Listen to talk about computer forensic analysis, techniques, methodology, tool reviews and more.
…
continue reading
1
DFSP # 423 - Guiding Lights: Cyber Investigations Investigation Lifecycle
30:51
30:51
Toista myöhemmin
Toista myöhemmin
Listat
Tykkää
Tykätty
30:51
This week I'm discussing a fundamental aspect of cybersecurity: incident response preparation. Effective incident response is paramount, and preparation is the key to success. This preparation includes comprehensive documentation, training, having the right tools and resources in place, and developing incident response plans and playbooks. It also …
…
continue reading
1
DFSP # 422 - EVTX Express: Cracking into Windows Logs Like a Pro
21:07
21:07
Toista myöhemmin
Toista myöhemmin
Listat
Tykkää
Tykätty
21:07
Today I'm talking Windows forensics, focusing on Windows event logs. These logs are very valuable for fast triage, often readily available in your organization's SIEM. But have you ever wondered about the processes enabling this quick access? Not only are the logs automatically collected and fed into the appliance, but they are also formatted and n…
…
continue reading
1
DFSP # 421 - Memory Lane: Fileless Linux Attacks Unraveled
25:42
25:42
Toista myöhemmin
Toista myöhemmin
Listat
Tykkää
Tykätty
25:42
In this podcast episode, we talk about Linux's `memfd` – a virtual file system allowing the creation of anonymous memory areas for shared memory or temporary data storage. Threat actors exploit `memfd` for fileless malware attacks, as its memory areas exist only in RAM, evading traditional file-based detection methods. Join me as I `memfd` as a for…
…
continue reading
1
DFSP # 420 - Failing, Stopping and Crashing
22:30
22:30
Toista myöhemmin
Toista myöhemmin
Listat
Tykkää
Tykätty
22:30
This week we explore into the world of Windows service event codes and their role in forensic investigations. Windows services are background processes crucial for system functionality, running independently of user interaction- making them ideal. Target were exploitation. Join me to explore the intricate details of Windows services and their signi…
…
continue reading
1
DFSP # 419 - What the Flux
27:49
27:49
Toista myöhemmin
Toista myöhemmin
Listat
Tykkää
Tykätty
27:49
This week, we're delving into the realm of fast flux, a cunning technique employed by attackers to cloak their true, malicious domains. Its effectiveness is the reason behind its widespread use, making it crucial for analysts to grasp its nuances and avoid chasing elusive ghosts during investigations. Stay tuned as I unravel the intricacies of fast…
…
continue reading
1
DFSP # 418 - Core Insights: Navigating MFT in Forensics
22:10
22:10
Toista myöhemmin
Toista myöhemmin
Listat
Tykkää
Tykätty
22:10
In this week's exploration, I'm delving into the intricate realm of the Master File Table (MFT), a pivotal forensic artifact in Windows investigations. The MFT provides a valuable gateway to decode evidence across various scenarios. Join me in this episode as we unravel the forensic basics, explore diverse use cases, and discover a range of tools t…
…
continue reading
1
DFSP # 417 - Unlocking Linux Secrets
32:20
32:20
Toista myöhemmin
Toista myöhemmin
Listat
Tykkää
Tykätty
32:20
This week I delve into the intriguing domain of Linux malware triage. The Linux platform presents forensic analysts with a unique opportunity to excel in performing malware triage effortlessly. The beauty of it lies in the fact that you don't require any specialized tools; all you need is a solid grasp of a few commands and the ability to decipher …
…
continue reading
1
DFSP # 416 - Persistence Mechanisms on Windows
25:56
25:56
Toista myöhemmin
Toista myöhemmin
Listat
Tykkää
Tykätty
25:56
This week I’m going to talk about New Service Installation details recorded in Windows event logs. These have a number of advantages for your triage methodology and I will have all the details coming up.
…
continue reading
1
DFSP # 415 - Dealing with Third-Party Incidents
20:32
20:32
Toista myöhemmin
Toista myöhemmin
Listat
Tykkää
Tykätty
20:32
Organizations leverage third-party services more and more for business advantages. For the security professional, this means the organizational data you're charged with protecting is under the control of a third-party in some way shape or form. In this episode, I cover third-party risk landscape for security professionals with a special focus on id…
…
continue reading
1
DFSP # 414 - CRON Forensics
14:18
14:18
Toista myöhemmin
Toista myöhemmin
Listat
Tykkää
Tykätty
14:18
Cron become important and Linux forensics when you’re talking about persistence. Think scheduled tasks if you want a Windows equivalent. The artifact is not that difficult to analyze once you understand the elements to focus on and it is typically readily available. It’s something that you can check out a live system, gather with a collection scrip…
…
continue reading
1
DFSP # 413 - Ransomware Initial Response
16:55
16:55
Toista myöhemmin
Toista myöhemmin
Listat
Tykkää
Tykätty
16:55
Ransomware cases can be particularly challenging, especially during the initial response. They tend to be fast-paced and require the responder to simultaneously prioritize a number of tasks. Each of these tasks can have critical impact upon the outcome of the response and subsequent investigation. In this episode I am going to cover some immediate …
…
continue reading
1
DFSP # 412 - Conhost Forensics
19:02
19:02
Toista myöhemmin
Toista myöhemmin
Listat
Tykkää
Tykätty
19:02
Conhost, or the Console Application Host, often comes up during investigations. Understanding what it is, the evidence may contain and how to extract that information becomes important...
…
continue reading
1
DFSP # 411 - NTLM Credential Validation
18:09
18:09
Toista myöhemmin
Toista myöhemmin
Listat
Tykkää
Tykätty
18:09
This week I'm talking about detecting evidence of lateral movement on Window systems using NTLM credential validation events. Much like the episode I did on Kerberos, NTLM events offer the same advantage of being concentrated on domain controllers, which allows you, as the analyst, leverage a great resource for user account analysis. I will have th…
…
continue reading
1
DFSP # 410 - Linux Temp Directories
15:38
15:38
Toista myöhemmin
Toista myöhemmin
Listat
Tykkää
Tykätty
15:38
Temporary directories play a significant role in computer forensic investigations as they can potentially contain valuable digital evidence. When conducting a computer forensic investigation, these temporary directories can provide insights into user activities, application usage, and potentially malicious behavior...…
…
continue reading
1
DFSP # 409 - Regsvcs and Regasm Abuse
11:14
11:14
Toista myöhemmin
Toista myöhemmin
Listat
Tykkää
Tykätty
11:14
This week I’m talking about Regsvcs /Regasm exploitation, which is a Windows tactic attackers use to evade defense mechanisms and execute code. Specifically, this technique can be used to bypass process whitelisting and digital certificate validation. I'll break down some interpretation methods that may be used to identify such exploitation....…
…
continue reading
This week I’m talking about Nested Groups and the risk they pose for security. Built-in to the functionality of Active Directory is the ability to attach a group to another group. While this has advantages for account administration across an organization, it also offers attackers opportunity if certain precautions are not taken. This week I’ll bre…
…
continue reading
1
DFSP # 407 - More About Lateral Movement and Kerberos
19:21
19:21
Toista myöhemmin
Toista myöhemmin
Listat
Tykkää
Tykätty
19:21
This week it's more about lateral movement and kerberos events.
…
continue reading