Digital Forensic Survival Podcast

This week I review a document put out by the Japan Computer Emergency Response Team Coordination Center on "Detecting Lateral Movement through Tracking Event Logs."

This week I break down the forensic value of Windows Jump lists.

This week I talk about how to design your own training programs using low cost\ no cost options.

This week I take a look at online sandboxes for malware analysis.

This week I talk a Notepad++, a freely available code editing tool with some great options built in that are useful for inspecting forensic artifacts.

This week I take a look at Redline by Mandiant, a tool that offers automated memory triage and much more.

This week I explore the idea of using scanning tools as part of an on scene triage process in order to find hidden devices and\or to document the systems of the local network.

Looking for the ultimate DFIR checklist? This week I check out a freely available guidebook that, as the name implies, is aimed at addressing all things DFIR related A-Z.

This week I talk about the Skype artifacts forensic examiners need to be aware of.

This week I take a look at CompTia's CSA+ certification and how it fits into a DFIR career.

This week it's back to browsers with Chrome Forensics.

This week is tool review week featuring Bulk Extractor. This is a great triage tool, lab tool and all around tool to help generate leads for your case.

This week I take you through some of the "pain points" of using VirtualBox as a forensic machine virtualization platform. VirtualBox is freely available and is a great tool to scale your lab and field systems at a low cost. VirtualBox does not have the "easy" buttons the pay tools have but do not let that stop you. In this episode I talk about the solutions that will have you up and running.

This week I talk Firefox forensics and identify the artifacts examiners need to know about.

This week I’m talking about the Windows browser some are still surprised to learn about, MS Edge. Windows 10 comes with two browsers and in this week’s podcast I’m going to go over one of them, MS Edge, and what computer forensic examiners need to know about it.

This week I talk about surviving Windows Thumbcache forensics. A great source of evidence for File Use & Knowledge investigations.

This week I talk Linux forensics and breakdown some useful artifacts that may generate leads for investigations.

This week I talk about a methodology to collect webmail using freely available tools as well as the things you must consider before you do so.

This week I go over my survival tips for imaging solid state drives (SSDs).

This week I talk about threat intelligence tool Hostintel by Keith Jones.