Digital Forensic Survival Podcast
Technology
Today I'm talking Windows forensics, focusing on Windows event logs. These logs are very valuable for fast triage, often readily available in your organization's SIEM. But have you ever wondered about the processes enabling this quick access? Not only are the logs automatically collected and fed into the appliance, but they are also formatted and normalized for easy data searchability. This is crucial, as the logs are originally in a complex format challenging to natively interpret. Now, picture a scenario where event logs are inaccessible through a security appliance—enter this week's topic: EVTX analysis options. Don't be caught unprepared.
DFSP # 428 - It’s all about that XML
DFSP # 427 - MOF Balls
DFSP # 426 - SSH Forensics: Log Analysis
DFSP # 425 - SSH Forensics: Host-Based Artifacts
DFSP # 424 - SSH Forensics: Understanding Secure Shell
DFSP # 423 - Guiding Lights: Cyber Investigations Investigation Lifecycle
DFSP # 421 - Memory Lane: Fileless Linux Attacks Unraveled
DFSP # 420 - Failing, Stopping and Crashing
DFSP # 419 - What the Flux
DFSP # 418 - Core Insights: Navigating MFT in Forensics
DFSP # 417 - Unlocking Linux Secrets
DFSP # 416 - Persistence Mechanisms on Windows
DFSP # 415 - Dealing with Third-Party Incidents
DFSP # 414 - CRON Forensics
DFSP # 413 - Ransomware Initial Response
DFSP # 412 - Conhost Forensics
DFSP # 411 - NTLM Credential Validation
DFSP # 410 - Linux Temp Directories
DFSP # 409 - Regsvcs and Regasm Abuse
Create your
podcast in
minutes
It is Free
Insight Story: Tech Trends Unpacked
Zero-Shot
Fast Forward by Tomorrow Unlocked: Tech past, tech future
Black Wolf Feed (Chapo Premium Feed Bootleg)
Bannon`s War Room