DFSP # 475 - Set the tone
Ransomware attacks move quickly, making your initial response crucial in minimizing impact. This episode outlines critical first steps, from isolating infected machines to gathering key information an...
25 Mar 202520min
DFSP # 474 - Meta Paradise
Today's episode explores Apple Spotlight and its extended metadata—a powerful yet often overlooked forensic tool in the Mac ecosystem. Spotlight plays a critical role in uncovering digital evidence on...
18 Mar 202513min
DFSP # 473 - Why all the BINs
BIN directories (short for binary) store command binaries like CD, PWD, LS, Vi, and CAT. Every platform has multiple BIN directories: two in the root directory and two in each user directory. This epi...
11 Mar 202521min
DFSP # 472 - Windows Usual Suspects
Modern Windows systems use a tightly coordinated sequence of core processes to establish secure system and user environments. DFIR investigators and incident responders must understand the interrelati...
4 Mar 202516min
DFSP # 471 Mac Persistence
Today we're talking all about MacOS AutoRun locations and how to spot persistence mechanisms. We'll explore the ins and outs of property list files, launch daemons, system integrity protections, and t...
25 Feb 202517min
DFSP # 470 The Windows Taskhosts
This week I'm talking about the three task hosts. These are Windows core files, and they share not only similar names, but similar functionality. Because of this, there is the potential for confusion,...
18 Feb 202517min
DFSP # 469 Network Blocked Activity
Today's episode is all about Windows event logs that record blocked network connections. Blocked network events are interesting because they might signal that an attacker's secondary or tertiary tools...
11 Feb 202521min
DFSP # 468 Data Brokers & Ransomware
Today I cover an evolving threat in the cybersecurity world: data brokers. From a computer forensics standpoint, this threats pose unique challenges. While breaches capture headlines, data brokers pla...
4 Feb 202528min
