Info

The Forensic Lunch with David Cowen and Matthew Seyer

The Forensic Lunch! The twice a month podcast devoted to Digital Forensics and Incident Response!
RSS Feed Subscribe in iTunes
The Forensic Lunch with David Cowen and Matthew Seyer
2017
May
April
February


2016
September
August
July
April
March
February
January


2015
November
October
September
August
June


Categories

All Episodes
Archives
Categories
Now displaying: Page 2
Feb 27, 2016

It's the Forensic Lunch! The one hour, mostly, videocast/podcast all about DFIR!

This weeks guests:
Austin Colby, Joe Sylve and Vico Marziale from Black Bag talking about the newest additions to the new version coming out in a matter of days.

Jan 22, 2016

The Forensic Lunch!

The 1 hour, usually, videocast/podcast that brings you the latest in new DFIR research, topics and people.

This weeks guests:
Hal Pomeranz,@hal_pomeranz, of Deer Run associates talking about updates to his Linux Memory Grabber and some research into bash_history behavior.

You can get the linux memory grabber he discussed here https://github.com/halpomeranz/lmg

Hal can be reached at hal@deer-run.com

Eric Zimmerman,@EricRZimmerman, of Kroll's cyber security practice talking about prefetch and explaining his tool to get more, as well as whats new in Windows 10 prefetch

You can get Eric's prefetch parser here: https://github.com/EricZimmerman/Prefetch

http://www.kroll.com/en-us/who-we-are/kroll-experts/eric-zimmerman

Matthew and I showing how to use the hfs+ journal parser and what to do with it

You can get the HFS+ Journal parser here: https://www.gettriforce.com/product/hfs-journal-parser/

Jan 8, 2016

The first new lunch of the new year with

Sarah Holmes of the Foreman project (Open Source DFIR Matter Management), You can get a copy (and contribute to!) foreman here:
https://bitbucket.org/lowmanio/foreman/

You can contact Sarah here: sarah@lowmanio.co.uk

Michael Robinson of the Black T-Shirt Cyber Forensics Challenge talking about well the Black T-Shirt Cyber Forensics Challenge
You can join the Black T-Shirt Cyber Forensics Challenge here:
http://cyberforensicschallenge.com/

You can contact them at cyberforensicschallenge@gmail.com

Our FSEvents tool will be released just as soon as we write documentation for it. Want an early release for testing? Email me dcowen@g-cpartners.com

Nov 23, 2015

Forensic Lunch!

 

This episode we are live from Google in Mountain View, California getting an update on their development projects.

 

Included are:

LibYAL

Forensic Artifact project

GRR (Google Rapid Response)

Rekall memory analysis platform

Plaso

Timesketch and more!

 

Nov 23, 2015

Forensic Lunch!
This weeks guests:
Andrew Case,@attrc, from the Volatility Project talking about Volatility 2.5, new plugins and the winners of this years Volatility Plugin Contest

Yogesh Kahtri, from Champlain, talking about SRUM forensics in Windows 8.1+. A truly amazing new artifact

Matt and I talking about our new open source tool Elastic Handler

Nov 2, 2015

The Forensic Lunch!

 

In this episode we are broadcasting live from OSDFCon with the following content:

1. A revised set of rules from our popular forensic game. This time we follow $10,000 pyramid rules to see which of two forensic teams can win!

2. Brian Carrier from Basis Technology talking about whats new Autopsy 4.0

3. Rob Fry from Netflix talking about their new open source framework called Fido and hanging with Kevin Spacey

4. Matthew and I talking about our new automation, normalization and correlation framework ElasticHandler

Oct 15, 2015

This week on the forensic lunch we have:

Dave Hawkins talking about his firms currently unbeaten contest, lampbash.work

Chris Pavan, talking about his computer forensics program at Cal State Fullerton and his work in IR at Bechtel

James Habben talking about his web based front end to volatility called eVOLVe and all the cool things you can do with it

Oct 15, 2015

This broadcast we have:

Mari Degrazia talking about testing MFT parsers and what goes into them.

Lee Whitfield talking about the events of the week

Suzanne Widdup talking about her work on the Verizon DBIR and a solicitation for your involvement

A talk about Cortana's location tracking storage

 

Sep 14, 2015

Live from CEIC with Michael Robinson, Ronald Clark and more!

Sep 14, 2015

In this episode:
We discuss the Ashley Madison Data Leak and it's implications for DFIR
David Dym, @dave873, talks about the newest version of Metadiver and it's ability to show even more metadata, including the contents of pst files and extended mapi!
Get it at: www.easymetadata.com

Matthew and I talk about our new open source project GC LNK Parser which exposes all of the shell item data we didn't know was there! (Except Joachim Metz)

We also preview our integration of our tools to Elastic Search, a preview of our OSDF Con talk and a short talk about things to come in Triforce.

Also SANS FOR578, Cyber Threat Intelligence, is now available publicly! Learn more about it here:
https://www.sans.org/course/cyber-thr...

The SANS Poster on Rekall Memory forensics is out as well and you can get it here:
https://www.sans.org/security-resourc...

Sep 14, 2015

In this episode recorded in front of a live audience:
Our first game of Forensic Passphrase
Vitaliy Mokosiy of Atola talking about Atola Insight Forensic and its cool direct firmware controls
Brain Carrier of Basis Technology talking about Autopsy 3, Plugin development with Python and OSDF Con
Brian Moran of BriMor Labs talking about his live response scripts and new trends in attacker activities

Sep 14, 2015

Freedom Edition!
Join Matt and I and current guests:
Eric Zimmerman, talking deleted registry key analysis and new features in Registry Explorer and more!

You can get the #DFIRSummit release here:
https://www.dropbox.com/s/s7doopqpwxz...

Sep 14, 2015

Guests are Matt Bromiley

Dimitry from Bocasoft

Sep 14, 2015

Live from CEIC.  Ben LeMere from Berla, Jeff the Product Evanglist from Guidance Software, Amber Shroader from Paraben, and more!

Sep 14, 2015

The you should have filed your taxes edition!

This week is all about the Forensic 4cast awards. We cover all of the nominees and make our official votes.

Sep 14, 2015

The thank goodness April Fools day is over edition

Guests this week:
Devon Kerr talking about his work at Mandiant/Fireeye and his research into WMI for both IR and attacker usage.

You can email Devon here: devon.kerr@mandiant.com
and you can follow him on twitter here: https://twitter.com/_devonkerr_

Get cool tools from the Mandiant github here: https://github.com/mandiant

Watch Devon talk more about WMI and IR at the SANS DFIR Summit: http://dfir.to/1BvOw7G

Matthew and I going into the Automating DFIR series and our upcoming talk at CEIC

We are on the CEIC agenda here:
https://www.guidancesoftware.com/ceic...

Sep 14, 2015

We had another great Forensic Lunch! This broadcast we had:

James Carder of the Mayo Clinic, @carderjames, talking all about automating your response process to separate the random attacks from sophisticated attacks. You can hear James talk about this and much more at the SANS DFIR Summit where he'll be a panelist! If you want to work with James Mayo Clinic is hiring.

Mayo Clinic Infosec and IR Jobs: http://www.mayo-clinic-jobs.com/go/in...
Contact James Carder: carder.james@mayo.edu

Special Agent Eric Zimmerman of the FBI, @EricRZimmerman , talking about his upcoming in depth Shellbags talk at the SANS DFIR Summit as well as his new tool called Registry Explorer. RE and Eric's research into windows registries will be continued in the next broadcast. Whether you are interested in registries from a research, academic or investigative perspective this is a must see, and FREE, tool!

Eric's Blog: http://binaryforay.blogspot.com/
Eric's Github:https://github.com/EricZimmerman
Registry Explorer: http://binaryforay.blogspot.com/p/sof...

Sep 14, 2015

Guests this broadcast:

Ben LeMere of Berla talking about Vehicle Forensics, Embedded Systems, Cam bus networks and all the fun he's been having with doing forensics on car entertainment systems. You may be very surprised but what he has to say!
Lee Whitfield talking about Superfish, what happened and what you need to know.
Robin Keir of Crowdstrike talking about his research and role at Crowdstrike, specifically Superfetch and CrowdResponse


Show links
Ben LeMere
Website: http://Berla.co
Twitter: @BenLeMere

Lee Whitfield
Forensic 4cast Award Nominations:https://forensic4cast.com/forensic-4c...
Twitter: @lee_whitfield

Robin Keir
Website: http://www.crowdstrike.com/
Crowd Response:http://www.crowdstrike.com/community-...
Twitter: @RobinKeir

Sep 14, 2015

The after Thanksgiving Hangover edition:


This week we had Eric Zimmerman, @ericrzimmerman, talking about Shellbags, his tool Shellbag explorer and our research into new things we can determine from them.

Sep 14, 2015

We had an interesting Forensic Lunch today with:

Rob Fuller, @mubix, talking about his new project, project mentor http://www.projectmentor.net/ where Rob is offering to help mentor you into developing the real technical skills in infosec and dfir to get into the industry and other noble aspirations.

David Dym, @dave873, talking about the latest version of Metadiver which is available to download at http://www.easymetadata.com/wp/ which can crawl a directory and pull out all the metadata it can find into xls, json, xml and other formats. He also makes shadowkit.

Kevin Stokes talking about how to extend and expand our USB Multiboot Dongle, you can download the dongle image here: https://mega.co.nz/#!i45WhQya!SQILk0T...

Zoltan Szabo, talking about his stance on Digital Forensics as a science.You can email him at zoltandfw@gmail.com if you want to give your feedback to his opinions.

Sep 14, 2015

This week with:

Yogesh Kahtri talking about his Windows 8 registry forensics research (You can read it here http://www.swiftforensics.com/ and email him yogesh@swiftforensics.com)


Dan Pullega talking about his extensive research into Windows Shellbags (http://www.4n6k.com/2013/12/shellbags... and email Dan at dan.pullega@gmail.com)


David Dym talking about his new tool MetaDiver (You can download it here http://www.easymetadata.com/wp/)


and Matthew and myself talking about v3 of ANJP and demoing the auto detection of CD Burning.

Sep 14, 2015

Robert Haist, talking about his research with page_brute in recovering command execution and other fun things from the pagefile, read his blog about it here: http://blog.roberthaist.com/2013/12/r...

Amber Shroader, talking about Device Seizure 6.5 and a great discussion on what happens behind the scenes in your mobile forensics tools as well as the future of cloud phone data acquisition. You can find out more about Device Seizure here: http://www.paraben.com/device-seizure...

 

Joakim Schicht, discussing his tools and research, including how he approaches these projects and develops them. You can find his google code repository here: http://code.google.com/p/mft2csv/ with all the tools mentioned today and more!

Sep 4, 2015

The Forensic Lunch!

This week we have the Chief Evangelist of Accessdata Tim Leehealey, here to talk to us about FTK 6, whats going on at accessdata and your questions.

Aug 25, 2015

Anuj Soni, discussing webshells and attacker tools
Jason Trost, discussing the Modern Honey Net project he's working on at Threatstream
Matt Bromiley talking about the work we are done to extend the MHN reporting by integrating elastic search and Kibana to visualize the data

Show notes:
Anuj Soni:
Twitter: @asoni
• My SANS Webcast on web shells: https://www.sans.org/webcasts/closing...
• The upcoming FOR610 course in Monterey: http://www.sans.org/event/dfir2015/co...
• My bio and instructor page: http://www.sans.org/instructors/anuj-...
- Webacoo https://github.com/anestisb/WeBaCoo

Jason Trost:
Twitter: @jason_trost
Threatstream Github: https://github.com/threatstream
Jason's Github: https://github.com/jt6211
Modern Honey Network:http://threatstream.github.io/mhn/
Threatsream: http://threatstream.com/

Matt Bromiley:
Twitter: @505forensics
Blog: http://www.505forensics.com/
MHN Visualization Series: http://www.505forensics.com/honeypot-...
http://www.505forensics.com/honeypot-...
http://www.505forensics.com/honeypot-...

Lee Whitfield:
Twitter: @lee_whitfield
Forensic 4cast awards nomination:https://forensic4cast.com/forensic-4c...
Facebook Threatexchange: https://threatexchange.fb.com/

Aug 25, 2015

This weeks guests:
Kyle Maxwell - Threat Intel and Honeypots
Lenny Zeltser - Malware Reversing, attacker tools and capturing malware

To join the community MHN project discussion on this show email us at forensichoney@gmail.com

« Previous 1 2 3 4 5 Next »