Digital Forensic Survival Podcast

This week I interview author Shawn Livermore about the myth of the "tech-genius."

This week is the third part of the Network-Fast-Triage mini-series. In this installation I cover triage techniques for Windows event logs that record network port-binding.

This week is the second part of the Network-Fast-Triage mini-series. In this installation I cover triage techniques for Windows event logs that record network connections.

This week I cover triage techniques for werfault.exe. The process does not have the best documentation which makes it a challenge to triage.

This week I interview Haseeb Awan, CEO of EFANI, about the rise of SIM swapping attacks. Haseeb explains the attack, how attackers carry it out, and provides some mitigation strategies.

This week is the first part of the Network-Fast-Triage mini-series. The first installation is the network investigation primer.

This week I go over a method to detect fileless malware on Linux systems.

This week I talk utilizing the ExploitDB for DFIR investigations. Searchsploit is a command line search tool for Exploit-DB that allows you the power to perform detailed off-line searches through your locally checked-out copy of the repository. This capability is particularly useful for security assessments on segregated or air-gapped networks without Internet access.

This week is the last part of the Persistence-Fast-Triage mini-series. The final installation covers Windows startup locations.

This week I talk about the IR Investigation Lifecycle, or, the elements included within the incident handling process to ensure a complete investigation.

This week I talk about the use of RUNDLL32 to exploit information files (.INF) to "fetch and execute" malware.

This week is part 3 of examining the Windows Registry for evidence of persistence and the focus is on Windows Registry Modification Event Records.

This week I talk about detecting time stomping on Windows and Linux systems.

This week I talk about examining the Windows Registry for evidence of persistence.

This week I interview JASON ROSLEWICZ of SUMURI about the hardware that drives your forensics system.

This week is part 3 of the Mobile Attack series.

This week I talk about examining the Windows Registry for evidence of persistence.

This week I talk about the use of Bash commands in crypto-mining attacks.

This week I talk about detecting persistence via Attack Shimming artifacts.

This week I interview Steve Whalen of SUMURI about Apple FSEvent artifacts. Learn what they are and how to leverage them for investigations.