Digital Forensic Survival Podcast

This week I talk about the Windows Background Activity Monitor, an artifact that may be used to find evidence of execution.

This week I talk about some issues surrounding powershell when used as a digital forensic collection tool.

This week I talk about LOKI, a tool designed to help analyst scan for APT IOCs.

This week I talk about KAPE, a freely available forensic evidence collection and triage tool.

This week I talk about the common Linux file systems and what to expect when dealing with different hosts. 

This week I go over how to create a boot disk using the native capability of Ubuntu. You'll never have to rely on third-party tools again!

This week I breakdown container attack vectors for Cloud Incident Response.

This week I breakdown the SUDOERS file for forensic triage.

This week I talk about Powershell through the lens of the Service Control Manager.

This week I talk about NVMe, a data storage technology, from a forensic point of view.

This week I cover how to approach Linux binaries during investigations.

This week I continue the series about the DFIR changes on the horizon with cloud technology and focus on AWS EC2 forensics.

This week I talk about using WMI to create processes remotely.

This week I talk about Density Scout, an open source tool for malware triage.

This week I cover a resource you can use to develop windows remote execution triage methodology and threat hunting.

This week I talk about the Windows credential guard process.

This week I talk about OWASP's Number 10 vulnerability category from their top 10 list, insufficient logging and monitoring.

This week I talk about the most frequently seen attacker recon commands.

This week I talk about a popular Windows utility attackers often exploit.

This week I talk about incident response in container deployments.