DFSP # 026 - File Juicer
File Juicer is an easy to use data carving tool that runs on OS X. Take most any file, drop it on File Juicer, and watch it spin out embedded image, movie, document files and text. Perfect for on-scen...
16 Aug 201617min
DFSP # 025 - RAM Extraction Tools - Part 2
This is part two of RAM extraction tools. Part 1 looked at why RAM extraction is an important part of forensic analysis. In Part 2 the results of a benchmark experiment with four different RAM Extract...
9 Aug 201629min
DFSP # 024 - RAM Extraction Tools - Part 1
This episode is a two-parter looking at RAM extraction tools. Part 1 will take a look at why RAM extraction is an important part of forensic analysis. Part 2 will go over an experiment I did with four...
2 Aug 201620min
DFSP # 023 - Battle Royale: FTK vs EnCase vs WinHEX
This week I take a look at three popular computer forensic suites: FTK, Encase and WinHex. I offer my opinion as to the strengths and weaknesses of each.
25 Jul 201620min
DFSP # 022 - DFIR Certification Planning & Considerations
If you take a look at all the different DFIR certifications that exist today you can easily get overwhelmed. There are so many to choose from it puts meaning to the saying that too many choices is no ...
19 Jul 201630min
DFSP # 021 - The Honeynet Project
For those looking to get some real world hands-on experience in DFIR to build up or expand your skill set, check out honeynet.org. The non-profit offers information and challenges to help sharpen your...
12 Jul 201616min
DFSP # 020 - Amcache Forensics - Find Evidence of App Execution
This week I talk about Amcache Forensics, a Windows artifact that collects details about programs that have been run on a given system. This evidence can support malware/ intrusion investigations, fil...
5 Jul 201625min
DFSP # 019 - Password Cracking with Hashcat
The last talk in the Open-Source password cracking series focuses on a tool that rivals the pay tools in function and capability - Hashcat.
28 Jun 201624min
