The Forensic Lunch with David Cowen and Matthew Seyer

The Forensic Lunch! This week with Willi Ballenthin from the Mandiant FLARE Team talking about their tools

The Forensic Lunch! This week with Sarah Edwards and Jared Barnhart talking about iphone testing labs, app testing and decoding apple photos machine learning identified photo metadata

Forensic Lunch! This week with Jordan Barth talking about Azure and the Cloud!

Forensic Lunch! This week it's time for the second Annual National Collegiate Cyber Defense Competition Redteam AMA!

Forensic Lunch! This week with Google Incident Response Management Team! Learn how Google does IR Management and hear from Joachim Metz, James Nettesheim, Matt Linton and Alex Jager

Forensic Lunch! This week with Eric Zimmerman showing SQLite Explorer and Javier Marcos discussing OSCtrl for OSQuery

Forensic Lunch! This week with Yogesh Kahtri talking about MAC_APT, Brian Moran and Yuri Gubanov from Belkasoft

Forensic Lunch! This week with Michael Cohen doing an hour and a half of Velociraptor!

The Forensic Lunch! This week we are bringing Jad Saliba and Jessica Hyde from Magnet talking about the month of great content they've been hosting and the new things coming out of Magnet. In addition we will have the winner of the Magnet Virtual CTF 2020!

This week on the Forensic Lunch we had: Josh Brunty, @joshbrunty,  talking about his DFIR program at Marshall   https://www.marshall.edu/cyber/ Tom Pace of Blackberry Cyclance and Jim Arnold of KPMG talking about recent ransomware trends.  Kevin Pagano, @kevpagano3,  talking about his Sunday Funday and the Magnet Virtual CTF  Jack Farley, @jackfarley248,  talking about MEAT and the Magnet Virtual CTF  https://github.com/jfarley248/MEAT     You can watch it here: https://youtu.be/fPzSm-hofA0

      This week the Forensic Lunch went into Overtime! We went a full 25 minutes over the usual hour because we had so much to talk about. On this weeks show:   Matt Seyer (@forensic_matt) talked all about the etl parser and monitor he's working on in Rust! https://github.com/forensicmatt/RsWindowsThingies Oleg Skulkin (@oskulkin) talked about how he approaches Sunday Funday's (he's won 3!) and about his new blog post about the Windows FeatureUsage artifact.  https://www.group-ib.com/blog/featureusage Brian Marks (@briandfir) talked about how the Office365 UAL MailboxItemsAccessed Audit event works and what the entry details mean   Lee Whitfield (@lee_whitfield ) talked through the Forensic 4Cast Awards nominations that end in two weeks, and Matt and I gave who we will be nominating. https://forensic4cast.com/2020/02/2020-forensic-4cast-awards-nominations-are-open/  

  We had a jam packed Forensic Lunch today with a portion of the Google IR team today talking all about the open source tools they develop, use and support in their work at Google.   Specifically we had : Mikhail Bushkov giving a big update on GRR https://github.com/google/grr Johan Berggren (https://twitter.com/jberggren) and Kristinn Gudjonsson (https://twitter.com/el_killerdwarf) talking about Timesketch and Data science https://github.com/google/timesketch Aaron Peterson (https://twitter.com/aarontpeterson) talking about Turbinia https://github.com/google/turbinia Thomas Chopitea (https://twitter.com/tomchop_) talking about DTTimewolf https://github.com/log2timeline/dftimewolf Theo Giovanna talking about libcloudforensics aka cloudforensicutils https://github.com/google/cloud-forensics-utils/tree/master/libcloudforensics Joachin Metz (https://twitter.com/joachimmetz) - Talking about Plaso, libntfs and Libyal Plaso: https://github.com/log2timeline/plaso  Libfsntfs: https://github.com/libyal/libfsntfs Libyal: https://github.com/libyal Join them on the Open Source DFIR Slack: https://join-open-source-dfir-slack.herokuapp.com/   Read more about what they are doing on the Open Source DFIR Blog: https://osdfir.blogspot.com/

  Today on the Forensic Lunch we only had one guest, Zach Wasserman, from OSQuery technical steering committee. We only had one guest because we knew we would have so much to talk to Zach about! From OSQuery's future in the linux foundation, Kollide Fleet and other fleet managers to Zach's work at Dactiv, LLC you have alot waiting for you in this weeks broadcast.   You can reach Zach Wasserman on twitter @TheZachW or Zach can be reached at zach@dactiv.llc if you want to work with him!  

What a great Forensic Lunch today! On today's broadcast we had: Yuri Gubanov (@belkasoft) giving an update about whats going on at Belkasoft. Including their IOS 13.4 full file system acquisition using Checkm8, their new IR module in Belkasoft Evidence Center and a neat capability to do managed remote logical phone collections. Steve Gibson and Spencer Hendee (@stevegibson) from KPMG (disclaimer I work there too!) came on to discuss the really cool AWS Cloud IR Automation we've been working on. Brian Moran (@brimorlabs) social media maven and principal of BriMorLabs came on to discuss the Magnet Virtual Summit DFIRFIT 2020 where for a donation (and some excercise) you can get a cool prize pack shipped to you anywhere in the world! Register here: https://mvsdfirfit2020.com Caleb Queern (@HttpSecHeaders) also of KPMG came on to discuss the clearsite HTTP header. This was interesting as its a directive a website can give to a browser to tell it to clear/not store history or data about it. This will need to be tested, you can read more here https://w3c.github.io/webappsec-clear-site-data/ So great stuff this week, you can watch below. Otherwise next week we've already confirmed Zach Wasserman to come and talk about OSQuery and Kollide!

On this episode:   Mari Degrazia (@MariDegrazia) discussing her research into WinSCP and later movement, you can read more here: http://az4n6.blogspot.com/2020/02/detecting-laterial-movment-with-winscp.html Hal Pomeranz (@hal_pomeranz) talking about his new Linux Forensics course that you can download here: https://ia801406.us.archive.org/6/items/HalLinuxForensics/HalLinuxForens ics_archive.torrent Alex Levinson (@alexlevinson) Gave an update on the National Collegiate Cyber Defense Competition which as gone all virtual this year Matt Seyer (forensic_matt) talked about our upcoming SANS DFIR presentation and tools he's working on Sarah Edwards (@iamevltwin) gave colorful commentary and meaningful insights 

Live with Rick Holland, Ryan Johnson and Evan Dygert

The Forensic Lunch! This week with the Champlain Digital Forensics Association talking about the Defcon DFIR CTF and Martin Korman talking about his project regipy

This week with Alex Levinson from Uber

The Forensic Lunch! Sli.do link https://app2.sli.do/event/hzkazryr/live/questions This broadcast we are doing a live AMA from Reddit all about the NCCDC Redteam

The Forensic Lunch! Live from the Magnet User Summit 2019!

with Lance Spitzner talking about Sans Live Online, Jessica Hyde talking about the Magnet Virtual Summit

The Forensic Lunch 3/8/19! The twice a month, usually, podcast/videocast that's all about DFIR This week we have: Eric Zimmerman, talking about KAPE Lee Whitfield, talking about the Forensic 4Cast award nominations

Forensic Lunch ANZAC edition with Michael Cohen talking about Velociraptor Shanna Daly talking about her work in Australia Phil Moore, Nick Klein talking about their new entity and thisweekin4n6

Forensic Lunch with Sarah Edwards, Ashley Hernandez , Dr Joe Sylve catching us up with the new combined Celebrite/Blackbag  

The Forensic Lunch 2/1/19! The twice a month, usually, podcast/videocast that's all about DFIR This week we have: Blanche Lagny talking about her paper on Amcache The DFIR Review crew talking about .. DFIR Review! crew entails: Jessica Hyde Vico Marziale Brett Shavers Tony Knutson

Forensic Lunch! Live with Ryan Benson talking about Unfurl, Jessica Hyde and Aaron Sparling talking about Memory forensics

This week Lee Whitfield joins us to discuss the DFIR Summit and Matt showed us his rust based live windows monitors for DFIR Research

The Forensic Lunch! Live this week with jaco_za who walked us through how he won the Magnet User Summit CTF we built.

Live from the DFIR Summit in Austin, Texas.   This short episode we had Rob Lee talking about the new Windows Forensics Poster and Lee Whitfield talking about the Forensic 4cast awards.

Live from the Magnet User Summit in Las Vegas with Jessica Hyde, Heather Mahalik, Jad Saliba, Matthew Seyer and David Cowen

Live with Jason Jordaan talking about DFIR in South Africa, James Cooksey talking about Belkasoft, Troy Schnack talking about his work and being nominated for Forensicator of the Year, Matthew Seyer and David Cowen

Live with Maxime Lamothe-Brassard, Nicole Ibrahim, Matthew Seyer and David Cowen talking about ETLs, the SANS DFIR Summit, and Lima Charlie

Live with Lee Whitfield, Matthew Seyer and David Cowen talking about the Forensic 4Cast award Nominees

The Forensic Lunch live with Matthew Seyer and David Cowen talking about how Office saves files and more testing

Live with Maxim Suhanov (@errno_fail), Matthew Seyer and David Cowen talking about Registry Forensics, Transactional Registry logs and his library YARP

Live with Eric Zimmerman, Matthew Seyer and David Cowen talking about Registry Explorer and transactional registries

Live with Phill Moore, Dr. Bradley Schatz, Matthew Seyer and David Cowen talking about This week in forensics and Evimetry

Live with Ashley Hernandez, Joe Sylve, Matthew Seyer and David Cowen talking about Blacklight and Blackbag

Forensic Lunch Live with Devon Ackerman, Matthew Seyer and David Cowen. Devon Ackerman presented on Office365 forensics

Forensic Lunch Live with Lee Whitfield, Matthew Seyer and David Cowen

Forensic Lunch Test Kitchen live DFIR testing on 12/7/17

Forensic Lunch Test Kitchen live DFIR testing on 12/6/17

Forensic Lunch Test Kitchen live DFIR testing on 12/5/17

The Forensic Lunch Test Kitchen 12/4/17, live testing of forensic artifacts

The Forensic Lunch live with Mark Mckinnon, Brian Moran, Brian Carrier and Jessica Hyde

The Forensic Lunch live with Rebekah Brown

The Forensic Lunch with Chuck Norris, correlation in Arrango DB and shellbags testing

Forensic Lunch With Elizabeth Schweinsberg talking about DFRWS

The Forensic Lunch with Mary Ellen Kennel and Devon Ackerman talking about the AbourDFIR project

This week Jessica Hyde and Brian Moran joined us talking about their research into Amazon Alexa and Google Home.

Live From Enfuse Day 3! This week with Lesley Carhart, @hacks4pancakes talking about being the very first Women in Technology solving for X award presented by Guidance Software, hacks4kids and her dfir research interests Dr. Bradley Shatz, @wirespeed4n6, talking about DFRWS evimetry, aff4 and his new advanced imager Ashley Hernandez, @ashleyatencase, talking about all the new things coming from guidance regarding Encase Forensic, Endpoint investigator and mobile acquisition/examiner