
DFSP # 443 - Standard Actions
Every incident response outfit should have a set of guidelines for their team which outlines the standard actions or common considerations for security investigations. In this episode, I highlight som...
13 Aug 202438min

DFSP # 442 - Database Response
Understanding the different types of databases is important for security incident response investigations, as databases are often targeted by attackers seeking sensitive information. Each database typ...
6 Aug 202431min

DFSP # 441 - CIS Benchmarks
CIS (Center for Internet Security) Benchmarks provide a comprehensive set of best practices for securing IT systems and data, which are vital for security response investigations. These benchmarks, de...
30 Jul 202426min

DFSP # 440 - ABCs of BECs
Business Email Compromise (BEC) forensics involves the meticulous investigation of cyberattacks where attackers infiltrate email systems to manipulate business communications for financial gain. These...
23 Jul 202424min

DFSP # 439 - Remoting Windows
Remote Desktop Protocol (RDP) is a crucial artifact in digital forensics due to its extensive use for remote system access. Analyzing RDP activities can uncover vital information about unauthorized ac...
16 Jul 202423min

DFSP # 438 - Old Nix
This week, I will be discussing the Linux operating system from a DFIR perspective. It is highly recommended for every examiner to become proficient in Linux, especially with the increasing prevalence...
9 Jul 202432min

DFSP # 437 - Windows Autoruns
In Windows forensics, understanding the intricacies of autorun functionalities and the Windows Registry is essential for effective incident response and investigation. Autorun mechanisms, which allow ...
2 Jul 202424min

DFSP # 436 - Ja-Who?
The JOHARI methodology simply provides a structure for something that you're probably already doing. However, with the structure comes a standard, which is the benefit to any security team. The team s...
25 Jun 202422min


















