
DFSP # 427 - MOF Balls
Windows management instrumentation, also known as WMI, is an App on Windows that allows a user to query all sorts of things about a system. Being native to Windows, it is an attractive target for a at...
23 Apr 202431min

DFSP # 426 - SSH Forensics: Log Analysis
This week I'm wrapping up my series on SSH forensics with a discussion on SSH log triage. Logs are usually what an analyst will start with, so this episode is important. There are a few different log ...
16 Apr 202422min

DFSP # 425 - SSH Forensics: Host-Based Artifacts
In the last episode on this topic, I covered SSH from a investigation point of view. I explained SSH and the artifacts that typically come up when your investigating. In this episode, we're getting in...
9 Apr 202430min

DFSP # 424 - SSH Forensics: Understanding Secure Shell
SSH is a protocol used to secure remote access to systems, making it a cornerstone in safeguarding sensitive information and ensuring secure communications. In this podcast, we will delve into the bas...
2 Apr 202423min

DFSP # 423 - Guiding Lights: Cyber Investigations Investigation Lifecycle
This week I'm discussing a fundamental aspect of cybersecurity: incident response preparation. Effective incident response is paramount, and preparation is the key to success. This preparation include...
26 Mar 202430min

DFSP # 422 - EVTX Express: Cracking into Windows Logs Like a Pro
Today I'm talking Windows forensics, focusing on Windows event logs. These logs are very valuable for fast triage, often readily available in your organization's SIEM. But have you ever wondered about...
19 Mar 202421min

DFSP # 421 - Memory Lane: Fileless Linux Attacks Unraveled
In this podcast episode, we talk about Linux's `memfd` – a virtual file system allowing the creation of anonymous memory areas for shared memory or temporary data storage. Threat actors exploit `memfd...
12 Mar 202425min

DFSP # 420 - Failing, Stopping and Crashing
This week we explore into the world of Windows service event codes and their role in forensic investigations. Windows services are background processes crucial for system functionality, running indepe...
5 Mar 202422min


















