DFSP # 439 - Remoting Windows
Digital Forensic Survival
by Digital Forensic Survival Podcast
2d ago
Remote Desktop Protocol (RDP) is a crucial artifact in digital forensics due to its extensive use for remote system access. Analyzing RDP activities can uncover vital information about unauthorized access, insider threats, and attacker lateral movement within a network. Forensic examination of RDP logs enables investigators to trace an attacker's steps, identify compromised accounts, and assess the breach's extent. For instance, RDP forensics can detect brute force attacks on login credentials, track the use of stolen credentials, and monitor suspicious reconnection attempts to previously esta ..read more
Visit website
DFSP # 438 - Old Nix
Digital Forensic Survival
by Digital Forensic Survival Podcast
1w ago
This week, I will be discussing the Linux operating system from a DFIR perspective. It is highly recommended for every examiner to become proficient in Linux, especially with the increasing prevalence of cloud-based infrastructures in enterprise environments. As these platforms become the norm, you can expect to encounter Linux systems frequently during your investigations ..read more
Visit website
DFSP # 436 - Ja-Who?
Digital Forensic Survival
by Digital Forensic Survival Podcast
3w ago
The JOHARI methodology simply provides a structure for something that you're probably already doing. However, with the structure comes a standard, which is the benefit to any security team. The team should be speaking the same language, especially in fast moving, dynamic situations. Going into a situation and asking for the "known – knowns” and “Blindspots" should register with every team member without any question about their definitions ..read more
Visit website
DFSP # 435 - Good Ol’ Powershell
Digital Forensic Survival
by Digital Forensic Survival Podcast
1M ago
Threat actors often exploit PowerShell in cyber attacks due to its capabilities and integration with Windows operating systems. Microsoft has cited powershell as one of the most commonly used tools in the attack chain. It also comes up in phishing campaigns and other attacks that include infecting URL links. The challenge lies in the fact that it is a commonly used administration tool. As an analyst, you can expect to have lots of powershell scripts and commands come up during your investigations. Your job is to be able to differentiate between the good and bad. Fortunately, this episode is go ..read more
Visit website
DFSP # 434 - The Reg
Digital Forensic Survival
by Digital Forensic Survival Podcast
1M ago
The Windows registry is a hierarchical database that stores configuration settings and options on Microsoft Windows operating systems. It contains settings for low-level operating system components as well as for applications running on the platform. In order to make use of any of this information, you must understand the registry from a DFIR point of view, and that's exactly what I'm doing in this episode ..read more
Visit website
DFSP # 433 - SU DOs and DONTS
Digital Forensic Survival Podcast
by Digital Forensic Survival Podcast
1M ago
On a Linux or Mac system, there can be user accounts that have the ability of privilege escalation. Knowing how to triage, for this has a twofold benefit: (1) you obviously want to know which account may elevate to route privileges. If you're doing account triage, these are the ones you should prioritize. The other benefit (2) is to identify any account that can escalate. This fact alone ..read more
Visit website
DFSP # 432 - Control Bits
Digital Forensic Survival Podcast
by Digital Forensic Survival Podcast
1M ago
TCP control bits are part of the TCP header and are used to manage the connection between two devices. These control bits are single-bit flags that indicate various aspects of the TCP connection and are important for understanding and analyzing network traffic ..read more
Visit website
DFSP # 431 - Finding Needles
Digital Forensic Survival Podcast
by Digital Forensic Survival Podcast
2M ago
The time it takes from an initial escalation to the initial discovery of compromise is a key metric. Teams strive to do this as quickly as possible, but there are a number of challenges. You do not know what you're going to be handed, but you're pretty much guaranteed It's going to be a unique set of circumstances that require some type of customized or mostly customized response. So how do you accomplish this? Most analyst rely on a set of tried and true various techniques that can be used at scale. This week I'm going to cover a few of them, each being a critical technique you should be fami ..read more
Visit website
DFSP # 430 - Targeting Tasks
Digital Forensic Survival Podcast
by Digital Forensic Survival Podcast
2M ago
Windows Scheduled Tasks are often used by attackers to establish persistence. As an analyst, you want to be aware of the different windows event codes that record these details. These artifacts come up in just about every windows compromise assessment, consider them core triage skills. There are several events, all of which I will go over in this episode. I will break them down from a DFIR point of view and give you the triage methodology ..read more
Visit website
DFSP # 429 - Career Moves
Digital Forensic Survival Podcast
by Digital Forensic Survival Podcast
2M ago
This week I talk about career moves for the DFIR professional. The skill set is valuable, but it must be combined with the right additional technical skills to maximize future job opportunities. Of course, there is one skill set that stands out above the rest ..read more
Visit website

Follow Digital Forensic Survival on FeedSpot

Continue with Google
Continue with Apple
OR