Sinopsis
Listen to talk about computer forensic analysis, techniques, methodology, tool reviews and more.
Episodios
-
DFSP # 054 - Surviving the Conference Season
28/02/2017 Duración: 15minThis week I share some thoughts on how to approach DFIR conferences to maximize the experience. There are many to choose from and having an analytical approach may get you exactly what you want for your time and money.
-
DFSP # 053 - Top FU&K Plugins
21/02/2017 Duración: 23minThis week I talk about my favorite Volatility plugins for File Use & Knowledge investigations to get at the volatile evidence most often targeted during a dead box exam.
-
DFSP # 052 - Free Your Mind
14/02/2017 Duración: 21minThis week I talk about FreeMind, a freely available visualization tool that can be used to enhance the computer forensic investigation process.
-
DFSP # 051 - Analyzing PE Signatures
07/02/2017 Duración: 19minThis week I talk about an openly available library and tool repository all examiners should be aware of as well as a tool by Didier Stevens called "AnalyzePESig" which is perfect for bulk analysis of executables on Windows systems.
-
DFSP # 050 - Virtual Machine Forensics
31/01/2017 Duración: 21minThis week I talk File Use & Knowledge investigations involving virtual machines. This is mainly from a dead-box exam point-of-view.
-
DFSP # 049 - Get your SRUM on!
24/01/2017 Duración: 17minThis week I talk about SRUM, a windows artifact with some significant forensic value for both File Use & Knowledge investigations as well as Incident Response.
-
DFSP # 048 - Evidence Integrity On-Scene
17/01/2017 Duración: 23minThis week I talk about considerations for digital evidence integrity when collection evidence on-scene from a live system.
-
DFSP # 047 - Epoch Time Survival
10/01/2017 Duración: 22minThis week I talk about surviving mobile App timestamps.
-
DFSP # 046 - DFIR New Year
03/01/2017 Duración: 31minThis week I share my thoughts on setting DFIR goals for the coming year. I go over seven points worth focusing on for professional development.
-
DFSP # 045 - RUN DMA
27/12/2016 Duración: 16minThis week I talk DMA (direct memory access) exploits as a technique to bypass passwords of a live system to conduct imaging - with legal authority of course.
-
DFSP # 044 - Automated File Intelligence
20/12/2016 Duración: 24minThis week I talk about a useful automated file intelligence resource for dead box exam as well as IR investigations.
-
DFSP # 043 - Imaging a Mac: Survival Tips
13/12/2016 Duración: 20minThis week I go over survival tips for imaging a Mac.
-
DFSP # 042 - Windows 10 Prefetch
06/12/2016 Duración: 17minThis week I about the format change for Windows 10 Prefetch files as well as a freely available tool to decompress and present .pf file data.
-
DFSP # 041 - Trash Talkin'
29/11/2016 Duración: 16minThis week I'm talking .Trash. I cover the forensic basics of this Mac artifact that examiners need to know.
-
DFSP # 040 - Mac Log Files
22/11/2016 Duración: 22minThis week I talk about Mac Log files that are useful for File Use & Knowledge investigations as well as Incident Response.
-
DFSP # 039 - Apache Weblogs & SDF Announcement
15/11/2016 Duración: 17minThis week I talk about Apache weblogs and a great resource for foundational knowledge at aid newer examiners with forensic analysis. In addition, big news for the SDF series!
-
DFSP # 038 - Finder Sidebar Forensics
08/11/2016 Duración: 17minThis week it's back to Mac forensics with a look at the the Finder Sidebar and it's value for File Use & Knowledge investigations.
-
DFSP # 037 - The DFIRONOMICON
01/11/2016 Duración: 28minThis week I pull back the focus for newer examiners and share some thoughts on creating a system that works for you to organize, and keep readily accessible, all the knowledge you accumulate..... and a few words about Shimcache on Windows 10.
-
DFSP # 036 - iCloud Forensic Evidence
25/10/2016 Duración: 24minThis week I breakdown iCloud forensic artifacts.
-
DFSP # 035 - "Recent" File Listings on a Mac
18/10/2016 Duración: 23minThis week I talk about where to find different listing of different recently accessed files on a Mac as well as how to break out the data for interpretation.