Detailed
Compact
Art
Reverse
July 7, 2020
This week is part 2 of the Mobile Attack series.
June 30, 2020
This week I interview Steve Whalen of SUMURI and we talk about effective ways to report forensic findings.
June 23, 2020
This week I talk about examining Windows systems for evidence of persistence.
June 16, 2020
This week I talk about a triage methodology for examining user activity.
June 9, 2020
This week I talk about mobile device compromise.
June 2, 2020
This week I talk about examining Conhost data for evidence of execution.
May 26, 2020
This week I interview Steve Whalen of SUMURI about Apple metadata.
May 19, 2020
This week I talk about a triage methodology for examining suspicious user accounts.
May 12, 2020
This week I talk about mobile device operating system and file system security, focusing specifically on applications.
May 5, 2020
This week I interview MSAB instructor Chris Currier about mobile forensics for new examiners.
April 28, 2020
This week I talk about persistence, malware analysis and identifying system owners.
April 21, 2020
This week I talk about SOF-ELK to take your timelines to a new level
April 14, 2020
This week I talk about CFF Explorer.
April 7, 2020
This week I talk with MSAB about DHASH, learn what it is and its use in DFIR investigations
March 31, 2020
This week I cover triaging CMSTP for remote execution
March 24, 2020
This week I explain why you need CyberChef in your toolbox
March 17, 2020
This week I talk DFIR triage for Microsoft Trusted Dev Utilities
March 10, 2020
This week I review resources aimed at teaching you Python
March 3, 2020
This week I interview Steve Whalen from SUMURI about the current Mac Forensic landscape
February 25, 2020
This week I talk about Pivot Tables and their value for DFIR investigations
February 18, 2020
This week I talk about common autorun locations to check during Mac exams
February 11, 2020
This week I talk about a fast triage methodology to detect persistence on Windows systems
February 4, 2020
This week I talk about tools available on the SIFT workstation... that you may not know or even there!
January 28, 2020
This week I talk breakdown certutil exploitation; what it is and methods to detect malicious usage
January 21, 2020
This week I talk about using layered drivers as an artifact to identify persistence
January 14, 2020
This week I talk about SOF ELK, a freely available pre-built virtual appliance for DFIR work
January 7, 2020
This week I start the year with my traditional "back-to-basics" episode, focusing on self-improvement themes and goals to consider
December 31, 2019
This week I talk about dealing with Base64 evidence.
December 24, 2019
This week I talk about identifying REGSVC \ REGASM abuse
December 17, 2019
This week I talk about different types of audit log clearing and detection strategies
December 10, 2019
This week I talk about using Hashdeep for forensic triage
December 3, 2019
This week I talk about LMD, an openly available tool to increase Linux security posture.
November 26, 2019
This week I talk about network forensic methodology.
November 19, 2019
This week I talk about autoLLR, a script to automate evidence collection on live Linux systems as well as artifact post processing.
November 15, 2019
This week I talk about the Windows Background Activity Monitor, an artifact that may be used to find evidence of execution.
November 5, 2019
This week I talk about some issues surrounding powershell when used as a digital forensic collection tool.
October 29, 2019
This week I talk about LOKI, a tool designed to help analyst scan for APT IOCs.
October 22, 2019
This week I talk about KAPE, a freely available forensic evidence collection and triage tool.
October 15, 2019
This week I talk about the common Linux file systems and what to expect when dealing with different hosts. 
October 9, 2019
This week I go over how to create a boot disk using the native capability of Ubuntu. You'll never have to rely on third-party tools again!
October 1, 2019
This week I breakdown container attack vectors for Cloud Incident Response.
October 1, 2019
This week I breakdown the SUDOERS file for forensic triage.
October 1, 2019
This week I talk about Powershell through the lens of the Service Control Manager.
October 1, 2019
This week I talk about NVMe, a data storage technology, from a forensic point of view.
September 30, 2019
This week I cover how to approach Linux binaries during investigations.
August 27, 2019
This week I continue the series about the DFIR changes on the horizon with cloud technology and focus on AWS EC2 forensics.
August 20, 2019
This week I talk about using WMI to create processes remotely.
August 13, 2019
This week I talk about Density Scout, an open source tool for malware triage.
August 6, 2019
This week I cover a resource you can use to develop windows remote execution triage methodology and threat hunting.
July 30, 2019
This week I talk about the Windows credential guard process.
July 23, 2019
This week I talk about OWASP's Number 10 vulnerability category from their top 10 list, insufficient logging and monitoring.
July 16, 2019
This week I talk about the most frequently seen attacker recon commands.
July 9, 2019
This week I talk about a popular Windows utility attackers often exploit.
July 2, 2019
This week I talk about incident response in container deployments.
June 25, 2019
This week I talk about OWASP's Number 9 vulnerability category from their top 10 list, components with known vulnerabilities.
June 18, 2019
This week I talk about the challenges of working with VMEM files for memory forensics.
June 11, 2019
This week I talk about the DFIR changes on the horizon with cloud technology.
June 4, 2019
This week I talk about Intel's emerging technology called Optane end it anticipated affects on DFIR investigations.
May 28, 2019
This week I talk about OWASP's Number 8 vulnerability category from their top 10 list, insecure deserialization.
May 21, 2019
This week I talk about the crypto attack landscape.
May 14, 2019
DFIR are professionals often worry if advances in artificial intelligence and automation are going to put them out of work. This week I address the issue and give my projection, based on expert sources, of what the future of forensics will look like.
May 7, 2019
I recently passed my certified ethical hacker certification test. This week I thought I would talk about why I chose the certification.
April 30, 2019
This week I talk about OWASP's Number 7 vulnerability category from their top 10 list, cross site scripting.
April 23, 2019
This week I talk about SVCHOST. This Windows core process is one of the most targeted artifacts that comes up again and again during investigations.
April 16, 2019
This week I go over how to approach windows core processes from the standpoint of fast triage methodology. Since these processes are found on all window systems it makes sense to develop and investigative approach that focuses on quickly reviewing each process for anomalies.
April 9, 2019
This week I talk about the investigative value of creating a mobile compromise assessment strategy.
April 2, 2019
This week I share my thoughts on DFIR job interviews. How to prepare. Things to consider. Pitfalls to avoid.
March 26, 2019
This week I talk about OWASP's Number 6 vulnerability category from their top 10 list, Security Misconfiguration. I explore the issue from a DFIR point of view.
March 19, 2019
This week I talk about all the fun you can have ethically hacking with SET
March 12, 2019
Serpico makes report writing suck less! Check it out.
March 5, 2019
This week I talk more about Linux triage methods.
February 26, 2019
This week I talk about OWASP's Number 5 vulnerability category from their top 10 list, Broken Access Control. I explore the issue from a DFIR point of view.
February 19, 2019
This week I discuss some techniques for comparing files and folders for DFIR investigations.
February 12, 2019
This week I share my thoughts on assessing DFIR career path progression.
February 5, 2019
This week I talk about the forensic value of YARA.
January 29, 2019
This week I talk about OWASP's Number 4 vulnerability category from their top 10 list, XXE attacks. I explore the issue from a DFIR point of view.
January 22, 2019
This week I talk about the Google Hacking Database.
January 15, 2019
This week I talk about CEWL, a freely available tool for crawling websites to produce unique wordlists (think password attacks!)
January 8, 2019
This week I talk about my new Github page and the autoweb script.
January 3, 2019
This week I talk about Applocker Bypass from a DFIR point of view.
December 27, 2018
This week I talk about OWASP's Number 3 vulnerability category from their top 10 list, sensitive data exposure. I explore the issue from a DFIR point of view.
December 18, 2018
This week I talk about tips for building a threat hunting program.
December 11, 2018
This week I break down webshells for threat hunting and incident response triage.
December 4, 2018
This week I talk about contacting Mimikatz through windows event log.
November 27, 2018
This week I talk about PDF analysis tools to check for malicious indictors in PDFs.
November 20, 2018
This week I talk about OWASP and why you should be paying attention.
November 13, 2018
Tips from the DFIR Trenches
November 6, 2018
This week I breakdown CRON for the uninitiated.
October 30, 2018
This week I talk about investigation strategies for logon events.
October 23, 2018
This week I talk about PCAP hunting strategies.
October 16, 2018
This week I interview Craig Rowland of Sandfly Security about crypto-mining attacks on Linux systems. Learn more about Sandfly at https://www.sandflysecurity.com
October 9, 2018
This week I talk about OWASP and why you should be paying attention.
October 2, 2018
This week I talk about the attack methodology known as Fast Flux.
September 25, 2018
This week I talk about details about what to look at in Scheduled Task records for forensic triage.
September 18, 2018
This week I talk about details about what to look at in Scheduled Task records for forensic triage.
September 11, 2018
This week I talk OfficeMalScanner, a malware scanner for Microsoft document
September 4, 2018
This week I talk Ultimate windows security
August 28, 2018
This week I talk about methodologies to investigate root cause during incident response investigations.
August 21, 2018
This week I talk about PIDS in their uses and computer forensic investigations.
August 14, 2018
This week I talk about scoping network connections as part of incident response triage
Loading earlier episodes...
    15
    15
      0:00:00 / 0:00:00