Digital Forensic Survival Podcast

Listen to talk about computer forensic analysis, techniques, methodology, tool reviews and more.

DFSP # 496 Signed, Sealed, Exploited 08/19/2025

DFSP # 496 Signed, Sealed, Exploited /episode/index/show/digitalforensicsurvivalpodcast/id/37244320

DFSP # 495 Corrupted from within 08/12/2025

DFSP # 495 Corrupted from within /episode/index/show/digitalforensicsurvivalpodcast/id/37244275

DFSP # 494 the request is out there 08/05/2025

DFSP # 494 the request is out there /episode/index/show/digitalforensicsurvivalpodcast/id/37244270

DFSP # 493 Stop, Share, and Listen 07/29/2025

DFSP # 493 Stop, Share, and Listen /episode/index/show/digitalforensicsurvivalpodcast/id/37244240

DFSP # 492 A Bit of TCP 07/22/2025

DFSP # 492 A Bit of TCP /episode/index/show/digitalforensicsurvivalpodcast/id/37244220

DFSP # 491 INF-ltration: The Subtle Art of “Fetch and Execute” 07/15/2025

DFSP # 491 INF-ltration: The Subtle Art of “Fetch and Execute” /episode/index/show/digitalforensicsurvivalpodcast/id/37244210

DFSP # 490 Unveiling the USN Journal 07/08/2025

DFSP # 490 Unveiling the USN Journal /episode/index/show/digitalforensicsurvivalpodcast/id/37244200

DFSP # 489 Hidden Gateways 07/01/2025

DFSP # 489 Hidden Gateways /episode/index/show/digitalforensicsurvivalpodcast/id/37244185

DFSP # 488 SSH & Red Herrings 06/24/2025

DFSP # 488 SSH & Red Herrings /episode/index/show/digitalforensicsurvivalpodcast/id/36578210

DFSP # 487 Unmasking Malicious Activity with 4688 06/17/2025

DFSP # 487 Unmasking Malicious Activity with 4688 /episode/index/show/digitalforensicsurvivalpodcast/id/36578180

DFSP # 486 Squid Games 06/10/2025

DFSP # 486 Squid Games /episode/index/show/digitalforensicsurvivalpodcast/id/36578150

DFSP # 485 Certifiably Suspicious 06/03/2025

DFSP # 485 Certifiably Suspicious /episode/index/show/digitalforensicsurvivalpodcast/id/36578125

DFSP # 485 BAM! Packing Punch 05/27/2025

DFSP # 485 BAM! Packing Punch This week, I delve into the Windows BAM artifact, unraveling its forensic significance and exploring how it can unlock critical insights in digital investigations. /episode/index/show/digitalforensicsurvivalpodcast/id/36038415

DFSP # 483 Cooking up Forensics with Chef 05/20/2025

DFSP # 483 Cooking up Forensics with Chef In this week’s episode, I delve into strategies for integrating CHEF into your security investigations, unlocking new avenues for proactive defense and effective incident response. /episode/index/show/digitalforensicsurvivalpodcast/id/36038395

DFSP # 482 Unlocking Clues from Bash and Hidden Keys 05/13/2025

DFSP # 482 Unlocking Clues from Bash and Hidden Keys This week, we’re pulling back the curtain on SSH from a digital forensics perspective. /episode/index/show/digitalforensicsurvivalpodcast/id/36038315

DFSP # 481 Triage outside the Core 05/06/2025

DFSP # 481 Triage outside the Core In this week’s episode, I dive into rapid triage techniques for non-core Windows executables to uncover signs of malicious activity. /episode/index/show/digitalforensicsurvivalpodcast/id/36038290

DFSP # 480 Hidden risks of nested groups 04/29/2025

DFSP # 480 Hidden risks of nested groups This week, I’m talking about nested groups in Windows Active Directory and the security risks they pose. Active Directory allows administrators to attach one group to another—often called nesting. While nesting can simplify account administration and permission management, it can also create real opportunities for attackers if... /episode/index/show/digitalforensicsurvivalpodcast/id/35585835

DFSP # 479 Scan, Score, Secure 04/22/2025

DFSP # 479 Scan, Score, Secure One of the essential skill sets for a DFIR analyst is the ability to understand the impact of vulnerabilities quickly. In many IR scenarios, you may find a newly discovered vulnerability or receive a scan that flags multiple potential weaknesses. To stay efficient, you must... /episode/index/show/digitalforensicsurvivalpodcast/id/35585830

DFSP # 478 SRUM 04/15/2025

DFSP # 478 SRUM This week, we’re exploring the System Resource Usage Monitor (SRUM) – a powerful source of forensic data within Windows operating systems. First introduced... /episode/index/show/digitalforensicsurvivalpodcast/id/35585820

DFSP # 477 SSH Triage 04/08/2025

DFSP # 477 SSH Triage In this episode, our focus is on understanding how attackers achieve lateral movement and persistence through Secure Shell (SSH)—and more importantly, how to spot the forensic traces... /episode/index/show/digitalforensicsurvivalpodcast/id/35585815

DFSP # 476 Service Host 04/01/2025

DFSP # 476 Service Host In this episode, we’ll take a focused look at how to triage one of the most commonly targeted Windows processes: svchost.exe. While the methods in this series generally apply to all Windows core processes, svchost is an especially important case because attackers... /episode/index/show/digitalforensicsurvivalpodcast/id/35585810

DFSP # 475 - Set the tone 03/25/2025

DFSP # 475 - Set the tone Ransomware attacks move quickly, making your initial response crucial in minimizing impact. This episode outlines critical first steps, from isolating infected machines to gathering key information and initiating containment. Whether you’re a SOC analyst, incident responder, or the first to notice an attack, this framework is designed to help you regain control. Follow these guidelines to effectively mitigate the damage from the very start. /episode/index/show/digitalforensicsurvivalpodcast/id/35300385

DFSP # 474 - Meta Paradise 03/18/2025

DFSP # 474 - Meta Paradise Today’s episode explores Apple Spotlight and its extended metadata—a powerful yet often overlooked forensic tool in the Mac ecosystem. Spotlight plays a critical role in uncovering digital evidence on macOS. Both experienced forensic analysts and newcomers will find its capabilities essential. Let’s dive into the details. /episode/index/show/digitalforensicsurvivalpodcast/id/35300375

DFSP # 473 - Why all the BINs 03/11/2025

DFSP # 473 - Why all the BINs BIN directories (short for binary) store command binaries like CD, PWD, LS, Vi, and CAT. Every platform has multiple BIN directories: two in the root directory and two in each user directory. This episode explains the types of files in these directories and the purpose of each BIN directory. I will also clarify which directories are typically used by users versus those used by the root user. /episode/index/show/digitalforensicsurvivalpodcast/id/35300365

DFSP # 472 - Windows Usual Suspects 03/04/2025

DFSP # 472 - Windows Usual Suspects Modern Windows systems use a tightly coordinated sequence of core processes to establish secure system and user environments. DFIR investigators and incident responders must understand the interrelationships between processes such as Idle, SMSS, CSRSS, WININIT, and WINLOGON. Recognizing expected behaviors and anomalies in these steps is crucial for detecting potential system compromises. This episode demystifies the Windows 10/11 process flow and provides context for effective triage and analysis. /episode/index/show/digitalforensicsurvivalpodcast/id/35300350

DFSP # 471 Mac Persistence 02/25/2025

DFSP # 471 Mac Persistence Today we’re talking all about MacOS AutoRun locations and how to spot persistence mechanisms. We’ll explore the ins and outs of property list files, launch daemons, system integrity protections, and the recent changes in macOS that can impact your forensic examinations... /episode/index/show/digitalforensicsurvivalpodcast/id/34879865

DFSP # 470 The Windows Taskhosts 02/18/2025

DFSP # 470 The Windows Taskhosts This week I'm talking about the three task hosts. These are Windows core files, and they share not only similar names, but similar functionality. Because of this, there is the potential for confusion, which may allow an attacker to leverage these similarities and mask they are malware. My goal in this episode is to demystify the three different task hosts, and provide the necessary insight for proper triage if any of these files come up during your investigations. /episode/index/show/digitalforensicsurvivalpodcast/id/34879840

DFSP # 469 Network Blocked Activity 02/11/2025

DFSP # 469 Network Blocked Activity Today’s episode is all about Windows event logs that record blocked network connections. Blocked network events are interesting because they might signal that an attacker’s secondary or tertiary toolset isn’t working as intended. That’s good news from a security standpoint... /episode/index/show/digitalforensicsurvivalpodcast/id/34879820

DFSP # 468 Data Brokers & Ransomware 02/04/2025

DFSP # 468 Data Brokers & Ransomware Today I cover an evolving threat in the cybersecurity world: data brokers. From a computer forensics standpoint, this threats pose unique challenges. While breaches capture headlines, data brokers play a major (and sometimes overlooked) role in fueling cybercrime. In this session, we will explore how these threats operate, why they are dangerous, and how computer forensics professionals can combat them. /episode/index/show/digitalforensicsurvivalpodcast/id/34879780

DFSP # 467 CVSS in Action 01/28/2025

DFSP # 467 CVSS in Action The Common Vulnerability Scoring System (CVSS) is a powerful tool for assessing the severity and impact of security vulnerabilities. In digital forensics and incident response, CVSS scores can provide critical context to prioritize investigations and focus on the most significant risks. This episode I will explore how leveraging CVSS scoring enhances vulnerability assessments during incident response, enabling teams to make data-driven decisions. /episode/index/show/digitalforensicsurvivalpodcast/id/34348535

Digital Forensic Survival Podcast

TOPICS