Info

Digital Forensic Survival Podcast

Listen to talk about computer forensic analysis, techniques, methodology, tool reviews and more.
RSS Feed
Digital Forensic Survival Podcast
2024
March
February
January


2023
December
November
October
September
August
July
June
May
April
March
February
January


2022
December
November
October
September
August
July
June
May
April
March
February
January


2021
December
November
October
September
August
July
June
May
April
March
February
January


2020
December
November
October
September
August
July
June
May
April
March
February
January


2019
December
November
October
September
August
July
June
May
April
March
February
January


2018
December
November
October
September
August
July
June
May
April
March
February
January


2017
December
November
October
September
August
July
June
May
April
March
February
January


2016
December
November
October
September
August
July
June
May
April
March
February


All Episodes
Archives
Now displaying: Page 5
Apr 12, 2022
This week I will talk about investigating data spill cases involving exposed URLs. This is a typical privacy investigation many incident response teams handle and I thought it would be useful to go over some standard guidelines for handling such cases. To be effective with these investigations you need to know how to determine liability and responsibility, a little Google foo, and a number of odds and ends concerning mitigation, containment and remediation strategies depending on what you are dealing with.
Apr 5, 2022

This week I’m going to cover detecting lateral movement using Windows event logs. This is not the Windows fast triage method I covered in previous episodes. This is more in-depth and focuses on specific attack tools and strategies seen in actual cases. Going into this level of detail is beyond the scope of a typical episode, however there is some research that has very granular details on the tools and methods you can use. I’ll have that coming up right after this.

Mar 29, 2022
This week is a back to basics episode where I am going to cover Windows shellbags. This is a core Windows artifact that gets included in pretty much most every file use and knowledge investigation or any investigation where you’re looking to tie a specific account to directory access activity. Like most Windows artifacts you must know how user interaction affects the artifact in order to properly interpreted it as evidence. You must also be aware of any caveats or pitfalls that may affect your evidence. Spoiler alert, there is a huge one associated with Windows shellbags that I’ll cover at the end of the episode-it’s nothing new but if you’re unfamiliar with it you definitely need to know about it.
Mar 22, 2022
This week I am talking about a program language called rust and the advantages it has for DFIR analyst. I’m also covering Chainsaw, a toolset that you can use for Windows event log analysis.
Mar 15, 2022
This week it’s back to basics with a Windows artifact for tracking program execution. I’m covering the user assist key which is a mainstay for both live triage and dead box forensics. This artifact is useful for profiling system usage, identifying malware, and general file use and knowledge applications. There are some caveats you need to be aware of and in this episode I’m covering  five different experiments to document the effects that different types of user activity had on the artifact. If you want to better understand this artifact and how to work with it stay tuned.
Mar 8, 2022
This week I am covering how different common protocols are secured in the cloud. Part of your effectiveness as a security analyst is your knowledge and understanding of how environments work in a typical scenario. I know that all environments are different but there is some foundational knowledge that you can learn that will be useful no matter what environment you’re working. My goal with this episode is to provide you with a better understanding of how insecure protocols are handled in cloud environments.
Mar 1, 2022

This we can talk about Arthir, an open source platform for windows incident response and threat hunting.

Feb 22, 2022
This week Max Lamothe-Brassard talks about the future of cyber security.
Feb 15, 2022

This week is a back to basic episode featuring Shimcache and Amcache. Learn what they are, why they are important to many investigations and the pitfalls to avoid.

Feb 8, 2022

This week is about Cloud Network Security Services.

Feb 1, 2022
This week we continue with the Windows fast triage series and talk about data spoliation detection.
Jan 25, 2022

This week is about cloud network segmentation. Network segmentation has security advantages, and that’s regardless of whether or not security is the intention. There are some big differences between traditional on-prem network segmentation and cloud infrastructure segmentation. As a DFIR practitioner, knowing the difference is vital for your incident response preparedness. This week I will break it down from a DFIR point of view and provide some necessary insight that will help you better structure your investigations involving cloud assets.

Jan 18, 2022

This week I cover insider threat, which is sort of a gray area between traditional investigations and DFIR investigations. 

Jan 11, 2022

This week I’m talking about identity access controls commonly encountered in cloud environments. These come up during DFIR investigations and high-level awareness, at the least, is necessary for analysts in order to be effective during investigations. These are the things that may be part of root cause, part of the attack escalation, or part of mitigation will remediation. This week all cover the basics to help with your incident response preparedness.

Jan 4, 2022

This week is my advice for conducting a career critique as well as to plan for the future - or at least for 2022. I do this episode every year at this time with the intention of helping newer analysts maximize their efforts to achieve the desired career goals in both the short term and long term.

Dec 28, 2021

This week we continue with the Windows fast triage series and talk about lateral movement evidence that may be found in DC records.

Dec 21, 2021

This week is a continuation of the threats to cloud computing miniseries. We are stepping through the top 11 threats to cloud computing as identified by the Cloud Security alliance. When you are protecting cloud assets or investigating breaches of cloud assets, there is a lot to keep in mind. You must remember the standard security infrastructure, the new cloud infrastructure as well as any changes to the standard infrastructure that could be affected for your investigation. The top 11 threats to cloud computing help identify where you, as an analyst, should prioritize your time both as a starting point and how you use your limited time for continuing education.

Dec 14, 2021

This week I review a great method to detect file poisoning on Linux using all native commands.

Dec 7, 2021

This week SUMURI's Steve Whalen (a.k.a. 'MacBoy') talks Mac artifacts

Nov 30, 2021

This week we continue with the Windows fast triage series and talk about lateral movement evidence that may be found in logon event records.

Nov 23, 2021

This week Brian Carrier of Basis Technology joins me to talk about OSDFCon. The DFIR community relies on open source tools and the conference is a great way to get exposure to new tools and to learn how to use them. There's a great lineup this year with something for everyone. Registration is free for everyone.

Nov 16, 2021

This week is a case study where we look at an actual attack strategy and compared it against standard triage methods to see how well they hold up. In this episode I break down some attack methods attributed to APT32, also known as Ocean Lotus, and we’ll see how standard triage techniques hold up against the attack chain. 

Nov 9, 2021

Amanda Berlin of Blumira speaks on malicious Powershell attacks and defense techniques.

Nov 2, 2021

This week SUMURI's Steve Whalen (a.k.a. 'MacBoy') talks Mac forensics.

Oct 26, 2021

This week I’m talking about Nested Groups and the risk they pose for security. Built-in to the functionality of Active Directory is the ability to attach a group to another group. While this has advantages for account administration across an organization, it also offers attackers opportunity if certain precautions are not taken. This week I’ll break down Nested Groups in DFIR terms, talk about how attackers take advantage of it and what analysts need to know for investigations.

1 « Previous 2 3 4 5 6 7 8 Next » 17