DFSP # 443 - Standard Actions
Every incident response outfit should have a set of guidelines for their team which outlines the standard actions or common considerations for security investigations. In this episode, I highlight som...
13 Aug 202438min
DFSP # 442 - Database Response
Understanding the different types of databases is important for security incident response investigations, as databases are often targeted by attackers seeking sensitive information. Each database typ...
6 Aug 202431min
DFSP # 441 - CIS Benchmarks
CIS (Center for Internet Security) Benchmarks provide a comprehensive set of best practices for securing IT systems and data, which are vital for security response investigations. These benchmarks, de...
30 Jul 202426min
DFSP # 440 - ABCs of BECs
Business Email Compromise (BEC) forensics involves the meticulous investigation of cyberattacks where attackers infiltrate email systems to manipulate business communications for financial gain. These...
23 Jul 202424min
DFSP # 439 - Remoting Windows
Remote Desktop Protocol (RDP) is a crucial artifact in digital forensics due to its extensive use for remote system access. Analyzing RDP activities can uncover vital information about unauthorized ac...
16 Jul 202423min
DFSP # 438 - Old Nix
This week, I will be discussing the Linux operating system from a DFIR perspective. It is highly recommended for every examiner to become proficient in Linux, especially with the increasing prevalence...
9 Jul 202432min
DFSP # 437 - Windows Autoruns
In Windows forensics, understanding the intricacies of autorun functionalities and the Windows Registry is essential for effective incident response and investigation. Autorun mechanisms, which allow ...
2 Jul 202424min
DFSP # 436 - Ja-Who?
The JOHARI methodology simply provides a structure for something that you're probably already doing. However, with the structure comes a standard, which is the benefit to any security team. The team s...
25 Jun 202422min
