a common way of establishing longevity on system. I will have my breakdown of the artifact and how to interpret it for fast analysis coming up….

Aug 2, 2022

The must-attend event for Cyber First Responders who must detect and deal with ransomware, zero-day events, and more!

Jul 26, 2022

This week I talk about the Windows Background Activity Monitor, an artifact that may be used to find evidence of execution.

Jul 19, 2022

This week I breakdown CRON for the uninitiated.

Jul 12, 2022

This week is about persistence artifacts. Namely the records for when services fail to start, are either started or stopped, have crashed have had their start type changed. Since services are one of the common ways attackers achieve persistence, understanding how these events may be used for triage purposes is very important...

Jul 5, 2022

This week I talk Mac autoruns.

Jun 28, 2022

This week is about bash history forensics.

Jun 21, 2022
In the past I’ve talked about fast triage from a high-level, addressing the different artifacts and some interesting elements in each of those artifacts. I decided to start going a bit deeper and focus on one or a few artifacts at a time and really talk about the important details they may record for your investigation and how to interpret that information quickly. I’m going to start with the New Service Installation details recorded in Windows event logs. These have a number of advantages for your triage methodology and I will have all the details coming up.
Jun 14, 2022

Every so often I like to revisit certifications. Everyone seems to have their own opinion as to the value of one certification over another, whether or not certifications should carry as much weight as they do, or preference of certain certifications over others, and so on. In this episode I’m sharing my thoughts on the topic as well as how I would approach certifications if I were new in the field but also retained everything I have learned over the years about the impact certifications have or can have on your career.

Jun 7, 2022
This week is a back to basics episode where I cover Windows shell bags. This is a core Windows artifact that gets included in pretty much  every file use and knowledge investigation. Any investigation where you’re looking to tie a specific account to directory access activity. Like most Windows artifacts you must know how user interaction affects the artifact in order to properly interpreted as evidence and you must also be aware of any caveats or pitfalls that may affect your evidence. Spoiler alert, there is a huge one associated with Windows shell bags that I’ll cover at the end of the episode-it’s nothing new but if you’re unfamiliar with it you definitely need to know about it.
May 31, 2022

If you are accustomed to Windows forensics you may find you have to shift your way of thinking about executables when you are dealing with a Linux system. Unlike Windows, in Linux there is no fixed file extension to designate an executable. Everything on a Linux system of the file and any file can be executable, so where do you even begin? In this episode I am going to address how to approach Linux executables to help those newer to Linux exams deal with the nuances.

May 24, 2022

One of the first things attackers attempt to accomplish on a compromised system is to establish persistence. Unless you are dealing with a denial of service attack, most other attacker goals are centered on maintaining the degree of control over a compromise system in order to use system resources for things like cryptomining or to maintain a foothold to further an attack strategy. This week I am going to talk about a fast triage methodology for persistence, which is one of the first triage strategies I normally recommend for a compromise assessment. Because I am focusing on a fast triage methodology I am going to focus on the artifacts most examiners will have readily at hand and how to make the most of them during the initial pass.

May 17, 2022

This week I’m covering the Master file table as a core forensic artifact for Windows investigations. This artifact has value is both a primary and secondary artifact and offers opportunity to decode evidence in a number of different situations. In this episode I’m covering the forensic basics, some use cases and tools you can use to bring the value of the artifact to its full potential.

May 10, 2022

This week of talking malware fast triage. These are the techniques that are short of malware reverse engineering and allow analysts to identify malware and also get a sense of what it is does. This is a necessary skill set for all DFIR professionals as you typically deal with malware and you need a way to do some basic forensics on it for context to advance your investigation. This is going to be a two-part episode where I first go over the foundational information you need to have four common malware triage tasks and the second part will go over specific methods, tools, and indicators for different types of artifacts.

May 3, 2022

This week of talking malware fast triage. These are the techniques that are short of malware reverse engineering and allow analysts to identify malware and also get a sense of what it is does. This is a necessary skill set for all DFIR professionals as you typically deal with malware and you need a way to do some basic forensics on it for context to advance your investigation. This is going to be a two-part episode where I first go over the foundational information you need to have four common malware triage tasks and the second part will go over specific methods, tools, and indicators for different types of artifacts.

1 « Previous 1 2 3 4 5 6 7 Next » 17