loader from loading.io

DFSP # 235 - Scheduled Task Change

Digital Forensic Survival Podcast

Release Date: 08/18/2020

DFSP # 303 - Mac Artifacts with SUMURI show art DFSP # 303 - Mac Artifacts with SUMURI

Digital Forensic Survival Podcast

This week SUMURI's Steve Whalen (a.k.a. 'MacBoy') talks Mac artifacts

info_outline
DFSP # 302 - Lateral MM Fast Triage 4 show art DFSP # 302 - Lateral MM Fast Triage 4

Digital Forensic Survival Podcast

This week we continue with the Windows fast triage series and talk about lateral movement evidence that may be found in logon event records.

info_outline
DFSP # 301 - OSDFCON 2021 show art DFSP # 301 - OSDFCON 2021

Digital Forensic Survival Podcast

This week Brian Carrier of Basis Technology joins me to talk about OSDFCon. The DFIR community relies on open source tools and the conference is a great way to get exposure to new tools and to learn how to use them. There's a great lineup this year with something for everyone. Registration is free for everyone.

info_outline
DFSP # 300 - Case Study Ocean Lotus show art DFSP # 300 - Case Study Ocean Lotus

Digital Forensic Survival Podcast

This week is a case study where we look at an actual attack strategy and compared it against standard triage methods to see how well they hold up. In this episode I break down some attack methods attributed to APT32, also known as Ocean Lotus, and we’ll see how standard triage techniques hold up against the attack chain. 

info_outline
DFSP # 299 - Malicious Powershell with Blumira show art DFSP # 299 - Malicious Powershell with Blumira

Digital Forensic Survival Podcast

Amanda Berlin of Blumira speaks on malicious Powershell attacks and defense techniques.

info_outline
DFSP # 298 - Mac Forensics with SUMURI show art DFSP # 298 - Mac Forensics with SUMURI

Digital Forensic Survival Podcast

This week SUMURI's Steve Whalen (a.k.a. 'MacBoy') talks Mac forensics.

info_outline
DFSP # 297 - Nested Groups show art DFSP # 297 - Nested Groups

Digital Forensic Survival Podcast

This week I’m talking about Nested Groups and the risk they pose for security. Built-in to the functionality of Active Directory is the ability to attach a group to another group. While this has advantages for account administration across an organization, it also offers attackers opportunity if certain precautions are not taken. This week I’ll break down Nested Groups in DFIR terms, talk about how attackers take advantage of it and what analysts need to know for investigations.

info_outline
DFSP # 296 - Case Study Turla-Comrat show art DFSP # 296 - Case Study Turla-Comrat

Digital Forensic Survival Podcast

This week is a case study where we look at an actual attack strategy and compared it against standard triage methods to see how well they hold up. The Turla group using ComRat malware is our case example, let’s see if standard triage techniques can save the day.

info_outline
DFSP # 295 - Ransomware with Blumira show art DFSP # 295 - Ransomware with Blumira

Digital Forensic Survival Podcast

Matt Warner, Blumira CTO and Co-Founder, talks ransomware investigations.

info_outline
DFSP # 294 - CSA Cloud Threats 7 show art DFSP # 294 - CSA Cloud Threats 7

Digital Forensic Survival Podcast

This week is a continuation of the threats to cloud computing miniseries. We are stepping through the top 11 threats to cloud computing as identified by the Cloud Security alliance. When you are protecting cloud assets or investigating breaches of cloud assets, there is a lot to keep in mind. You must remember the standard security infrastructure, the new cloud infrastructure as well as any changes to the standard infrastructure that could be affected for your investigation. The top 11 threats to cloud computing help identify where you, as an analyst, should prioritize your time both as a...

info_outline
 
More Episodes

This week I talk about examining Windows Scheduled Task change events for evidence of persistence.