This Is A Custom Widget

This Sliding Bar can be switched on or off in theme options, and can take any widget you throw at it or even fill it with your custom HTML Code. Its perfect for grabbing the attention of your viewers. Choose between 1, 2, 3 or 4 columns, set the background color, widget divider color, activate transparency, a top border or fully disable it on desktop and mobile.

This Is A Custom Widget

This Sliding Bar can be switched on or off in theme options, and can take any widget you throw at it or even fill it with your custom HTML Code. Its perfect for grabbing the attention of your viewers. Choose between 1, 2, 3 or 4 columns, set the background color, widget divider color, activate transparency, a top border or fully disable it on desktop and mobile.

SDF Series

/SDF Series
­

DFSP # 053 – Top FU&K Plugins

By |February 21st, 2017|Podcast, SDF Series|

Volatility Plugins for File Use & Knowledge (FU&K) investigations. This week I talk about my favorite Volatility plugins for File Use & Knowledge investigations to get at the volatile evidence most often targeted during a dead box exam. Show Notes  Volatility Plugins for FU&K mftparser This plugin scans for [...]

DFSP # 052 – Free Your Mind

By |February 14th, 2017|Podcast, SDF Series|

Visualization Software for Computer Forensics This week I talk about FreeMind, a freely available visualization tool that can be used to enhance the computer forensic investigation process. Show Notes FreeMind is a free mind mapping software that may used to document and visualize computer forensic investigations, projects and [...]

DFSP # 051 – Analyzing PE Signatures

By |February 7th, 2017|Podcast, SDF Series|

Analyzing PE Signatures This week I talk about an openly available library and tool repository  all examiners should be aware of as well as a tool by Didier Stevens called "AnalyzePESig" which is perfect for bulk analysis of executables on Windows systems. Show Notes I am always on the [...]

DFSP # 050 – Virtual Machine Forensics

By |January 31st, 2017|Podcast, SDF Series|

Virtual Machine Forensics This week I talk File Use & Knowledge investigations involving virtual machines. This is mainly from a dead-box exam point-of-view. Show Notes VM Files - The Breakdown VMDK - Virtual Hard drive. What you can mount (sometimes) with a forensic tool to triage or image. VMSS [...]

DFSP # 049 – Get your SRUM on!

By |January 24th, 2017|Podcast, SDF Series|

SRUDB.DAT Survival This week I talk about SRUM, a windows artifact with some significant forensic value for both File Use & Knowledge investigations as well as Incident Response. Show Notes Forensic Breakdown SRUDB.dat - Windows file that records all sorts of system information by way of the Windows System Resource [...]

DFSP # 048 – Evidence Integrity On-Scene

By |January 17th, 2017|Podcast, SDF Series|

Evidence Integrity On-Scene This week I talk about considerations for digital evidence integrity when collection evidence on-scene from a live system. Show Notes Hashing Tools Mentioned GetHashes.sh is a simple bash script that quickly calculates MD5 and SHA1 hashes for all files in the same directory as the script. This [...]

DFSP # 047 – Epoch Time Survival

By |January 10th, 2017|Podcast, SDF Series|

Epoch Time Survival This week I talk about surviving mobile App timestamps. Show Notes Getting your head wrapped around the types of epoch timestamps you may encounter has certain advantages. Oftentimes you may be dealing with a third party mobile app where you must do manual analysis [...]

DFSP # 046 – DFIR New Year

By |January 3rd, 2017|Podcast, SDF Series|

Happy New Year This week I share my thoughts on setting DFIR goals for the coming year. I go over seven points worth focusing on for professional development. Show Notes SDF Training Class of the Week

DFSP # 045 – RUN DMA

By |December 27th, 2016|Mac Forensics, Podcast, SDF Series|

Direct Memory Access for Bypassing Passwords This week I talk DMA (direct memory access) exploits as a technique to bypass passwords of a live system to conduct imaging - with legal authority of course. Show Notes DMA as a Forensic Helper Direct Memory Access (DMA) exploitation works over [...]

DFSP # 044 – Automated File Intelligence

By |December 20th, 2016|Podcast, SDF Series|

Automated File Intel This week I talk about a useful automated file intelligence resource for dead box exam as well as IR investigations. Show Notes Utilizing hashsets is a standard method of increasing computer forensic triage efficiency for dead box exams and incident response investigations alike. There are a [...]