Digital Forensic Survival Podcast

Mar 04 2025 471 ep. 19 mins 5k
Digital Forensic Survival Podcast artwork

Listen to talk about computer forensic analysis, techniques, methodology, tool reviews and more.

  Technology  Science
RSS feed Share
Copy RSS


Subscribe on Podcast Addict


DFSP # 472 - Windows Usual Suspects

Mar 04 2025 16 mins  
Modern Windows systems use a tightly coordinated sequence of core processes to establish secure system and user environments. DFIR investigators and incident responders must understand the interrelationships between processes such as Idle, SMSS, CSRSS, WININIT, and WINLOGON. Recognizing expected behaviors and anomalies in these steps is crucial for detecting potential system compro

DFSP # 471 Mac Persistence

Feb 25 2025 17 mins  
Today we’re talking all about MacOS AutoRun locations and how to spot persistence mechanisms. We’ll explore the ins and outs of property list files, launch daemons, system integrity protections, and the recent changes in macOS that can impact your forensic examinations...

DFSP # 470 The Windows Taskhosts

Feb 18 2025 17 mins  
This week I'm talking about the three task hosts. These are Windows core files, and they share not only similar names, but similar functionality. Because of this, there is the potential for confusion, which may allow an attacker to leverage these similarities and mask they are malware. My goal in this episode is to demystify the three different task hosts, and provide the necessary

DFSP # 469 Network Blocked Activity

Feb 11 2025 21 mins  
Today’s episode is all about Windows event logs that record blocked network connections. Blocked network events are interesting because they might signal that an attacker’s secondary or tertiary toolset isn’t working as intended. That’s good news from a security standpoint...

DFSP # 468 Data Brokers & Ransomware

Feb 04 2025 28 mins  
Today I cover an evolving threat in the cybersecurity world: data brokers. From a computer forensics standpoint, this threats pose unique challenges. While breaches capture headlines, data brokers play a major (and sometimes overlooked) role in fueling cybercrime. In this session, we will explore how these threats operate, why they are dangerous, and how computer forensics professi

DFSP # 467 CVSS in Action

Jan 28 2025 28 mins  
The Common Vulnerability Scoring System (CVSS) is a powerful tool for assessing the severity and impact of security vulnerabilities. In digital forensics and incident response, CVSS scores can provide critical context to prioritize investigations and focus on the most significant risks. This episode I will explore how leveraging CVSS scoring enhances vulnerability assessments durin

DFSP # 466 Malware Triage for File Types

Jan 21 2025 23 mins  
Understanding the behavior and characteristics of common file types used in attacks, such as executables, scripts, and document files, is essential for effective analysis. In this episode, we will explore practical approaches to triage malware, focusing on key indicators and techniques for prioritizing investigations.

DFSP # 465 Network Permit Events

Jan 14 2025 23 mins  
Windows permit events, often overlooked, offer valuable details about allowed network connections that can reveal patterns of malicious activity. In this episode, we will dive into how analyzing these events can enhance network triage, enabling security teams to detect, scope, and respond to threats more effectively.

DFSP # 464 Risk Assessments for DFIR

Jan 07 2025 22 mins  
Security risk assessments can be a tool for guiding and prioritizing incident response investigations. By evaluating the potential impact and likelihood of various threats, these assessments provide a structured framework to identify and mitigate risks effectively. This episode will explore how integrating security risk assessments into incident response workflows enhances response

DFSP # 463 Prefetch

Dec 31 2024 14 mins  
This week, we’re focusing on the Windows Prefetch artifact—a cornerstone in Windows forensics, especially for user endpoint investigations. In this episode, I’ll break down the Prefetch artifact from an investigative perspective, covering how to effectively leverage its evidence in forensic analysis. I’ll also highlight any recent changes to the artifact that may impact its