Listen to talk about computer forensic analysis, techniques, methodology, tool reviews and more.
…
continue reading
1
DFSP # 458 Shellbags and PCA
18:11
18:11
Прослушать позже
Прослушать позже
Списки
Нравится
Нравится
18:11
In this episode, we’ll dive into two essential forensic artifacts in Windows: shellbags and the Program Compatibility Assistant (PCA). Shell bags provide valuable evidence of file and folder access, offering insights into user activity and file navigation. We’ll also explore PCA, which can reveal important information about file execution history. …
…
continue reading
The Linux subsystem for Windows, create both opportunity and challenges for forensic analysts. It makes Windows an excellent platform for multi platform forensic analysis tasks, allowing it to take advantage of the many Linux tools available. The challenges are foreseeable, you have Linux artifacts, now commingled on a Windows platform, which makes…
…
continue reading
1
DFSP # 456 network triage primer
32:05
32:05
Прослушать позже
Прослушать позже
Списки
Нравится
Нравится
32:05
In this episode, we’ll explore the fundamentals of network triage, focusing on the key aspects of network traffic that are central to many investigations. Additionally, we’ll discuss some of the essential tools you can use to analyze and manage network data effectively.
…
continue reading
1
DFSP # 455 Security Control Circumvention
33:29
33:29
Прослушать позже
Прослушать позже
Списки
Нравится
Нравится
33:29
Today, we’re going to explore how to handle a critical security event: Unauthorized Modification of Information. This type of event occurs when a user alters information in a system—whether it’s an application, database, website, server, or configuration files—without prior authorization. These modifications can range from impersonation and unautho…
…
continue reading
1
DFSP # 454 MFA Bypass Attacks
15:30
15:30
Прослушать позже
Прослушать позже
Списки
Нравится
Нравится
15:30
This week I talk about the attack methods being used to bypass MFA. We'll learn about real-world cases where MFA was circumvented, and discover best practices to strengthen defenses against these types of attacks...
…
continue reading
1
DFSP # 453 Windows Startup Locations
18:19
18:19
Прослушать позже
Прослушать позже
Списки
Нравится
Нравится
18:19
In today’s episode, we’ll focus on startup folders, which are perhaps the easiest to triage among all persistence mechanisms. But before diving in, let’s recap the journey so far to underscore the importance of a comprehensive approach rather than a one-off tactic. Each triage area we've covered plays a crucial role in identifying and stopping atta…
…
continue reading
1
DFSP # 452 AI and DFIR
22:02
22:02
Прослушать позже
Прослушать позже
Списки
Нравится
Нравится
22:02
In 2024, AI has not only revolutionized how we defend against cyber threats but also how those threats are being carried out. We'll explore how AI is enabling faster, more efficient security incident responses, with real-world examples of its application in automated threat detection and response, advanced forensics, and more. But with every techno…
…
continue reading
1
DFSP # 451 SQL Triage
26:26
26:26
Прослушать позже
Прослушать позже
Списки
Нравится
Нравится
26:26
SQL injection poses significant risks by enabling attackers to access sensitive metadata, execute dynamic SQL commands, and alter system parameters. These actions can lead to unauthorized data access and system disruptions, especially if attackers gain elevated privileges. This week I'm talking about SQL attack patterns from a triage point of view …
…
continue reading
1
DFSP # 450 Secure coding and DFIR
19:34
19:34
Прослушать позже
Прослушать позже
Списки
Нравится
Нравится
19:34
I decided to talk this week about the Importance of Secure Coding Knowledge for Security Incident Response Investigations. Knowing secure coding principles helps identify the root causes of vulnerabilities and recognize attack patterns. It facilitates effective communication and collaboration with developers, ensuring accurate incident reports and …
…
continue reading
1
DFSP # 449 Zero-Day or Hero-Day
33:43
33:43
Прослушать позже
Прослушать позже
Списки
Нравится
Нравится
33:43
This week, we're covering zero-day vulnerability response from a Digital Forensics and Incident Response professional's perspective. In our roles, we often get involved in various tasks that require a security mindset, and one critical task is responding to zero-day vulnerabilities. To provide a real-world context, we'll integrate the recently disc…
…
continue reading
1
DFSP # 448 WebShell Forensics
20:14
20:14
Прослушать позже
Прослушать позже
Списки
Нравится
Нравится
20:14
Welcome to this week’s session, where we’ll delve into web shell forensics—an ever-critical topic in incident response investigations and threat-hunting strategies. Today, I’ll provide a breakdown that includes the latest developments, detailed triage techniques, and practical examples of what to look for during your investigations:…
…
continue reading
1
DFSP # 447 Linux Root Kits
32:39
32:39
Прослушать позже
Прослушать позже
Списки
Нравится
Нравится
32:39
Rootkits are hard to detect because they employ advanced stealth techniques to hide their presence. They can conceal processes, files, and network activities by altering system calls and kernel data structures. The deep system knowledge and specialized tools required for low-level analysis make rootkit detection complex and resource-intensive. Limi…
…
continue reading
1
DFSP # 446 Registry by EVTX
20:02
20:02
Прослушать позже
Прослушать позже
Списки
Нравится
Нравится
20:02
In previous episodes, we covered techniques for examining the Windows Registry, a critical component in identifying persistence mechanisms. We'll explore the registry but shift our focus to registry modification events as reported by Windows event logs
…
continue reading
1
DFSP # 445 Bash Triage
27:26
27:26
Прослушать позже
Прослушать позже
Списки
Нравится
Нравится
27:26
Bash history's forensic value lies in its ability to answer diverse investigative questions, making it a cornerstone artifact for Linux systems. It aids in triaging lateral movement, identifying reconnaissance activities, and detecting attempts at establishing persistence. This underscores the importance of structuring triage tasks around specific …
…
continue reading
1
DFSP # 444 A little assistance
28:41
28:41
Прослушать позже
Прослушать позже
Списки
Нравится
Нравится
28:41
The UserAssist key is a Windows Registry artifact that logs details about user activity, such as recently accessed programs and files. It encodes information on the frequency and last access time of items launched via Windows Explorer. This helps investigators understand user behavior and timeline of actions on a system, providing evidence of progr…
…
continue reading
1
DFSP # 443 - Standard Actions
38:48
38:48
Прослушать позже
Прослушать позже
Списки
Нравится
Нравится
38:48
Every incident response outfit should have a set of guidelines for their team which outlines the standard actions or common considerations for security investigations. In this episode, I highlight some of the key points for security teams with a special focus on initial actions which typically set the tone for success during the subsequent investig…
…
continue reading
1
DFSP # 442 - Database Response
31:10
31:10
Прослушать позже
Прослушать позже
Списки
Нравится
Нравится
31:10
Understanding the different types of databases is important for security incident response investigations, as databases are often targeted by attackers seeking sensitive information. Each database type—relational, NoSQL, in-memory, and cloud-based—has unique structures, query languages, and security mechanisms. Familiarity with these variations ena…
…
continue reading