DFSP # 459 listening ports
Welcome to today's episode! We're diving into network triage, focusing specifically on listening ports. While we often look for active connections, identifying suspicious services listening on a port ...
3 Des 202426min
DFSP # 458 Shellbags and PCA
In this episode, we'll dive into two essential forensic artifacts in Windows: shellbags and the Program Compatibility Assistant (PCA). Shell bags provide valuable evidence of file and folder access, o...
26 Nov 202418min
DFSP # 457 WSL
The Linux subsystem for Windows, create both opportunity and challenges for forensic analysts. It makes Windows an excellent platform for multi platform forensic analysis tasks, allowing it to take ad...
19 Nov 202425min
DFSP # 456 network triage primer
In this episode, we'll explore the fundamentals of network triage, focusing on the key aspects of network traffic that are central to many investigations. Additionally, we'll discuss some of the essen...
12 Nov 202432min
DFSP # 455 Security Control Circumvention
Today, we're going to explore how to handle a critical security event: Unauthorized Modification of Information. This type of event occurs when a user alters information in a system—whether it's an ap...
5 Nov 202433min
DFSP # 454 MFA Bypass Attacks
This week I talk about the attack methods being used to bypass MFA. We'll learn about real-world cases where MFA was circumvented, and discover best practices to strengthen defenses against these type...
29 Okt 202415min
DFSP # 453 Windows Startup Locations
In today's episode, we'll focus on startup folders, which are perhaps the easiest to triage among all persistence mechanisms. But before diving in, let's recap the journey so far to underscore the imp...
22 Okt 202418min
DFSP # 452 AI and DFIR
In 2024, AI has not only revolutionized how we defend against cyber threats but also how those threats are being carried out. We'll explore how AI is enabling faster, more efficient security incident ...
15 Okt 202422min
