The Forensic Lunch with David Cowen and Matthew Seyer

The Forensic Lunch! The twice a month podcast devoted to Digital Forensics and Incident Response!
RSS Feed Subscribe in Apple Podcasts
The Forensic Lunch with David Cowen and Matthew Seyer






All Episodes
Now displaying: Page 6
Aug 25, 2015

We had another great Forensic Lunch today, I hope you will consider making time in your Friday to watch it live someday as I think its just way more fun live. This week we had in order of appearance:

Jake Williams, @malwarejake, talking about the results of the SANS Endpoint Security survey and the positions they are looking to hire at the Mayo Clinic for those of you looking for senior DFIR positions!

You can also train with jake next month in Orlando and elsewhere, go here to see the classes he's teaching

SANS/Guidance Endpoint Security Survey Webcast -

Alissa's Memory Forensics Class - Orlando,

Jake's Log Management and Forensics Class - Orlando,

Jake and Alissa's Memory Forensics vLive class -

Brian Baskin, @bbaskin, talking about his research, blog (ghetto forensics), books (here is an amazon link), and his work at DC3 where they are looking for people interested in DFIR with a clearance who live in the Baltimore area! Reach out to him if you are interested.

Vladimir Katalov, @vkatalov, the CEO of Elcomsoft talking about upcoming research regarding iCloud key chain recovery from network traffic, Blackberry 10 backups, accessing cloud storage and which gpus work well for long term password cracking. You can go to elcomsoft's website here and these are my favorite tools they sell:

Elcomsoft Phone Password Breaker, great for cracking encrypted phone backups and accessing iCloud backups!

Elcomsoft iOS Toolkit,, great for low level working in iOS forensics.

Elcomsoft password cracking bundle,, a nice collection of there password cracking tools

Aug 25, 2015

This week with
Doug Collins, talking about his career in DFIR and how to become a regular Sunday Funday winner

Mark Spencer. @arsenalrecon, talking about his work at Arsenal Experts and their tools (Registry Recon and Arsenal Image Mounter)

Sebastian Nerz, @tirsales, discussing the state of DFIR in Germany/EU

Aug 25, 2015

Today's Forensic Lunch was great and really focused on IR and static malware analysis. If you are interested in either of those topics, boy do we have a great show for you. This week we had:

Jack Crook, @jackcr, talking about his work in IR, how he got started, his forensic challenges and his work in building local DFIR community. You can read his blog here,, and learn more about his community efforts in Virginia.

Marc Ochsenmeier, @ochsenmeier, giving us the history of his tool PeStudio and an overview of how it works as well as the future of the tool. His website is where you can download PeStudio for yourself as its free for non-commercial use!

Aug 25, 2015

Rob Fuller, @mubix, talking about his new project, project mentor where Rob is offering to help mentor you into developing the real technical skills in infosec and dfir to get into the industry and other noble aspirations.

David Dym, @dave873, talking about the latest version of Metadiver which is available to download at which can crawl a directory and pull out all the metadata it can find into xls, json, xml and other formats. He also makes shadowkit.

Kevin Stokes talking about how to extend and expand our USB Multiboot Dongle, you can download the dongle image here:!i45WhQya!SQILk0T...

Zoltan Szabo, talking about his stance on Digital Forensics as a science.You can email him at if you want to give your feedback to his opinions.

Aug 25, 2015

We have an amazing Forensic Lunch this week!

Robert Wallace & Matt Bromiley from talking about how they are using elastic search to work with big data breaches

Willi Ballenthin,+Willi Ballenthin talking about his work in DFIR and he's recently released tools working with NTFS. You can read Willi's blog here: and follow him on twitter @williballenthin

Brian Moran,+Brian Moran talking about his work in memory forensics, POS Malware and other fun topics. You can read Brian Moran's blog here: and follow him on twitter @brianjmoran

Aug 25, 2015

We had a very interesting Forensic Lunch this week! This weeks guests:

Ian Duffy, +Ian Duffy , talking about his research into the Microsoft Office compound file format.
You can read Ian's blogs on this topic here:

Andrew Case, +Andrew Case , discussing his work in the memory forensics and Volatility The Volatility project page is here: You can pre-order the memory forensics book here: You can find out more about Volatility training here: Volatility Community Documentation can be found here: You can find out more about Bsides NOLA here:
Read the blog analyzing ADD that Andrew talked about here:

Matthew and I showing the latest changes for this months Beta release of ANJP.

Aug 25, 2015

This weeks guests are:

Jacob Williams, @malwarejake, talking about his proof of concept code shown at shmoocon check it out here: and download the tool/memory samples here

Hal Pomeranz, @hal_pomeranz, talking about the scripts he's been sharing via GitHub for the DFIR Community:

Lee Whitfield, @lee_whitfield, talking about his new series of internet safety videos that you can show to your friends and family, found here:

Aug 25, 2015

Sarah Edwards talking about her OSX Forensics class for SANS, signup for the beta here:

Craig Ball talking about his work as a Special Master within the Civil Courts and his perspectives on DFIR, you can read more from Craig at his website:

Matthew and I talking about the v3 Beta, the NCCDC Red Team intern position opening for CCDC alumni and more.

Aug 25, 2015

Sean Conover from Sony Online Entertainment talking about his work doing memory analysis and forensics to stop game cheats. Follow him at

Nicole Ibrahim, now from G-C Partners, talking about her research into USB storage drivers including MSC, MTP and PTP. You can read Nicole's Blog here:

Lee Whitfield, from Digital Discovery, talking about the forensic 4cast awards which are now available for 2014 nominations! You can nominate someone here:

Aug 25, 2015

This week we had:
Rob Lee, @robtlee, talking about the new SANS FOR 408 class and the interesting journey into Windows 8 forensics.This included some really interesting discussions into artifacts being created across synced devices!
Mari DeGrazia, @maridegrazia, talking about her research into Google analytics cookies. This included a demo of her tool and its output. It allows you to recover so much more information if your trying to discover not only if a website was visited but at what times and to what extent.
Matthew and I talked about detecting files being created from alternative NTFS drivers, such as ntfs-3g, using artifacts within the $MFT only!

Aug 25, 2015

This week Mari DeGrazia join us to talk about her work building a python parser for recovering deleted data from SQLite databases and Eric Zimmerman came on to talk to us about passing the new X-ways Xpert certification and the upcoming OSTriage v2 which will be available for non law enforcement use!

You can read Mari's blog here:
To read up more on OsTraige read the forensic focus thread here:


Aug 25, 2015

Forensic Lunch 11/15/13
This week we have Kristinn Gudjonsson and Ryan Benson with us!

Download Kristinn’s Plaso slides from OSDF here:…
See his blog post regarding the visualization module here:…
Find the plaso code here:


Find Ryan’s Chrome history of artifacts chart here:…
Find Ryan’s tool Hindsight here:…

Aug 25, 2015

This week we have Sheryl Falk from Winston & Strawn talking about the legal side of breaches, Jonathan Rajewski from Champlain College talking about the undergrad and graduate programs at Champlain and Matthew and myself talking about big new changes in ANJP.


Sheryl is
Jonathan is

Aug 25, 2015

This week on the Forensic Lunch we have David Dym, Rebecca Henderson, Kevin Stokes, Lee Whitfield and myself.


Topics include setmace research and testing, automating metadata extraction with shell and com, manual mobile forensics, lab certification and the intern process in DFIR

Aug 25, 2015

IR Roundtable Part 3:

This week on the Forensic Lunch we finished the IR Roundtable with James Lohman and Kyle Maxwell.

Aug 25, 2015

Dave and Matthew talk about the updated GUI for ANJP, finding the actions programs leave behind in the file system to create signatures and more!

Aug 25, 2015

Forensic Lunch 10/11/13 IR Roundtable Part 2

Join us this week as we continue our IR Roundtable from last week with:
Darren Windham (NGO)
Joseph Shaw (Alvarez)
Kyle Maxwell (Verizon)
James Lohman (G-C)

Great topics regarding how to deal with and scope data exfiltration and dealing with lateral movement and attacker intelligence.

Aug 25, 2015

IR Roundtable Part 1

Forensic Lunch this week is a IR Round Table with:
James Lohman (G-C Partners)
Kyle Maxwell (Verizon Business)
Darren Windham (NGO)

Talking about methodologies for approaching incidents, triaging malware and showing ROI to executives

Aug 25, 2015

Guests this week:
Harlan Carvey
Zoltan Szabo
Jake Williams

Links for today:
Harlan's Blog:
Zoltan's Associates Degree:
Jake's FOR 610 Class:

Aug 25, 2015

Links for this week:

For the VCDB You can get an overview here: for VCDB.
The VCDB Github is located here:
And the currently open issues is here:

You can visit Tzworks here:

And get the tools shown today here:
LNK Parser:
Jump list parser:
Shellbag parser:
GENA here:

Aug 25, 2015

Joachim Metz and Kyle Maxwell talk about maintaining a forensics encylopedia that is accessable to everyone and more!

Aug 25, 2015

Eric Zimmerman discusses forensic imaging tools performance

Phil Hagen talks about his new SANS 572 course

Lee Whitfield asks about building a good forensics box

Aug 25, 2015

Kyle Maxwell talks about CryptoParty

James discusses Outlook Message Conversation Index

Dave and Matt show their Plist Parser

Aug 25, 2015

James talks about parsing MAPI information with a new script.

Kyle talks about research into public data breaches.

Joseph Shaw discusses the insider incidents.

Aug 25, 2015

Recap of the crimes against children conference and a tool update with Brian Lockery
Troubles trying to integrate TSK with Perl
The new book website!
The experience and value of a bachelors in computer forensics and more!

1 « Previous 1 2 3 4 5 6 7 Next » 7