Digital Forensic Survival відкриті
[search 0]
більше

Download the App!

show episodes
 
Loading …
show series
 
When you talk autoruns you must talk about the Windows registry. This artifact is very dense and it may be difficult to zero in on the elements that are important for compromise assessment. Given that, I am going to begin the series with a breakdown of the Windows Registry from a DFIR point of view. This is crucial in understanding ...…
 
This week is about persistence artifacts. Namely the records for when services fail to start, are either started or stopped, have crashed have had their start type changed. Since services are one of the common ways attackers achieve persistence, understanding how these events may be used for triage purposes is very important...…
 
In the past I’ve talked about fast triage from a high-level, addressing the different artifacts and some interesting elements in each of those artifacts. I decided to start going a bit deeper and focus on one or a few artifacts at a time and really talk about the important details they may record for your investigation and how to interpret that inf…
 
Every so often I like to revisit certifications. Everyone seems to have their own opinion as to the value of one certification over another, whether or not certifications should carry as much weight as they do, or preference of certain certifications over others, and so on. In this episode I’m sharing my thoughts on the topic as well as how I would…
 
This week is a back to basics episode where I cover Windows shell bags. This is a core Windows artifact that gets included in pretty much every file use and knowledge investigation. Any investigation where you’re looking to tie a specific account to directory access activity. Like most Windows artifacts you must know how user interaction affects th…
 
Loading …

Короткий довідник

Google login Twitter login Classic login