Info

Digital Forensic Survival Podcast

Listen to talk about computer forensic analysis, techniques, methodology, tool reviews and more.
RSS Feed
Digital Forensic Survival Podcast
2024
April
March
February
January


2023
December
November
October
September
August
July
June
May
April
March
February
January


2022
December
November
October
September
August
July
June
May
April
March
February
January


2021
December
November
October
September
August
July
June
May
April
March
February
January


2020
December
November
October
September
August
July
June
May
April
March
February
January


2019
December
November
October
September
August
July
June
May
April
March
February
January


2018
December
November
October
September
August
July
June
May
April
March
February
January


2017
December
November
October
September
August
July
June
May
April
March
February
January


2016
December
November
October
September
August
July
June
May
April
March
February


All Episodes
Archives
Now displaying: October, 2023
DFSP # 402 - Linux Root Directory Files for DFIR 0
Oct 31, 2023

In Linux and Unix-based operating systems, the "root" account is the superuser or administrator account with the highest level of privileges. It has complete control over the system and can perform any action, including modifying system files, installing software, and managing user accounts. The root account is sometimes referred to as the "root user" or simply “root"....

DFSP # 401 - INF Fetch Execute 0
Oct 24, 2023

This week we are taking a bit of a deep dive into an advanced attack technique to accomplish remote execution called “fetch and execute.” While there are different methods to accomplish the sort of thing what I am going to be focusing on is exploitation using a common Windows executable and installation file. Think of this as one of the touted “living off the land” attack techniques. It has value for compromise assessment methods as well as for threat hunting strategies...

DFSP # 400 - CMSTP 0
Oct 17, 2023

This week I am going to focus on a specific remote execution technique that you may see in the wild. Remote execution is important for incident response investigations but also for file use and knowledge investigations, particularly those that conducted due diligence exams for evidence of malware. I have covered remote execution in the past from different angles and I have done so because it is one of the red flags that an analyst should be looking for. In order to be effective in recognizing either an actual malicious execution or the risk of an attempted remote execution you must be reversed in the clever ways attackers attempt to compromise a host using Microsoft applications. The highlight this week will be CMSTP.exe abuse...

DFSP # 399 - Lateral Movement Failed Logon Events 0
Oct 10, 2023

Finding and analyzing failed logons sometimes is just as important as finding suspicious, actual logon activity. Like anything, context is important. Old logon records offer an opportunity to identify not only suspicious activity, but perhaps attempted activity by an attacker. A standard move in the attack chain is to compromise an account and use it to move within the breached environment. However, it doesn't always work as planned for the attacker, and you may find failed activity a valid signal for identifying, malicious actions. This episode, I'm going to take a look at failed logon events from an investigation point of you.

DFSP # 398 - OODA & JOHARI 0
Oct 3, 2023

This week I will discuss the use of the OODA loop and JOHARI window in security incident response investigations. These two frameworks are designed to help organizations quickly and effectively respond to security incidents, and can be used in combination to enhance incident response capabilities....

1
©SecurityTTX, LLC