Player FM - Internet Radio Done Right
179 subscribers
Checked 2d ago
Lagt til nine år siden
Innhold levert av Michael and Digital Forensic Survival Podcast. Alt podcastinnhold, inkludert episoder, grafikk og podcastbeskrivelser, lastes opp og leveres direkte av Michael and Digital Forensic Survival Podcast eller deres podcastplattformpartner. Hvis du tror at noen bruker det opphavsrettsbeskyttede verket ditt uten din tillatelse, kan du følge prosessen skissert her https://no.player.fm/legal.
Player FM - Podcast-app
Gå frakoblet med Player FM -appen!
Gå frakoblet med Player FM -appen!
Digital Forensic Survival Podcast
Merk alt (u)spilt...
Manage series 166409
Innhold levert av Michael and Digital Forensic Survival Podcast. Alt podcastinnhold, inkludert episoder, grafikk og podcastbeskrivelser, lastes opp og leveres direkte av Michael and Digital Forensic Survival Podcast eller deres podcastplattformpartner. Hvis du tror at noen bruker det opphavsrettsbeskyttede verket ditt uten din tillatelse, kan du følge prosessen skissert her https://no.player.fm/legal.
Listen to talk about computer forensic analysis, techniques, methodology, tool reviews and more.
…
continue reading
480 episoder
Merk alt (u)spilt...
Manage series 166409
Innhold levert av Michael and Digital Forensic Survival Podcast. Alt podcastinnhold, inkludert episoder, grafikk og podcastbeskrivelser, lastes opp og leveres direkte av Michael and Digital Forensic Survival Podcast eller deres podcastplattformpartner. Hvis du tror at noen bruker det opphavsrettsbeskyttede verket ditt uten din tillatelse, kan du følge prosessen skissert her https://no.player.fm/legal.
Listen to talk about computer forensic analysis, techniques, methodology, tool reviews and more.
…
continue reading
480 episoder
Alle episoder
×D
Digital Forensic Survival Podcast


1 DFSP # 480 Hidden risks of nested groups 13:59
13:59
Spill senere
Spill senere
Lister
Lik
Likt13:59
This week, I’m talking about nested groups in Windows Active Directory and the security risks they pose. Active Directory allows administrators to attach one group to another—often called nesting . While nesting can simplify account administration and permission management, it can also create real opportunities for attackers if...…
D
Digital Forensic Survival Podcast


One of the essential skill sets for a DFIR analyst is the ability to understand the impact of vulnerabilities quickly. In many IR scenarios, you may find a newly discovered vulnerability or receive a scan that flags multiple potential weaknesses. To stay efficient, you must...
D
Digital Forensic Survival Podcast


This week, we’re exploring the System Resource Usage Monitor (SRUM) – a powerful source of forensic data within Windows operating systems. First introduced...
D
Digital Forensic Survival Podcast


In this episode, our focus is on understanding how attackers achieve lateral movement and persistence through Secure Shell (SSH)—and more importantly, how to spot the forensic traces...
D
Digital Forensic Survival Podcast


In this episode, we’ll take a focused look at how to triage one of the most commonly targeted Windows processes: svchost.exe. While the methods in this series generally apply to all Windows core processes, svchost is an especially important case because attackers...
D
Digital Forensic Survival Podcast


Ransomware attacks move quickly, making your initial response crucial in minimizing impact. This episode outlines critical first steps, from isolating infected machines to gathering key information and initiating containment. Whether you’re a SOC analyst, incident responder, or the first to notice an attack, this framework is designed to help you regain control. Follow these guidelines to effectively mitigate the damage from the very start.…
D
Digital Forensic Survival Podcast


Today’s episode explores Apple Spotlight and its extended metadata—a powerful yet often overlooked forensic tool in the Mac ecosystem. Spotlight plays a critical role in uncovering digital evidence on macOS. Both experienced forensic analysts and newcomers will find its capabilities essential. Let’s dive into the details.…
D
Digital Forensic Survival Podcast


BIN directories (short for binary) store command binaries like CD, PWD, LS, Vi, and CAT. Every platform has multiple BIN directories: two in the root directory and two in each user directory. This episode explains the types of files in these directories and the purpose of each BIN directory. I will also clarify which directories are typically used by users versus those used by the root user.…
D
Digital Forensic Survival Podcast


Modern Windows systems use a tightly coordinated sequence of core processes to establish secure system and user environments. DFIR investigators and incident responders must understand the interrelationships between processes such as Idle, SMSS, CSRSS, WININIT, and WINLOGON. Recognizing expected behaviors and anomalies in these steps is crucial for detecting potential system compromises. This episode demystifies the Windows 10/11 process flow and provides context for effective triage and analysis.…
D
Digital Forensic Survival Podcast


Today we’re talking all about MacOS AutoRun locations and how to spot persistence mechanisms. We’ll explore the ins and outs of property list files, launch daemons, system integrity protections, and the recent changes in macOS that can impact your forensic examinations...
D
Digital Forensic Survival Podcast


This week I'm talking about the three task hosts. These are Windows core files, and they share not only similar names, but similar functionality. Because of this, there is the potential for confusion, which may allow an attacker to leverage these similarities and mask they are malware. My goal in this episode is to demystify the three different task hosts, and provide the necessary insight for proper triage if any of these files come up during your investigations.…
D
Digital Forensic Survival Podcast


Today’s episode is all about Windows event logs that record blocked network connections. Blocked network events are interesting because they might signal that an attacker’s secondary or tertiary toolset isn’t working as intended. That’s good news from a security standpoint...
D
Digital Forensic Survival Podcast


Today I cover an evolving threat in the cybersecurity world: data brokers. From a computer forensics standpoint, this threats pose unique challenges. While breaches capture headlines, data brokers play a major (and sometimes overlooked) role in fueling cybercrime. In this session, we will explore how these threats operate, why they are dangerous, and how computer forensics professionals can combat them.…
D
Digital Forensic Survival Podcast


The Common Vulnerability Scoring System (CVSS) is a powerful tool for assessing the severity and impact of security vulnerabilities. In digital forensics and incident response, CVSS scores can provide critical context to prioritize investigations and focus on the most significant risks. This episode I will explore how leveraging CVSS scoring enhances vulnerability assessments during incident response, enabling teams to make data-driven decisions.…
D
Digital Forensic Survival Podcast


1 DFSP # 466 Malware Triage for File Types 23:54
23:54
Spill senere
Spill senere
Lister
Lik
Likt23:54
Understanding the behavior and characteristics of common file types used in attacks, such as executables, scripts, and document files, is essential for effective analysis. In this episode, we will explore practical approaches to triage malware, focusing on key indicators and techniques for prioritizing investigations.…
Velkommen til Player FM!
Player FM scanner netter for høykvalitets podcaster som du kan nyte nå. Det er den beste podcastappen og fungerer på Android, iPhone og internett. Registrer deg for å synkronisere abonnement på flere enheter.