Gesamtlänge aller Episoden: 6 days 5 minutes
This week I delve into the intriguing domain of Linux malware triage. The Linux platform presents forensic analysts with a unique opportunity to excel in performing malware triage effortlessly. The beauty of it lies in the fact that you don't require...
This week I’m going to talk about New Service Installation details recorded in Windows event logs. These have a number of advantages for your triage methodology and I will have all the details coming up.
Organizations leverage third-party services more and more for business advantages. For the security professional, this means the organizational data you're charged with protecting is under the control of a third-party in some way shape or form. In...
Cron become important and Linux forensics when you’re talking about persistence. Think scheduled tasks if you want a Windows equivalent. The artifact is not that difficult to analyze once you understand the elements to focus on and it is typically...
Ransomware cases can be particularly challenging, especially during the initial response. They tend to be fast-paced and require the responder to simultaneously prioritize a number of tasks. Each of these tasks can have critical impact upon the...
Conhost, or the Console Application Host, often comes up during investigations. Understanding what it is, the evidence may contain and how to extract that information becomes important...
This week I'm talking about detecting evidence of lateral movement on Window systems using NTLM credential validation events. Much like the episode I did on Kerberos, NTLM events offer the same advantage of being concentrated on domain controllers,...
Temporary directories play a significant role in computer forensic investigations as they can potentially contain valuable digital evidence. When conducting a computer forensic investigation, these temporary directories can provide insights into user...
This week I’m talking about Regsvcs /Regasm exploitation, which is a Windows tactic attackers use to evade defense mechanisms and execute code. Specifically, this technique can be used to bypass process whitelisting and digital certificate...
This week I’m talking about Nested Groups and the risk they pose for security. Built-in to the functionality of Active Directory is the ability to attach a group to another group. While this has advantages for account administration across an...