Digital Forensic Survival Podcast

Listen to talk about computer forensic analysis, techniques, methodology, tool reviews and more.

Eine durchschnittliche Folge dieses Podcasts dauert 18m. Bisher sind 321 Folge(n) erschienen. Dieser Podcast erscheint wöchentlich.

Gesamtlänge aller Episoden: 4 days 5 hours 19 minutes


DFSP # 286 - Lateral MM Fast Triage 2 [5145]

This week we continue with the Windows fast triage series. We are up to lateral movement and talking about admin shares. On topic this week is event 5145 which is a Windows log that records verbose information about network share objects and it is an...


 2021-08-10  15m

DFSP # 285 - Linux Malware Triage

This week I wanted to take a break from Windows forensics and talk about Linux malware triage. The Linux platform offers forensic analysts the opportunity to do a very decent job performing malware triage. What I mean by this is that you do not need...


 2021-08-03  20m

DFSP # 284 - Fast Triage case study: non-Windows core processes

This week we’re going to take a look at how standard triage methodology can detect advanced attack techniques. Even as a newer examiners, if you learn the standard triage methods that I have covered in the fast triage series, you will find the...


 2021-07-27  15m

DFSP # 283 - CSA Cloud Threats 5

This week we take another look at the top threats to cloud computing. On tap This week is account hijacking. All analysts working in the DFIR field today must be aware of threats to cloud computing in order to be effective in their roles. 


 2021-07-20  10m

DFSP # 282 - Lateral MM Fast Triage

This week I talk about lateral movement fast triage. This is the next topic in the Windows fast triage miniseries and it aligns with the goal of the entire series, which is to help new or any analyst identify the most accessible artifacts that may be...


 2021-07-13  12m

DFSP # 281 - Fast Triage case study: persistence

This week I’m doing another walk-through to illustrate how standard triage methodology can detect advanced attack techniques. Sometimes as a newer examiner, it’s easy to become overwhelmed with the technical detail necessary to understand and...


 2021-07-06  12m

DFSP # 280 - Malware Fast Triage

This week I’m covering malware fast triage. It occurred to me that I should revisit this issue for a couple of different reasons. I remember covering this many years ago and I believe that’s why I haven’t thought about doing anything on it...


 2021-06-29  17m

DFSP # 279 - CSA Cloud Threats 4

This week is about the top threats to cloud computing.


 2021-06-22  14m

DFSP # 278 - Process Triage & CMD

This week is a continuation of the Windows fast triage miniseries. While other aspects of the triage miniseries had fairly contained artifacts to examine, new process triage presents a large and complex landscape to the analyst. I have already broken...


 2021-06-15  17m

DFSP # 277 - Learning from the Red Team II

A while back I did an episode on “learning from the red team” which focused on methods blue team members can utilize to better understand attacks and the artifacts affected by those attacks. One of the advantages of this method that I did not...


 2021-06-08  10m