Collaborate Disseminate
Every now and again, I have a need (re: “opportunity”) to compile a list of recorded speaking events. The reasons vary…there’s a particular message in one or more of the recordings, or someone wants to see/hear what was said, or it’s more about showi… Continue reading Speaking Engagements
I had the opportunity to speak at the recent ResponderCon, put on by Brian Carrier of BasisTech. I’ll start out by saying that I really enjoyed attending an in-person event after 2 1/2 yrs of virtual events, and that Brian’s idea to do something a bit … Continue reading ResponderCon Followup
Not long ago, Florian Roth shared some fascinating thoughts via his post, The Bicycle of the Forensic Analyst, in which he discusses increases in efficiency in the forensic review process. I say “review” here, because “analysis” is a term that is often… Continue reading Deconstructing Florian’s Bicycle
Not long ago, I posted about When Windows Lies, and that post really wasn’t so much about Windows “lying”, per se, as it was about challenging analyst assumptions about artifacts, and recognizing misconceptions. Along the same lines, I’ve also posted a… Continue reading AmCache Revisited
I’ve blogged a bit…okay, a LOT…over the years on the topic of parsing LNK files, but a subject I really haven’t touched on is LNK builders or generators. This is actually an interesting topic because it ties into the cybercrime economy quite nicely… Continue reading LNK Builders
I’ve talked and written about timelines as an analysis process for some time, in both this blog and in my books, because I’ve seen time and again over the years the incredible value in approaching an investigation by developing a timeline (including mi… Continue reading Analysis: Situational Awareness + Timelines
“When Windows Lies”…what does that really mean? Mari had a fascinating blog post on this topic some years ago; she talked about the process DFIR analysts had been using to that point to determine the installation date of the operating system. In… Continue reading When Windows Lies
During my time in the industry, I’ve seen a couple of interesting aspects of “information sharing”. One is that not many like to do it. The other is that, over time, content creation and consumption has changed pretty dramatically.Back in the day, folk… Continue reading Kudos and Recognition
That’s a good question.You go into work every day, sit down at your desk, log in…but who actually “owns” the systems and network that you’re using? Is it you, your employer…or someone else?Anyone who’s been involve in this industry for even a short… Continue reading Who "Owns" Your Infrastructure?
The Windows Registry is a magical place that I love to research because there’s always something new and fun to find, and apply to detections and DFIR analysis! Some of my recent research topics have included default behaviors with respect to running m… Continue reading Researching the Windows Registry