DFSP # 485 Certifiably Suspicious
Digital Forensic Survival Podcast
info_outline
DFSP # 485 BAM! Packing Punch
Digital Forensic Survival Podcast
This week, I delve into the Windows BAM artifact, unraveling its forensic significance and exploring how it can unlock critical insights in digital investigations.
info_outline
DFSP # 483 Cooking up Forensics with Chef
Digital Forensic Survival Podcast
In this week’s episode, I delve into strategies for integrating CHEF into your security investigations, unlocking new avenues for proactive defense and effective incident response.
info_outline
DFSP # 482 Unlocking Clues from Bash and Hidden Keys
Digital Forensic Survival Podcast
This week, we’re pulling back the curtain on SSH from a digital forensics perspective.
info_outline
DFSP # 481 Triage outside the Core
Digital Forensic Survival Podcast
In this week’s episode, I dive into rapid triage techniques for non-core Windows executables to uncover signs of malicious activity.
info_outline
DFSP # 480 Hidden risks of nested groups
Digital Forensic Survival Podcast
This week, I’m talking about nested groups in Windows Active Directory and the security risks they pose. Active Directory allows administrators to attach one group to another—often called nesting. While nesting can simplify account administration and permission management, it can also create real opportunities for attackers if...
info_outline
DFSP # 479 Scan, Score, Secure
Digital Forensic Survival Podcast
One of the essential skill sets for a DFIR analyst is the ability to understand the impact of vulnerabilities quickly. In many IR scenarios, you may find a newly discovered vulnerability or receive a scan that flags multiple potential weaknesses. To stay efficient, you must...
info_outline
DFSP # 478 SRUM
Digital Forensic Survival Podcast
This week, we’re exploring the System Resource Usage Monitor (SRUM) – a powerful source of forensic data within Windows operating systems. First introduced...
info_outline
DFSP # 477 SSH Triage
Digital Forensic Survival Podcast
In this episode, our focus is on understanding how attackers achieve lateral movement and persistence through Secure Shell (SSH)—and more importantly, how to spot the forensic traces...
info_outline
DFSP # 476 Service Host
Digital Forensic Survival Podcast
In this episode, we’ll take a focused look at how to triage one of the most commonly targeted Windows processes: svchost.exe. While the methods in this series generally apply to all Windows core processes, svchost is an especially important case because attackers...
info_outlineThis week, we’re focusing on the Windows Prefetch artifact—a cornerstone in Windows forensics, especially for user endpoint investigations. In this episode, I’ll break down the Prefetch artifact from an investigative perspective, covering how to effectively leverage its evidence in forensic analysis. I’ll also highlight any recent changes to the artifact that may impact its value, ensuring you’re aware of everything you need to know for your investigations.