Digital Forensic Survival Podcast
Digital Forensic Survival Podcast
Episodes
Digital Forensic Survival Podcast
Episodes of Digital Forensic Survival Podcast
Mark All
This week, I’m talking about nested groups in Windows Active Directory and the security risks they pose. Active Directory allows administrators to attach one group to another—often called nesting. While nesting can simplify account administrati
One of the essential skill sets for a DFIR analyst is the ability to understand the impact of vulnerabilities quickly. In many IR scenarios, you may find a newly discovered vulnerability or receive a scan that flags multiple potential weaknesse
This week, we’re exploring the System Resource Usage Monitor (SRUM) – a powerful source of forensic data within Windows operating systems. First introduced...
In this episode, our focus is on understanding how attackers achieve lateral movement and persistence through Secure Shell (SSH)—and more importantly, how to spot the forensic traces...
In this episode, we’ll take a focused look at how to triage one of the most commonly targeted Windows processes: svchost.exe. While the methods in this series generally apply to all Windows core processes, svchost is an especially important cas
Ransomware attacks move quickly, making your initial response crucial in minimizing impact. This episode outlines critical first steps, from isolating infected machines to gathering key information and initiating containment. Whether you’re a S
Today’s episode explores Apple Spotlight and its extended metadata—a powerful yet often overlooked forensic tool in the Mac ecosystem. Spotlight plays a critical role in uncovering digital evidence on macOS. Both experienced forensic analysts a
BIN directories (short for binary) store command binaries like CD, PWD, LS, Vi, and CAT. Every platform has multiple BIN directories: two in the root directory and two in each user directory. This episode explains the types of files in these di
Modern Windows systems use a tightly coordinated sequence of core processes to establish secure system and user environments. DFIR investigators and incident responders must understand the interrelationships between processes such as Idle, SMSS
Today we’re talking all about MacOS AutoRun locations and how to spot persistence mechanisms. We’ll explore the ins and outs of property list files, launch daemons, system integrity protections, and the recent changes in macOS that can impact y
This week I'm talking about the three task hosts. These are Windows core files, and they share not only similar names, but similar functionality. Because of this, there is the potential for confusion, which may allow an attacker to leverage the
Today’s episode is all about Windows event logs that record blocked network connections. Blocked network events are interesting because they might signal that an attacker’s secondary or tertiary toolset isn’t working as intended. That’s good ne
Today I cover an evolving threat in the cybersecurity world: data brokers. From a computer forensics standpoint, this threats pose unique challenges. While breaches capture headlines, data brokers play a major (and sometimes overlooked) role in
The Common Vulnerability Scoring System (CVSS) is a powerful tool for assessing the severity and impact of security vulnerabilities. In digital forensics and incident response, CVSS scores can provide critical context to prioritize investigatio
Understanding the behavior and characteristics of common file types used in attacks, such as executables, scripts, and document files, is essential for effective analysis. In this episode, we will explore practical approaches to triage malware,
Windows permit events, often overlooked, offer valuable details about allowed network connections that can reveal patterns of malicious activity. In this episode, we will dive into how analyzing these events can enhance network triage, enabling
Security risk assessments can be a tool for guiding and prioritizing incident response investigations. By evaluating the potential impact and likelihood of various threats, these assessments provide a structured framework to identify and mitiga
This week, we’re focusing on the Windows Prefetch artifact—a cornerstone in Windows forensics, especially for user endpoint investigations. In this episode, I’ll break down the Prefetch artifact from an investigative perspective, covering how t
This week, we’re exploring malware triage techniques. Unlike full binary analysis, malware triage is often seen as an essential skill that every digital forensic and incident response professional should master. In this episode, I’ll walk you t
This week, we’re diving into how to triage for PSEXEC evidence. PSEXEC leaves traces on both the source and target systems, making it essential to identify artifacts on each to determine whether a system was used as an attacker’s tool or was th
Understanding how to search for executables is a critical skill in computer forensics. There are major differences in how executables are handled between Windows and Linux systems, so techniques that work on Windows won’t always translate effec
Welcome to today’s episode! We’re diving into network triage, focusing specifically on listening ports. While we often look for active connections, identifying suspicious services listening on a port can be equally crucial in your investigation
In this episode, we’ll dive into two essential forensic artifacts in Windows: shellbags and the Program Compatibility Assistant (PCA). Shell bags provide valuable evidence of file and folder access, offering insights into user activity and file
The Linux subsystem for Windows, create both opportunity and challenges for forensic analysts. It makes Windows an excellent platform for multi platform forensic analysis tasks, allowing it to take advantage of the many Linux tools available. T
In this episode, we’ll explore the fundamentals of network triage, focusing on the key aspects of network traffic that are central to many investigations. Additionally, we’ll discuss some of the essential tools you can use to analyze and manage
Unlock more with Podchaser Pro
- Audience Insights
- Contact Information
- Demographics
- Charts
- Sponsor History
- and More!
- Account
- Register
- Log In
- Find Friends
- Resources
- Help Center
- Blog
- API
Podchaser is the ultimate destination for podcast data, search, and discovery. Learn More
- © 2025 Podchaser, Inc.
- Privacy Policy
- Terms of Service
- Contact Us