Digital Forensic Survival Podcast

This week I'm wrapping up my series on SSH forensics with a discussion on SSH log triage. Logs are usually what an analyst will start with, so this episode is important. There are a few different log types, and there is a pitfall with one of them,...

In the last episode on this topic, I covered SSH from a investigation point of view. I explained SSH and the artifacts that typically come up when your investigating. In this episode, we're getting into the triage methodology. This includes the...

SSH is a protocol used to secure remote access to systems, making it a cornerstone in safeguarding sensitive information and ensuring secure communications. In this podcast, we will delve into the basics of SSH, its key concepts and other useful...

This week I'm discussing a fundamental aspect of cybersecurity: incident response preparation. Effective incident response is paramount, and preparation is the key to success. This preparation includes comprehensive documentation, training, having the...

Today I'm talking Windows forensics, focusing on Windows event logs. These logs are very valuable for fast triage, often readily available in your organization's SIEM. But have you ever wondered about the processes enabling this quick access? Not only...

In this podcast episode, we talk about Linux's `memfd` – a virtual file system allowing the creation of anonymous memory areas for shared memory or temporary data storage. Threat actors exploit `memfd` for fileless malware attacks, as its memory...

This week we explore into the world of Windows service event codes and their role in forensic investigations. Windows services are background processes crucial for system functionality, running independently of user interaction- making them ideal....

This week, we're delving into the realm of fast flux, a cunning technique employed by attackers to cloak their true, malicious domains. Its effectiveness is the reason behind its widespread use, making it crucial for analysts to grasp its nuances and...

In this week's exploration, I'm delving into the intricate realm of the Master File Table (MFT), a pivotal forensic artifact in Windows investigations. The MFT provides a valuable gateway to decode evidence across various scenarios. Join me in this...

This week I delve into the intriguing domain of Linux malware triage. The Linux platform presents forensic analysts with a unique opportunity to excel in performing malware triage effortlessly. The beauty of it lies in the fact that you don't require...