
DFSP # 323 - SRUM
This week I'm talking about SRUM, a Windows artifact that you don't hear that much about. It has a lot of great potential as evidence and it is something worth the time to check it out and see how it ...
26 Huhti 202213min

DFSP # 322 - Live evidence integrity
This week is some thoughts on live evidence integrity. Years ago evidence validation was fairly standard with few exceptions. Nowadays it's more of a challenge when considering live evidence collectio...
19 Huhti 202217min

DFSP # 321 - URL Leaks
This week I will talk about investigating data spill cases involving exposed URLs. This is a typical privacy investigation many incident response teams handle and I thought it would be useful to go ov...
12 Huhti 202216min

DFSP # 320 - Lateral MM and Event Logs
This week I'm going to cover detecting lateral movement using Windows event logs. This is not the Windows fast triage method I covered in previous episodes. This is more in-depth and focuses on specif...
5 Huhti 202213min

DFSP # 319 - Shellbags
This week is a back to basics episode where I am going to cover Windows shellbags. This is a core Windows artifact that gets included in pretty much most every file use and knowledge investigation or ...
29 Maalis 202215min

DFSP # 318 - Rust and Chainsaw
This week I am talking about a program language called rust and the advantages it has for DFIR analyst. I'm also covering Chainsaw, a toolset that you can use for Windows event log analysis.
22 Maalis 202215min

DFSP # 317 - UserAssist
This week it's back to basics with a Windows artifact for tracking program execution. I'm covering the user assist key which is a mainstay for both live triage and dead box forensics. This artifact is...
15 Maalis 202217min

DFSP # 316 - Cloud Traffic Security
This week I am covering how different common protocols are secured in the cloud. Part of your effectiveness as a security analyst is your knowledge and understanding of how environments work in a typi...
8 Maalis 202212min










