Gesamtlänge aller Episoden: 5 days 23 hours 33 minutes
This week I interview Steve Whalen of SUMURI about Apple FSEvent artifacts. Learn what they are and how to leverage them for investigations.
This week I talk about examining Windows Scheduled Task change events for evidence of persistence.
This week I interview Brian Carrier, SVP & CTO of Basis Technology about his "Divide & Conquer" approach to DFIR investigations.
This week I talk about examining Windows New Scheduled Task events for evidence of persistence.
This week Chris of MSAB shares his recommended process for DFIR exam standardization.
This week I talk about examining Windows Service modification events for evidence of persistence.
This week I talk about the artifacts and methodology for examining user activity on Windows systems.
This week I interview Steve Whalen of SUMURI and we talk about effective ways to report forensic findings.
This week I talk about examining Windows systems for evidence of persistence.