
DFSP # 331 - New Services
In the past I've talked about fast triage from a high-level, addressing the different artifacts and some interesting elements in each of those artifacts. I decided to start going a bit deeper and focu...
21 Kesä 202216min

DFSP # 330 - Certifications
Every so often I like to revisit certifications. Everyone seems to have their own opinion as to the value of one certification over another, whether or not certifications should carry as much weight a...
14 Kesä 202216min

DFSP # 329 - Shellbags
This week is a back to basics episode where I cover Windows shell bags. This is a core Windows artifact that gets included in pretty much every file use and knowledge investigation. Any investigation...
7 Kesä 202216min

DFSP # 328 - Linux Executables
If you are accustomed to Windows forensics you may find you have to shift your way of thinking about executables when you are dealing with a Linux system. Unlike Windows, in Linux there is no fixed fi...
31 Touko 202215min

DFSP # 327 - Persistence Part 1
One of the first things attackers attempt to accomplish on a compromised system is to establish persistence. Unless you are dealing with a denial of service attack, most other attacker goals are cente...
24 Touko 202214min

DFSP # 326 - MFT
This week I'm covering the Master file table as a core forensic artifact for Windows investigations. This artifact has value is both a primary and secondary artifact and offers opportunity to decode e...
17 Touko 202214min

DFSP # 325 - Malware Triage Part 2
This week of talking malware fast triage. These are the techniques that are short of malware reverse engineering and allow analysts to identify malware and also get a sense of what it is does. This is...
10 Touko 202220min

DFSP # 324 - Malware Triage Part 1
This week of talking malware fast triage. These are the techniques that are short of malware reverse engineering and allow analysts to identify malware and also get a sense of what it is does. This is...
3 Touko 202216min











