DFSP # 467 CVSS in Action
The Common Vulnerability Scoring System (CVSS) is a powerful tool for assessing the severity and impact of security vulnerabilities. In digital forensics and incident response, CVSS scores can provide...
28 Jan 202528min
DFSP # 466 Malware Triage for File Types
Understanding the behavior and characteristics of common file types used in attacks, such as executables, scripts, and document files, is essential for effective analysis. In this episode, we will exp...
21 Jan 202523min
DFSP # 465 Network Permit Events
Windows permit events, often overlooked, offer valuable details about allowed network connections that can reveal patterns of malicious activity. In this episode, we will dive into how analyzing these...
14 Jan 202523min
DFSP # 464 Risk Assessments for DFIR
Security risk assessments can be a tool for guiding and prioritizing incident response investigations. By evaluating the potential impact and likelihood of various threats, these assessments provide a...
7 Jan 202522min
DFSP # 463 Prefetch
This week, we're focusing on the Windows Prefetch artifact—a cornerstone in Windows forensics, especially for user endpoint investigations. In this episode, I'll break down the Prefetch artifact from ...
31 Des 202414min
DFSP # 462 Malware Triage Part 1
This week, we're exploring malware triage techniques. Unlike full binary analysis, malware triage is often seen as an essential skill that every digital forensic and incident response professional sho...
24 Des 202429min
DFSP # 461 PSEXEC
This week, we're diving into how to triage for PSEXEC evidence. PSEXEC leaves traces on both the source and target systems, making it essential to identify artifacts on each to determine whether a sys...
17 Des 202416min
DFSP # 460 Executing Linux
Understanding how to search for executables is a critical skill in computer forensics. There are major differences in how executables are handled between Windows and Linux systems, so techniques that ...
10 Des 202417min
