This week I talk about finding evidence of Kernel file masquerading on Linux systems.
15:16
This week I talk about how to find evidence of malicious autoruns in the windows registry.
18:52
This week I talk about the forensic value of the Apple Spotlight DB.
18:22
DFSP # 343 - Registry aka The Dungeon Maze
When you talk autoruns you must talk about the Windows registry. This artifact is very dense and...
11:31
This week I talk about the attack methodology known as Fast Flux.
14:07
DFSP # 341 - Those other taskers
This week’s focus is on other scheduled task events useful for DFIR triage.
14:41
DFSP # 340 - PSEXEC, ready or not
This week I talk about a popular Windows utility attackers often exploit.
17:05
DFSP # 339 - That SUDO that you do
This week I breakdown the SUDOERS file for forensic triage.
15:13
This week’s focus is on new scheduled tasks, which are a common way of establishing longevity on...
20:12
The must-attend event for Cyber First Responders who must detect and deal with ransomware,...
18:53
This week I talk about the Windows Background Activity Monitor, an artifact that may be used to...
12:11
This week I breakdown CRON for the uninitiated.
13:01
This week is about persistence artifacts. Namely the records for when services fail to start, are...
21:31
This week is about bash history forensics.
18:30
In the past I’ve talked about fast triage from a high-level, addressing the different artifacts...
16:03
Every so often I like to revisit certifications. Everyone seems to have their own opinion as to...
16:23
This week is a back to basics episode where I cover Windows shell bags. This is a core Windows...
16:53
DFSP # 328 - Linux Executables
If you are accustomed to Windows forensics you may find you have to shift your way of thinking...
15:34
DFSP # 327 - Persistence Part 1
One of the first things attackers attempt to accomplish on a compromised system is to establish...
14:11
Premium
Plus