This Is A Custom Widget

This Sliding Bar can be switched on or off in theme options, and can take any widget you throw at it or even fill it with your custom HTML Code. Its perfect for grabbing the attention of your viewers. Choose between 1, 2, 3 or 4 columns, set the background color, widget divider color, activate transparency, a top border or fully disable it on desktop and mobile.

This Is A Custom Widget

This Sliding Bar can be switched on or off in theme options, and can take any widget you throw at it or even fill it with your custom HTML Code. Its perfect for grabbing the attention of your viewers. Choose between 1, 2, 3 or 4 columns, set the background color, widget divider color, activate transparency, a top border or fully disable it on desktop and mobile.

Podcast

/Podcast
­

DFSP # 050 – Virtual Machine Forensics

By |January 31st, 2017|Podcast, SDF Series|

Virtual Machine Forensics This week I talk File Use & Knowledge investigations involving virtual machines. This is mainly from a dead-box exam point-of-view. Show Notes VM Files - The Breakdown VMDK - Virtual Hard drive. What you can mount (sometimes) with a forensic tool to triage or image. VMSS [...]

DFSP # 049 – Get your SRUM on!

By |January 24th, 2017|Podcast, SDF Series|

SRUDB.DAT Survival This week I talk about SRUM, a windows artifact with some significant forensic value for both File Use & Knowledge investigations as well as Incident Response. Show Notes Forensic Breakdown SRUDB.dat - Windows file that records all sorts of system information by way of the Windows System Resource [...]

DFSP # 048 – Evidence Integrity On-Scene

By |January 17th, 2017|Podcast, SDF Series|

Evidence Integrity On-Scene This week I talk about considerations for digital evidence integrity when collection evidence on-scene from a live system. Show Notes Hashing Tools Mentioned GetHashes.sh is a simple bash script that quickly calculates MD5 and SHA1 hashes for all files in the same directory as the script. This [...]

DFSP # 047 – Epoch Time Survival

By |January 10th, 2017|Podcast, SDF Series|

Epoch Time Survival This week I talk about surviving mobile App timestamps. Show Notes Getting your head wrapped around the types of epoch timestamps you may encounter has certain advantages. Oftentimes you may be dealing with a third party mobile app where you must do manual analysis [...]

DFSP # 046 – DFIR New Year

By |January 3rd, 2017|Podcast, SDF Series|

Happy New Year This week I share my thoughts on setting DFIR goals for the coming year. I go over seven points worth focusing on for professional development. Show Notes SDF Training Class of the Week

DFSP # 045 – RUN DMA

By |December 27th, 2016|Mac Forensics, Podcast, SDF Series|

Direct Memory Access for Bypassing Passwords This week I talk DMA (direct memory access) exploits as a technique to bypass passwords of a live system to conduct imaging - with legal authority of course. Show Notes DMA as a Forensic Helper Direct Memory Access (DMA) exploitation works over [...]

DFSP # 044 – Automated File Intelligence

By |December 20th, 2016|Podcast, SDF Series|

Automated File Intel This week I talk about a useful automated file intelligence resource for dead box exam as well as IR investigations. Show Notes Utilizing hashsets is a standard method of increasing computer forensic triage efficiency for dead box exams and incident response investigations alike. There are a [...]

DFSP # 043 – Imaging a Mac: Survival Tips

By |December 13th, 2016|Mac Forensics, Podcast, SDF Series|

Tips for Imaging a Mac This week I go over survival tips for imaging a Mac. Show Notes Sources: Mac Fusion Drive  https://en.wikipedia.org/wiki/Fusion_Drive MAC C Port  http://www.macworld.com/article/2894423/thunderbolted-usb-c-is-our-new-connection-overlord-get-used-to-it.html     SDF Training Class of the Week

DFSP # 042 – Windows 10 Prefetch

By |December 6th, 2016|Podcast, SDF Series|

Windows 10 Prefetch Forensics This week I about the format change for Windows 10 Prefetch files as well as a freely available tool to decompress and present .pf file data. Show Notes  Details Windows 10 .pf files are compressed in MAM format (Xpress Huffman Algorithm), note the "MAM" signature. [...]

DFSP # 041 – Trash Talkin’

By |November 29th, 2016|Podcast, SDF Series|

.Trash Artifacts on Mac This week I'm talking .Trash. I cover the forensic basics of this Mac artifact that examiners need to know. Show Notes I have written two articles on .trash previously, here are the links: http://digitalforensicsurvivalpodcast.com/2016/02/14/plist-survival-is-trash-set-to-secure-erase/ http://digitalforensicsurvivalpodcast.com/2016/02/14/tale-of-two-trashes/ SDF Training Class of the [...]