Listen to talk about computer forensic analysis, techniques, methodology, tool reviews and more.
http://digitalforensicsurvivalpodcast.libsyn.com/podcast
Gesamtlänge aller Episoden: 6 days 5 minutes
DFSP # 397 - Linux Home Directory Files for DFIR
This week I'm talking about the linux file system from the point of view of a forensic analyst. In general, it's a good idea to have a solid working knowledge of the linux file system so you understand what directories hold what artifacts… Or if...
DFSP # 396 - URL Leak
This week I will talk about investigating data spill cases involving exposed URLs. This is a typical privacy investigation many incident response teams handle and I thought it would be useful to go over some standard guidelines for handling such...
DFSP # 395 - Lateral Movement and Admin Logons
This week is on lateral movement detection techniques. Inspecting Domain Admin account logons is a key component to lateral movement triage. Admin accounts are sought after by attackers for their elevated privileges. Evidence is often left behind both...
DFSP # 394 - Functional Documentation
This week I want to talk about the value of having functional documentation for your organization, or, at least for your team. Functional documentation means you have thoughtful and up-to-date incident run books, and play books that provide utility...
DFSP # 393 - Linux Subsystems for Windows
The linux subsystem for windows, create both opportunity and challenges for forensic analysts. It makes Windows an excellent platform for multi platform forensic analysis tasks, allowing it to take it vantage of the many many Linux tools available....
DFSP # 392 - Simulation Training
This week I'm going to talk about tabletop exercises as part of a security training program. I feel that there is too much focus on technical skill training and not enough focus on actual incident management training in the industry. There are plenty...
DFSP # 391 - Investigation Lifecycle
This week I'm talking about The NIST (National Institute of Standards and Technology) investigation lifecycle. The NIST investigation lifecycle encompasses a series of well-defined steps, starting from problem identification and scoping, through data...
DFSP # 390 - SSH Triage
This week I'm talking about linux forensic triage strategy. In particular, I'm covering SSH. SSH traffic comes up in many different types of investigations. For that reason, it is a common and standard artifact every examiner should be familiar with....
DFSP # 389 - $Usnrl
The USN Journal, also known as the Update Sequence Number Journal, is a feature of the Windows operating system that serves as a record of changes made to files and directories on a disk volume. It provides valuable information and insights into file...
DFSP # 388 - Web 3.0 Talk with SUMURI
This week Jason Roslewicz from SUMURI returns for some web 3.0 and virtual reality talk.