Listen to talk about computer forensic analysis, techniques, methodology, tool reviews and more.
http://digitalforensicsurvivalpodcast.libsyn.com/podcast
Gesamtlänge aller Episoden: 6 days 5 minutes
DFSP # 417 - Unlocking Linux Secrets
This week I delve into the intriguing domain of Linux malware triage. The Linux platform presents forensic analysts with a unique opportunity to excel in performing malware triage effortlessly. The beauty of it lies in the fact that you don't require...
DFSP # 416 - Persistence Mechanisms on Windows
This week I’m going to talk about New Service Installation details recorded in Windows event logs. These have a number of advantages for your triage methodology and I will have all the details coming up.
DFSP # 415 - Dealing with Third-Party Incidents
Organizations leverage third-party services more and more for business advantages. For the security professional, this means the organizational data you're charged with protecting is under the control of a third-party in some way shape or form. In...
DFSP # 414 - CRON Forensics
Cron become important and Linux forensics when you’re talking about persistence. Think scheduled tasks if you want a Windows equivalent. The artifact is not that difficult to analyze once you understand the elements to focus on and it is typically...
DFSP # 413 - Ransomware Initial Response
Ransomware cases can be particularly challenging, especially during the initial response. They tend to be fast-paced and require the responder to simultaneously prioritize a number of tasks. Each of these tasks can have critical impact upon the...
DFSP # 412 - Conhost Forensics
Conhost, or the Console Application Host, often comes up during investigations. Understanding what it is, the evidence may contain and how to extract that information becomes important...
DFSP # 411 - NTLM Credential Validation
This week I'm talking about detecting evidence of lateral movement on Window systems using NTLM credential validation events. Much like the episode I did on Kerberos, NTLM events offer the same advantage of being concentrated on domain controllers,...
DFSP # 410 - Linux Temp Directories
Temporary directories play a significant role in computer forensic investigations as they can potentially contain valuable digital evidence. When conducting a computer forensic investigation, these temporary directories can provide insights into user...
DFSP # 409 - Regsvcs and Regasm Abuse
This week I’m talking about Regsvcs /Regasm exploitation, which is a Windows tactic attackers use to evade defense mechanisms and execute code. Specifically, this technique can be used to bypass process whitelisting and digital certificate...
DFSP # 408 - Nesting
This week I’m talking about Nested Groups and the risk they pose for security. Built-in to the functionality of Active Directory is the ability to attach a group to another group. While this has advantages for account administration across an...