Podcasts about dfir

In incident response, if you wipe systems first and ask questions later, you're deleting the truth.In this episode, host Anthony Hess sits down with Devon Ackerman, Global Head of Digital Forensics and Incident Response at Cybereason, to unpack what serious DFIR looks like when your audience is regulators, legal counsel, and insurance carriers and brokers. A former FBI Supervisory Special Agent and Senior Forensic Examiner, Devon explains why his team approaches every matter as if it could end up in court, and what that changes in practice.He breaks down how to scope an incident from the first call, preserve evidence before “fixing” the environment, and pressure-test tool output instead of blindly trusting it. Anthony and Devon also dig into AI and automation in DFIR, the central role of timelines and logging in telling a credible breach story, and why third- and fourth-party access, zero trust, and contracts are now defining systemic cyber risk for boards and insurers alike.You'll learn:1. Why “defensible truth” is the real product in high-stakes incident response2. How forensic-science DFIR changes scoping, evidence preservation, and decision-making3. Where AI speeds up investigations and where it creates blind spots for junior teams4. Why timelines and logging shape what carriers, regulators, and boards believe happened5. How vendor access and contracts drive third- and fourth-party cyber risk at scale___________Get in touch with Devon Ackerman on LinkedIn: https://www.linkedin.com/in/devonackerman/___________About the host Anthony Hess:Anthony is passionate about cyber insurance. He is the CEO of Asceris, which supports clients to respond to cyber incidents quickly and effectively. Originally from the US, Anthony now lives in Europe with his wife and two children.Get in touch with Anthony on LinkedIn: https://www.linkedin.com/in/anthonyhess/ or email: ahess@asceris.com.___________Thanks to our friends at SAWOO for producing this episode with us!

Si and Desi close out the year on the Forensic Focus Podcast with a wide-ranging end-of-2025 wrap-up, reflecting on how the year unfolded for the show and the DFIR community. They discuss the mental health series, guest appearances, and how everyday technologies — from streaming services to wearables — are increasingly intersecting with forensic investigations, even when people don't realise it. The conversation then broadens to bigger technology shifts, including the rapid rise of AI and its legal, ethical, and societal implications. Si and Desi explore bias, misinformation, validation, and why human oversight still matters, before turning to the resurgence of operating system "wars," Apple's growing market share, Linux's expanding presence, and what changing user behaviour could mean for digital forensics in the years ahead. #DigitalForensics #DFIR #ForensicFocusPodcast #AI #Wearables #Linux #Apple

Keith Lockhart from Oxygen Forensics joins Si and Desi on the Forensic Focus Podcast to examine how remote digital evidence collection is changing investigative workflows across DFIR, eDiscovery, and corporate investigations. Drawing on recent XiB mobile training and real-world deployments, Keith explains where remote and agent-based acquisition delivers practical benefits—and where traditional hands-on methods remain essential. The discussion covers targeted versus full acquisitions, consent and governance in corporate environments, and the operational realities of collecting data across networks, jurisdictions, and time zones. It also explores over-the-air mobile collection, workstation memory capture, drone forensics, and why parser development remains a constant challenge as apps and platforms evolve. #DigitalForensics #DFIR #MobileForensics #IncidentResponse #eDiscovery #RemoteCollection #DigitalEvidence #cybercrime

A new executive order targets states' AI regulations, while the White House shifts course on an NSA deputy director pick. The UK fines LastPass over inadequate security measures. Researchers warn of active attacks against Gladinet CentreStack instances. OpenAI outlines future cybersecurity plans. MITRE ranks the top 25 vulnerabilities of 2025. CISA orders U.S. federal agencies to urgently patch a critical GeoServer vulnerability. An anti-piracy coalition shuts down one of India's most popular illegal streaming services. Our guest Mark Lance, Vice President, DFIR & Threat Intelligence, GuidePoint Security, unpacks purple team table top exercises to prepare for AI-generated attacks. Hackers set their sights on DNA. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Mark Lance, Vice President, DFIR & Threat Intelligence, GuidePoint Security, is discussing purple team table top exercises to prepare for AI-generated attacks. Selected Reading Trump Signs Executive Order to Block State AI Regulations (SecurityWeek) Announced pick for No. 2 at NSA won't get the job as another candidate surfaces (The Record) LastPass Data Breach — Insufficient Security Exposed 1.6 Million Users (Forbes) Gladinet CentreStack Flaw Exploited to Hack Organizations (SecurityWeek) OpenAI lays out its plan for major advances in AI cybersecurity features (SC Media) MITRE Releases 2025 List of Top 25 Most Dangerous Software Vulnerabilities (SecurityWeek) CISA orders feds to patch actively exploited Geoserver flaw (Bleeping Computer) MKVCinemas streaming piracy service with 142M visits shuts down (Bleeping Computer) The Unseen Threat: DNA as Malware (BankInfoSecurity) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Digital forensics has become a mission-critical skill as cybercrime surges worldwide. In this episode, we break down the top ten forensic tools used by investigators to analyze systems, extract evidence, and uncover digital footprints. From Autopsy and FTK to Cellebrite UFED, Magnet AXIOM, and advanced cloud and memory forensics platforms, get a clear view of what each tool does and when to use it.

Every click, search, and download leaves a trace. Web browser forensics helps investigators uncover those hidden artifacts to reconstruct user activity, detect cybercrime, and support DFIR investigations. This session explores how browser data becomes digital evidence and why it is crucial for cybersecurity professionals today.

En este episodio la discusión se centra en la acuciante relevancia de la ciberseguridad en el mundo corporativo, destacando ciberataques recientes de alto perfil contra compañías como Jaguar Land Rover y Aceros Olarra, que provocaron importantes pérdidas financieras. Se reportaron pérdidas estimadas en millones de euros diarios en beneficios para Jaguar Land Rover, poniendo en riesgo unos empleos directos e indirectos en la cadena de suministro. El programa también presenta dos entrevistas: la primera con Luis Fernández, editor de la revista SIC, para discutir el próximo congreso Securmática (que celebra su 35ª edición) y el papel en evolución del CISO. Fernández enfatiza que el CISO debe mutar y hablar el lenguaje del negocio, integrando el riesgo tecnológico dentro del concepto más amplio de riesgos empresariales. La segunda entrevista es con Alberto Rodríguez de Rut Valencia, para adelantar la agenda de esa conferencia de ciberseguridad, incluyendo formaciones sobre DFIR, OPSEC, Red Team, ataques al directorio activo y hardware hacking. Twitter: @ciberafterwork Instagram: @ciberafterwork Panda Security: https://www.pandasecurity.com/es/ +info: https://psaneme.com/ https://bitlifemedia.com/ https://www.vapasec.com/ VAPASEC https://www.vapasec.com/ https://www.vapasec.com/webprotection/

Summary In this episode of Chattinn Cyber, Marc Schein is chattin' with Devon Ackerman, a highly respected figure in the digital forensics and incident response (DFIR) community. Devon shares his background, starting from his upbringing in upstate New York, moving to Georgia, and how a chance encounter with an article about digital forensics at Champlain College sparked his interest in the field. He explains his early career in IT and web design during the dot-com boom, and how his curiosity and passion for troubleshooting led him to pursue digital forensics as a career. Devon elaborates on the core concepts of digital forensics and incident response, describing digital forensics as the scientific discipline of preserving, validating, and interpreting digital data, often for legal purposes. Incident response builds on this foundation by focusing on reacting to cyber incidents, preserving evidence, and supporting organizations during and after attacks. He recounts his FBI career, highlighting a significant case involving espionage where a trusted insider stole sensitive data for a foreign government, demonstrating the real-world impact and importance of DFIR work. The conversation shifts to emerging cyber threats and the evolving landscape of cyber risk. Devon emphasizes that threat actors are highly motivated, whether financially or politically, and continuously adapt to stay ahead of defenders. He discusses the widespread availability of offensive cyber capabilities among nation-states and criminal groups, and how geopolitical tensions can influence cyber activity. The discussion also touches on the role of AI in cybersecurity, acknowledging its potential benefits but warning about risks related to rapid adoption without adequate security controls. Devon addresses the insider threat, distinguishing between malicious insiders and those who pose risks unintentionally through mistakes or misconfigurations. He stresses that human factors remain a critical vulnerability in cybersecurity, as trusted employees can inadvertently expose sensitive data. He offers advice for newcomers to the DFIR field, encouraging a mindset of continuous learning, experimentation, and resilience in the face of failure, noting the complexity and ever-changing nature of digital forensics. Finally, Devon describes his current role at Cybereason, a cybersecurity company known for its endpoint detection and response technology. He explains how Cybereason has expanded its services to include both proactive advisory and reactive incident response capabilities, supporting clients globally across the entire cyber risk lifecycle. He provides contact information for listeners interested in learning more or engaging their services, and the episode concludes with Marc thanking Devon for sharing his insights and experiences. Key Points 1. Career Path to Digital Forensics: Devon's journey from IT and web design to becoming a leading expert in digital forensics and incident response, sparked by early exposure to the field and a passion for troubleshooting. 2. Definition and Scope of DFIR: Explanation of digital forensics as a scientific discipline and incident response as the reactive process to cyber incidents, including their importance in legal and investigative contexts. 3. Notable FBI Case: A detailed recount of a high-profile espionage investigation involving insider theft of sensitive data, illustrating the practical application and impact of DFIR work. 4. Evolving Cyber Threat Landscape: Discussion on the motivations and capabilities of threat actors, the proliferation of offensive cyber tools among nation-states and criminals, and the influence of geopolitical factors. 5. Insider Threat and Human Factor: Insight into insider threats, both malicious and accidental, emphasizing the ongoing risk posed by human error and the need for vigilance and security awareness. Key Quotes 1.

Got a question or comment? Message us here!

Want to land your next role in Threat Hunting or DFIR? This InfosecTrain masterclass is your all-in-one interview preparation guide for 2025 cybersecurity jobs. Packed with real-world questions, expert answers, and insider tips, it's designed to help you stand out in competitive SOC and forensics interviews.Whether you're preparing for your first SOC analyst role or moving into advanced threat detection and digital forensics, this session blends scenario-based Q&A, technical walkthroughs, and career guidance you can apply immediately.

Threat Hunting isn't just about alerts and dashboards—it's about proactively tracking adversaries before they strike. In this exclusive InfosecTrain session, a top cybersecurity expert reveals proven Threat Hunting and DFIR (Digital Forensics & Incident Response) techniques you can apply right away.This isn't theory—it's a hands-on guide for SOC analysts, security engineers, and cybersecurity enthusiasts who want to master detection, investigation, and rapid response.

Integrity360, one of Europe and EMEA's leading cyber security specialists, has been named as a Representative Vendor in the 2025 Gartner Market Guide for Digital Forensics and Incident Response (DFIR). The Gartner Market Guide provides security and risk management leaders with insights to understand the DFIR market, evaluate trends, refine requirements and identify market players. Integrity360 is listed among 40 vendors globally which, according to Gartner, best represent the DFIR market and attract the most client interest through Gartner.com searches and inquiries. DFIR retainers are increasingly viewed as a cornerstone of cyber resilience, providing organisations with rapid access to expert teams who can investigate malicious activity, conduct forensic analysis, support recovery and perform post-incident reviews. According to Gartner, these retainers are now often required by cyber insurance policies and certain regulations, such as the Digital Operational Resilience Act (DORA). The guide also highlights that the DFIR market continues to grow in response to rising security incidents, with AI integration significantly reducing investigation times and improving incident context. It emphasises the value of providers offering both reactive services - such as breach investigation and ransomware negotiation - and proactive measures including tabletop exercises, penetration testing and readiness assessments. "We are pleased to be recognised by Gartner as a Representative Vendor in the DFIR market," said Richard Ford, CTO at Integrity360. "As organisations face tighter regulatory mandates and increasingly sophisticated threats, we're proud to offer DFIR services which are designed to minimise impact, support recovery and strengthen defences against future threats." Integrity360's DFIR services give clients 24/7 access to incident response specialists across multiple regions, enabling rapid deployment when needed. These services include forensic investigation, malware analysis and breach containment to help strengthen long-term resilience. See more stories here.

No episódio de hoje recebemos Leticia Pereira, especialista em CSIRT e Resposta a Incidentes, para discutir como equipes de Computer Security Incident Response Team podem se beneficiar de práticas de Application Security. Exploramos como integrar a visão de AppSec no dia a dia do CSIRT, quais informações os times de desenvolvimento podem fornecer para enriquecer a resposta a incidentes e como essa colaboração fortalece a resiliência organizacional frente a ataques.Become a supporter of this podcast: https://www.spreaker.com/podcast/devsecops-podcast--4179006/support.Apoio: Nova8, Snyk, Gold Security, Digitalwolk e PurpleBird Security.

Maxime Lamothe-Brassard, Founder and CEO of LimaCharlie, and the Defender Fridays community sit down with Jared Atkinson and dive into BloodHound.Jared is a security researcher who specializes in Digital Forensics and Incident Response. Recently, he has been building and leading private sector Hunt Operations capabilities. In his previous life, Jared lead incident response missions for the U.S. Air Force Hunt Team, detecting and removing Advanced Persistent Threats on Air Force and DoD networks. Passionate about PowerShell and the open source community, Jared is the lead developer of PowerForensics, Uproot, and maintains a DFIR focused blog at www.invoke-ir.com.On Defender Fridays we delve into the dynamic world of information security, exploring its defensive side with seasoned professionals from across the industry. Our aim is simple yet ambitious: to foster a collaborative space where ideas flow freely, experiences are shared, and knowledge expands.Join the live discussions by registering at https://limacharlie.io/defender-fridays

Join us every Friday as we delve into the dynamic world of information security, exploring its defensive side with seasoned professionals from across the industry. Our aim is simple yet ambitious: to foster a collaborative space where ideas flow freely, experiences are shared, and knowledge expands.Each week, we bring you a different expert guest who will share their invaluable insights on topics ranging from threat hunting and incident response to security operations and detection engineering. What makes these sessions special is their informal and interactive nature, allowing for an engaging dialogue between our guests, hosts, and the audience.You can sign up to join us for the live sessions at limacharlie.io/defender-fridays

Send us a textWe kick off this episode with highlights from the Techno Security Conference, our 80s-themed outfits, packed LEAPP labs, AI panel discussions, and great conversations with friends and colleagues across the field.We discuss Brett Shavers' recent series on DFIR entry-level work, and share our thoughts on the need for better forensic training and clearer distinctions between forensics, cybersecurity, and incident response.We also talk about recent tool changes in the industry. Cellebrite's acquisition of Corellium could make mobile app testing more accessible, and Magnet's purchase of Dark Circuit Labs.We cover Harper Shaw's Vehicle Network App, a valuable source of vehicle-related data. Alongside that, we highlight a recent blog on cached screenshots in Windows 11. Be sure to check out the excellent “Parsing the Truth” podcast.Heather walks through her Easter road trip to test Android's Timeline feature (formerly Google Location History). The location data was impressively accurate, but also showed how easily some points can mislead without the right context.Catch us at IACIS Reno in January and check out the some of the resources we mentioned.Notes:Parsing the Truth: One Byte at a Time https://parsingthetruth.com/Cached Screenshots on Windows 11https://thinkdfir.com/2025/06/13/cached-screenshots-on-windows-11/The Vehicle Network App from Harper Shawhttps://harpershaw.co.uk/the-vehicle-network-app-1Beklkasoft CTFhttps://belkasoft.com/belkactf7/Brett Shavers 6 part serieshttps://www.linkedin.com/pulse/dfir-really-entry-level-brett-shavers-ewsvc/https://www.dfir.training/new-to-dfir/dfir-careerArtifact of the Week/Android Location Historyhttps://thebinaryhick.blog/2024/06/28/the-green-look-back-androids-on-device-location-history/

We dive into our latest public report with Randy Pargman, Jake Ouellette, Kostas T., and Mangatas Tondang.Report: https://thedfirreport.com/2025/05/19/another-confluence-bites-the-dust-falling-to-elpaco-team-ransomware/Contact Us: ⁠⁠⁠⁠⁠https://thedfirreport.com/contact/⁠⁠⁠⁠⁠Services: ⁠⁠⁠⁠⁠https://thedfirreport.com/services/⁠⁠⁠⁠⁠Music by FASSounds from Pixabay

Segment 1: Erik Bloch Interview The math on SOC AI just isn't adding up. It's not easy to do the math, either, as each SOC automation vendor is tackling alert fatigue and SecOps assistants a bit differently. Fortunately for us and our audience, Erik Bloch met with many of these vendors at RSAC and is going to share what he learned with us! Segment 2: Enterprise Weekly News In this week's enterprise security news, 1. Some interesting new companies getting funding 2. Chainguard isn't unique anymore 3. AI slop coming to open source soon 4. Wiz dominance analysis 5. the IKEA effect in cybersecurity 6. LLM model collapse 7. vulnerabilities 8. DFIR reports 9. and fun with LinkedIn and prompt injection! Segment 3: RSAC Interviews runZero Interview with HD Moore Despite becoming a checkbox feature in major product suites, vulnerability management is fundamentally broken. The few remaining first-wave vulnerability scanners long ago shifted their investments and attention into adjacent markets to maintain growth, bolting on fragmented functionality that's added complexity without effectively securing today's attack surfaces. Meanwhile, security teams are left contending with massive blind spots and disparate tools that collectively fail to detect exposures that are commonly exploited by attackers. Our industry is ready for change. Jeff and HD explore the current state of vulnerability management, what's required to truly prevent real-world incidents, new perspectives that are challenging the status quo, and innovative approaches that are finally overcoming decades old problems to usher in a new era of vulnerability management. Segment Resources: Read more about runZero's recent launch, including new exposure management capabilities: https://www.runzero.com/blog/new-era-exposure-management/ Watch a two-minute summary and deeper dive videos here: https://www.youtube.com/@runZeroInc Tune into runZero's monthly research webcast, runZero Hour, to hear about the team's latest research findings and additional debate on all things exposure management: https://www.runzero.com/research/runzero-hour/ Try runZero free for 21 days by visiting https://securityweekly.com/runzerorsac. After 21 days, the trial converts into a free Community Edition license that is great for small environments and home networks. Imprivata interview with Joel Burleson-Davis Organizations in mission-critical industries are acutely aware of the growing cyber threats, like the Medusa ransomware gang attacking critical US sectors, but are wary that implementing stricter security protocols will slow productivity and create new barriers for employees. This is a valid concern, but organizations should not accept the trade-off between the inevitability of a breach by avoiding productivity-dampening security measures, or the drop in employee productivity and rise in frustration caused by implementing security measures that might mitigate a threat like Medusa. In this conversation, Joel will discuss how organizations can build a robust security strategy that does not impede productivity. He will highlight how Imprivata's partnership with SailPoint enables stronger enterprise identity security while enhancing efficiency—helping organizations strike the right balance. This segment is sponsored by Imprivata. Visit https://securityweekly.com/imprivatarsac to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-408

Segment 1: Erik Bloch Interview The math on SOC AI just isn't adding up. It's not easy to do the math, either, as each SOC automation vendor is tackling alert fatigue and SecOps assistants a bit differently. Fortunately for us and our audience, Erik Bloch met with many of these vendors at RSAC and is going to share what he learned with us! Segment 2: Enterprise Weekly News In this week's enterprise security news, 1. Some interesting new companies getting funding 2. Chainguard isn't unique anymore 3. AI slop coming to open source soon 4. Wiz dominance analysis 5. the IKEA effect in cybersecurity 6. LLM model collapse 7. vulnerabilities 8. DFIR reports 9. and fun with LinkedIn and prompt injection! Segment 3: RSAC Interviews runZero Interview with HD Moore Despite becoming a checkbox feature in major product suites, vulnerability management is fundamentally broken. The few remaining first-wave vulnerability scanners long ago shifted their investments and attention into adjacent markets to maintain growth, bolting on fragmented functionality that's added complexity without effectively securing today's attack surfaces. Meanwhile, security teams are left contending with massive blind spots and disparate tools that collectively fail to detect exposures that are commonly exploited by attackers. Our industry is ready for change. Jeff and HD explore the current state of vulnerability management, what's required to truly prevent real-world incidents, new perspectives that are challenging the status quo, and innovative approaches that are finally overcoming decades old problems to usher in a new era of vulnerability management. Segment Resources: Read more about runZero's recent launch, including new exposure management capabilities: https://www.runzero.com/blog/new-era-exposure-management/ Watch a two-minute summary and deeper dive videos here: https://www.youtube.com/@runZeroInc Tune into runZero's monthly research webcast, runZero Hour, to hear about the team's latest research findings and additional debate on all things exposure management: https://www.runzero.com/research/runzero-hour/ Try runZero free for 21 days by visiting https://securityweekly.com/runzerorsac. After 21 days, the trial converts into a free Community Edition license that is great for small environments and home networks. Imprivata interview with Joel Burleson-Davis Organizations in mission-critical industries are acutely aware of the growing cyber threats, like the Medusa ransomware gang attacking critical US sectors, but are wary that implementing stricter security protocols will slow productivity and create new barriers for employees. This is a valid concern, but organizations should not accept the trade-off between the inevitability of a breach by avoiding productivity-dampening security measures, or the drop in employee productivity and rise in frustration caused by implementing security measures that might mitigate a threat like Medusa. In this conversation, Joel will discuss how organizations can build a robust security strategy that does not impede productivity. He will highlight how Imprivata's partnership with SailPoint enables stronger enterprise identity security while enhancing efficiency—helping organizations strike the right balance. This segment is sponsored by Imprivata. Visit https://securityweekly.com/imprivatarsac to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-408

Segment 1: Erik Bloch Interview The math on SOC AI just isn't adding up. It's not easy to do the math, either, as each SOC automation vendor is tackling alert fatigue and SecOps assistants a bit differently. Fortunately for us and our audience, Erik Bloch met with many of these vendors at RSAC and is going to share what he learned with us! Segment 2: Enterprise Weekly News In this week's enterprise security news, 1. Some interesting new companies getting funding 2. Chainguard isn't unique anymore 3. AI slop coming to open source soon 4. Wiz dominance analysis 5. the IKEA effect in cybersecurity 6. LLM model collapse 7. vulnerabilities 8. DFIR reports 9. and fun with LinkedIn and prompt injection! Segment 3: RSAC Interviews runZero Interview with HD Moore Despite becoming a checkbox feature in major product suites, vulnerability management is fundamentally broken. The few remaining first-wave vulnerability scanners long ago shifted their investments and attention into adjacent markets to maintain growth, bolting on fragmented functionality that's added complexity without effectively securing today's attack surfaces. Meanwhile, security teams are left contending with massive blind spots and disparate tools that collectively fail to detect exposures that are commonly exploited by attackers. Our industry is ready for change. Jeff and HD explore the current state of vulnerability management, what's required to truly prevent real-world incidents, new perspectives that are challenging the status quo, and innovative approaches that are finally overcoming decades old problems to usher in a new era of vulnerability management. Segment Resources: Read more about runZero's recent launch, including new exposure management capabilities: https://www.runzero.com/blog/new-era-exposure-management/ Watch a two-minute summary and deeper dive videos here: https://www.youtube.com/@runZeroInc Tune into runZero's monthly research webcast, runZero Hour, to hear about the team's latest research findings and additional debate on all things exposure management: https://www.runzero.com/research/runzero-hour/ Try runZero free for 21 days by visiting https://securityweekly.com/runzerorsac. After 21 days, the trial converts into a free Community Edition license that is great for small environments and home networks. Imprivata interview with Joel Burleson-Davis Organizations in mission-critical industries are acutely aware of the growing cyber threats, like the Medusa ransomware gang attacking critical US sectors, but are wary that implementing stricter security protocols will slow productivity and create new barriers for employees. This is a valid concern, but organizations should not accept the trade-off between the inevitability of a breach by avoiding productivity-dampening security measures, or the drop in employee productivity and rise in frustration caused by implementing security measures that might mitigate a threat like Medusa. In this conversation, Joel will discuss how organizations can build a robust security strategy that does not impede productivity. He will highlight how Imprivata's partnership with SailPoint enables stronger enterprise identity security while enhancing efficiency—helping organizations strike the right balance. This segment is sponsored by Imprivata. Visit https://securityweekly.com/imprivatarsac to learn more about them! Show Notes: https://securityweekly.com/esw-408

Segment 1: Erik Bloch Interview The math on SOC AI just isn't adding up. It's not easy to do the math, either, as each SOC automation vendor is tackling alert fatigue and SecOps assistants a bit differently. Fortunately for us and our audience, Erik Bloch met with many of these vendors at RSAC and is going to share what he learned with us! Segment 2: Enterprise Weekly News In this week's enterprise security news, 1. Some interesting new companies getting funding 2. Chainguard isn't unique anymore 3. AI slop coming to open source soon 4. Wiz dominance analysis 5. the IKEA effect in cybersecurity 6. LLM model collapse 7. vulnerabilities 8. DFIR reports 9. and fun with LinkedIn and prompt injection! Segment 3: RSAC Interviews runZero Interview with HD Moore Despite becoming a checkbox feature in major product suites, vulnerability management is fundamentally broken. The few remaining first-wave vulnerability scanners long ago shifted their investments and attention into adjacent markets to maintain growth, bolting on fragmented functionality that's added complexity without effectively securing today's attack surfaces. Meanwhile, security teams are left contending with massive blind spots and disparate tools that collectively fail to detect exposures that are commonly exploited by attackers. Our industry is ready for change. Jeff and HD explore the current state of vulnerability management, what's required to truly prevent real-world incidents, new perspectives that are challenging the status quo, and innovative approaches that are finally overcoming decades old problems to usher in a new era of vulnerability management. Segment Resources: Read more about runZero's recent launch, including new exposure management capabilities: https://www.runzero.com/blog/new-era-exposure-management/ Watch a two-minute summary and deeper dive videos here: https://www.youtube.com/@runZeroInc Tune into runZero's monthly research webcast, runZero Hour, to hear about the team's latest research findings and additional debate on all things exposure management: https://www.runzero.com/research/runzero-hour/ Try runZero free for 21 days by visiting https://securityweekly.com/runzerorsac. After 21 days, the trial converts into a free Community Edition license that is great for small environments and home networks. Imprivata interview with Joel Burleson-Davis Organizations in mission-critical industries are acutely aware of the growing cyber threats, like the Medusa ransomware gang attacking critical US sectors, but are wary that implementing stricter security protocols will slow productivity and create new barriers for employees. This is a valid concern, but organizations should not accept the trade-off between the inevitability of a breach by avoiding productivity-dampening security measures, or the drop in employee productivity and rise in frustration caused by implementing security measures that might mitigate a threat like Medusa. In this conversation, Joel will discuss how organizations can build a robust security strategy that does not impede productivity. He will highlight how Imprivata's partnership with SailPoint enables stronger enterprise identity security while enhancing efficiency—helping organizations strike the right balance. This segment is sponsored by Imprivata. Visit https://securityweekly.com/imprivatarsac to learn more about them! Show Notes: https://securityweekly.com/esw-408

Heather Barnhart and Paul Lorenz join the Forensic Focus Podcast to discuss key insights from Cellebrite's 2025 DFIR Industry Trends Survey. They dive into the challenges facing digital forensics today - from locked devices and encrypted applications to overwhelming case backlogs. The survey, which gathered responses from over 2,100 professionals across 95 countries, reveals notable trends: 98% of prosecutors consider digital evidence critical to their cases, and 80% of respondents believe AI can enhance investigation effectiveness. The discussion delves into the growing acceptance of cloud storage in forensics, the cautious adoption of AI in investigations, and the preference for in-person training despite the convenience of online options. The guests also discuss cognitive bias in investigations and the importance of maintaining forensic integrity when presenting digital evidence. #digitalforensics #dfir 00:00 Welcome and Introductions 00:56 Paul Lorenz's Journey into Forensics 03:19 Challenges in Digital Forensics 04:36 Industry Trends and Survey Insights 06:37 Mental Health and Community Support 17:19 AI in Digital Investigations 22:57 Case Studies and Real-World Examples 27:37 Diverse Paths in Investigations 28:07 Challenges of Bias in Forensic Cases 30:33 The Complexity of Cloud Storage 37:45 Generational Shifts in Technology Adoption 41:30 The Importance of Training in Forensics 43:19 In-Person vs. Online Training Preferences 50:12 Concluding Thoughts and Future Trends Show Notes 2025 Industry Trends Survey - https://cellebrite.com/en/industry-trends-survey-2025 Cellebrite - https://cellebrite.com/en/home  

In this powerful continuation of our DFIR series, cybersecurity experts Daniel Schwalbe, David Bianco, Lesley Carhart, and Sarah Sabotka dissect the heart of effective incident response, containment, eradication, recovery, and lessons learned. Packed with firsthand war stories, sharp tactical advice, and honest debates, this episode is a must-listen for anyone building or refining their digital forensics and incident response capabilities. Tune in to learn why planning matters, what to do (and not do) during a breach, and how to make the adversary's job harder, one containment plan at a time.

Brett Shavers joins the Forensic Focus Podcast to discuss the critical "investigative mindset" needed for effective digital forensics. Drawing from his unique background in undercover law enforcement operations and his transition to digital forensics, Brett shares invaluable insights on why technical skills alone aren't enough in DFIR. Digging into practical challenges with hosts Si and Desi, Brett tackles head-on why DFIR isn't an entry-level field, the importance of understanding human behavior behind digital evidence, and how to approach cases with both technical precision and investigative strategy. He discusses his journey authoring several influential books including "DFIR Investigative Mindset," "Placing the Suspect Behind the Keyboard," and the definitive guide to X-Ways Forensics. Whether you're a seasoned investigator or considering a career in digital forensics, Brett offers practical wisdom on balancing technical proficiency with investigative thinking, effective communication of complex findings, and why we should remember we're not investigating computers—we're investigating people who use computers. #digitalforensics #dfir 00:00 Introduction and Guest Welcome 02:01 Brett Shavers' Background in Law Enforcement 03:33 Transition to Forensics 05:03 Challenges in DFIR 07:17 Educational Pathways and Industry Insights 12:51 X-Ways Forensics and Tool Proficiency 16:58 Investigative Mindset and New Book 27:46 The Importance of Education in Cybersecurity 28:04 Challenges in Teaching Investigative Skills 28:59 Real-World Training Scenarios 30:38 Understanding the Human Element in Cybersecurity 35:35 The Role of Communication in Cybersecurity 42:59 Technical Proficiency and Case Management 47:32 Continuous Improvement and Collaboration 53:42 Conclusion and Final Thoughts Show Notes Brett's Ramblings - https://www.brettshavers.com/ DFIR Training - https://www.dfir.training/ Brett's Books - https://brettshavers.com/my-books  

One of the essential skill sets for a DFIR analyst is the ability to understand the impact of vulnerabilities quickly. In many IR scenarios, you may find a newly discovered vulnerability or receive a scan that flags multiple potential weaknesses. To stay efficient, you must...

Brandon Epstein joins the Forensic Focus Podcast to discuss the evolving landscape of digital forensics and the growing role of artificial intelligence in evidence analysis. Brandon shares his journey from being a major crimes detective in New Jersey to co-founding Medex Forensics (later acquired by Magnet), and discusses his current roles both at Magnet Forensics and as chair of the Scientific Working Group on Digital Evidence (SWGDE). In this wide-ranging conversation, he explains how AI is being responsibly implemented in forensic tools like Magnet Axiom's Copilot feature and Magnet Verify, highlighting the critical distinction between using AI for investigative leads versus evidentiary conclusions. Brandon also dives into the challenges of media authentication in an era of deepfakes, the shift toward cloud-based forensic platforms, and provides a preview of his upcoming "AI Unpacked" webinar series. #digitalforensics #dfir #ai 00:00 Welcome and Introduction 00:32 Life in Nashville and User Summit Highlights 02:07 The Importance of Networking at Conferences 04:32 Brandon's Journey to Magnet Forensics 10:17 AI and Digital Forensics 16:02 AI Unpacked Webinar Series 21:40 Scientific Working Group on Digital Evidence (SWGDE) 33:16 The Collaborative Spirit in Forensics 34:45 Magnet's Expanding Product Line 36:14 The Future of Cloud in Digital Forensics 39:08 Challenges and Benefits of Cloud Adoption 45:26 The Role of AI and Cloud in Conferences 46:09 Magnet's Acquisition of DVR Examiner  48:47 The Importance of Video Authenticity 52:29 Emerging Technologies in Forensics 58:04 Personal Insights and Closing Remarks Show Notes Magnet Forensics - https://www.magnetforensics.com AI Unpacked - https://www.magnetforensics.com/ai-unpacked/?utm_source=ForensicFocus&utm_medium=Referral&utm_campaign=UTMC-0000077 SWGDE - https://www.swgde.org

- Response and Recovery (Part III) Markus Epner - Head of Academy at F24 AG. Markus possesses a wealth of experience in security and crisis management. In this episode, he is in conversation with - Lorenz Kuhlee, who is a highly experienced IT security professional working with PwC's Risk & Regulation Team in Germany. His specialties include large-scale data breach investigations, cyber incident response, and digital forensics. At PwC, Lorenz leads technical teams through complex cases and brings expertise in project management, specifically tailored to digital forensics and incident response (DFIR). In addition to his work at PwC, Lorenz is the co-author of Computer Forensics Hacks, a practical collection of methods, tips, and tricks from computer forensics. 01:14 Once your team is activate, what are the key phases and actions required to mitigate the situation? 02:59 If there's a ransomeware attack on a company, should they pay or not? 09:46 How do you ensure your that your containment meausres do not interefre with the company's ongoing activities? 15:00 Do criminals follow some kind of internal SOP when they attack a company? 18:00 What steps should companies take to ensure that they are well prepared against a cyber attack?

Modern Windows systems use a tightly coordinated sequence of core processes to establish secure system and user environments. DFIR investigators and incident responders must understand the interrelationships between processes such as Idle, SMSS, CSRSS, WININIT, and WINLOGON. Recognizing expected behaviors and anomalies in these steps is crucial for detecting potential system compromises. This episode demystifies the Windows 10/11 process flow and provides context for effective triage and analysis.

- Response and Recovery (Part II) Markus Epner - Head of Academy at F24 AG. Markus possesses a wealth of experience in security and crisis management. In this episode, he is in conversation with - Lorenz Kuhlee, who is a highly experienced IT security professional working with PwC's Risk & Regulation Team in Germany. His specialties include large-scale data breach investigations, cyber incident response, and digital forensics. At PwC, Lorenz leads technical teams through complex cases and brings expertise in project management, specifically tailored to digital forensics and incident response (DFIR). In addition to his work at PwC, Lorenz is the co-author of Computer Forensics Hacks, a practical collection of methods, tips, and tricks from computer forensics. 02:30 How should companies communicate internally during the early stage of a crisis/incident? 03:53 What happens if the whole system is compromised and there are no redundant channels for crisis communication? 07:40 What could make a situation worse? 11:34 Should they call the police or that will make the situation worse? 15:35 Communicating with the Attacker - Am I allowed to speak to the cyber criminal?

Dr Michael Bourke joins the Forensic Focus Podcast to discuss the psychological impact of investigating internet crimes against children and how organizations can better support digital forensic investigators' mental health. As a distinguished clinical psychologist and researcher, Dr Bourke shares powerful insights from his extensive work in this field, explaining how repeated exposure to disturbing material can affect even the most resilient professionals. Dr Bourke introduces his innovative "sunburn analogy" to explain how secondary traumatic stress accumulates over time, discusses practical strategies for protecting investigators' wellbeing, and reveals details about the groundbreaking FORWARD Center, a new non-profit wellness facility dedicated to supporting first responders. He also shares insights from the National Wellness Survey, which received responses from 8,000 law enforcement professionals, demonstrating the urgent need for better mental health support in this field. #digitalforensics #DFIR #mentalhealth #wellbeing 00:00 Introduction and Welcome 02:00 Inspiration Behind the Research 03:01 Challenges Faced by Digital Forensic Investigators 06:00 The Importance of Proactive Mental Health Support 13:32 Cultural Competence in Therapy 23:42 Practical Steps for Organizations 34:23 The National Wellbeing Survey 38:03 The Forward Center Initiative 48:07 Conclusion and Final Thoughts

We've got a few compelling topics to discuss within SecOps today. First, Tim insists it's possible to automate a large amount of SecOps work, without the use of generative AI. Not only that, but he intends to back it up by tracking the quality of this automated work with an ISO standard unknown to cybersecurity. I've often found useful lessons and wisdom outside security, so I get excited when someone borrows from another, more mature industry to help solve problems in cyber. In this case, we'll be talking about Acceptable Quality Limits (AQL), an ISO standard quality assurance framework that's never been used in cyber. Segment Resources: Introducing AQL for cyber. AQL - How we do it An AQL 'calculator' you can play around with We couldn't decide what to talk to Allie about, so we're going with a bit of everything. Don't worry - it's all related and ties together nicely. First, we'll discuss AI and automation in the SOC - Allie is covering this trend closely, and we want to know if she's seeing any results yet here. Next, we'll discover SecOps data management - the blood that delivers oxygen to the SOC muscles. Finally, we'll discuss MITRE's recent EDR evaluations - there was some contention around some vendors claiming to ace the test and we're going to get the tea on what's really going on here! For each of these three topics, these are the blog posts they correspond with if you want to learn more: Generative AI Will Not Fulfill Your Autonomous SOC Hopes (Or Even Your Demo Dreams) If You're Not Using Data Pipeline Management For Security And IT, You Need To Go Beyond The MITRE ATT&CK Evaluation To The True Cost Of Alert Volumes In this week's enterprise security news, we've got 5 acquisitions Tines gets funding new tools and DFIR reports to check out A legal precedent that could hurt AI companies AI garbage is in your code repos the dark side of security leadership HIPAA fines are broken Salt Typhoon is having a great time Don't use ChatGPT for legal advice!!!!! All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-394

We've got a few compelling topics to discuss within SecOps today. First, Tim insists it's possible to automate a large amount of SecOps work, without the use of generative AI. Not only that, but he intends to back it up by tracking the quality of this automated work with an ISO standard unknown to cybersecurity. I've often found useful lessons and wisdom outside security, so I get excited when someone borrows from another, more mature industry to help solve problems in cyber. In this case, we'll be talking about Acceptable Quality Limits (AQL), an ISO standard quality assurance framework that's never been used in cyber. Segment Resources: Introducing AQL for cyber. AQL - How we do it An AQL 'calculator' you can play around with We couldn't decide what to talk to Allie about, so we're going with a bit of everything. Don't worry - it's all related and ties together nicely. First, we'll discuss AI and automation in the SOC - Allie is covering this trend closely, and we want to know if she's seeing any results yet here. Next, we'll discover SecOps data management - the blood that delivers oxygen to the SOC muscles. Finally, we'll discuss MITRE's recent EDR evaluations - there was some contention around some vendors claiming to ace the test and we're going to get the tea on what's really going on here! For each of these three topics, these are the blog posts they correspond with if you want to learn more: Generative AI Will Not Fulfill Your Autonomous SOC Hopes (Or Even Your Demo Dreams) If You're Not Using Data Pipeline Management For Security And IT, You Need To Go Beyond The MITRE ATT&CK Evaluation To The True Cost Of Alert Volumes In this week's enterprise security news, we've got 5 acquisitions Tines gets funding new tools and DFIR reports to check out A legal precedent that could hurt AI companies AI garbage is in your code repos the dark side of security leadership HIPAA fines are broken Salt Typhoon is having a great time Don't use ChatGPT for legal advice!!!!! All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-394

In this week's enterprise security news, we've got 5 acquisitions Tines gets funding new tools and DFIR reports to check out A legal precedent that could hurt AI companies AI garbage is in your code repos the dark side of security leadership HIPAA fines are broken Salt Typhoon is having a great time Don't use ChatGPT for legal advice!!!!! All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-394

In this week's enterprise security news, we've got 5 acquisitions Tines gets funding new tools and DFIR reports to check out A legal precedent that could hurt AI companies AI garbage is in your code repos the dark side of security leadership HIPAA fines are broken Salt Typhoon is having a great time Don't use ChatGPT for legal advice!!!!! All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-394

Send us a textGet ready for a hands-on look at digital forensics and the challenges professionals tackle every day. We share a story about forensic guessing that highlights the importance of testing assumptions and following the evidence to avoid errors. The discussion emphasizes how staying grounded in facts can prevent investigations from going off track.We also highlight advancements in forensic tools and training. Learn about tools like Belkasoft, the UFADE tool for iOS device extraction, and SQBite for SQLite database analysis. These tools are improving efficiency and accessibility in the field. But it's not all about the tech. We address the important topic of mental health in digital forensics. We discuss the pressures of the job, strategies for managing stress, and the importance of supporting one another. Personal experiences and practical tips highlight the need to prioritize mental well-being in this demanding field.This episode provides valuable information on tools, investigative approaches, and mental health strategies for forensic professionals. Notes:Belkasoft Windows Forensics Coursehttps://belkasoft.com/windows-forensics-trainingUpdates to UFADEhttps://github.com/prosch88/UFADE/releasesThe Duck Hunter's Bloghttps://digital4n6withdamien.blogspot.com/2025/01/the-duck-hunters-guide-blog-1.htmlhttps://digital4n6withdamien.blogspot.com/2025/01/the-duck-hunters-guide-blog-2.htmlhttps://digital4n6withdamien.blogspot.com/2025/01/the-duck-hunters-guide-blog-3.htmlSQBitehttps://digital4n6withdamien.blogspot.com/2025/01/introducing-sqbite-alpha-python-tool.htmlhttps://github.com/SpyderForensics/SQLite_Forensics/tree/main/SQBiteMental Health in DFIRhttps://thebinaryhick.blog/2019/06/21/mental-health-in-dfir-its-kind-of-a-big-deal/https://www.forensicfocus.com/podcast/the-impact-of-traumatic-material-on-dfir-well-being/https://www.forensicfocus.com/news/dfir-and-mental-health-are-we-doing-enough-to-protect-investigators/https://www.sciencedirect.com/science/article/pii/S2666281721000251https://belkasoft.com/preventing-burnout-in-digital-forensicshttps://www.magnetforensics.com/resources/taking-care-of-mental-health-during-digital-forensics-investigations/https://www.harmlessthepodcast.com/https://www.shiftwellness.org/about-ushttps://www.nyleap.org/What's New with the LEAPPShttps://github.com/abrignoni

We discuss our latest report "The Curious Case of an Egg-Cellent Resume" Host: ⁠⁠⁠⁠@Kostastsale⁠⁠⁠⁠ Analysts: ⁠⁠⁠⁠⁠⁠@_pete_0, Zach Stanford (aka @svch0st) Report: ⁠⁠⁠⁠https://thedfirreport.com/2024/12/02/the-curious-case-of-an-egg-cellent-resume/ Contact Us: ⁠⁠⁠⁠https://thedfirreport.com/contact/⁠⁠⁠⁠ Services: ⁠⁠⁠⁠https://thedfirreport.com/services/⁠⁠⁠⁠ Music by FASSounds from Pixabay

Security risk assessments can be a tool for guiding and prioritizing incident response investigations. By evaluating the potential impact and likelihood of various threats, these assessments provide a structured framework to identify and mitigate risks effectively. This episode will explore how integrating security risk assessments into incident response workflows enhances response strategies.

Forensic examiners have quite a few programs at their disposal these days to complete their work.  Many of them are quite expensive; however, there are other programs that can be utilized and don't cost an arm and a leg.  In this episode Becky and I talk about some of these programs, what they're used for and how much they cost, if anything.  This is part 1 of a 2-part series on forensic tools.

Join us for the “Heroes Unite: Exploring the Future of Legal Technology Careers” panel at the 3rd Annual ACEDS eDiscovery Day in Austin, Texas. This dynamic session brings together industry leaders to discuss the rapidly evolving legal technology landscape. Gain insights into how emerging technologies are reshaping career paths, the growing importance of technical expertise and soft skills, and discover new opportunities for growth and innovation in the field. Whether you're a seasoned professional or just starting your journey, this discussion will equip you with the knowledge to thrive in the ever-changing world of eDiscovery and beyond. 

In 2024, AI has not only revolutionized how we defend against cyber threats but also how those threats are being carried out. We'll explore how AI is enabling faster, more efficient security incident responses, with real-world examples of its application in automated threat detection and response, advanced forensics, and more. But with every technological leap forward, there's a dark side and attackers are harnessing AI to orchestrate sophisticated attacks...

For this interview, Ben from CyberNest joins us to talk about one of my favorite subjects: information sharing in infosec. There are so many amazing skills, tips, techniques, and intel that security professionals have to share. Sadly, a natural corporate reluctance to share information viewed as privileged and private has historically had a chilling effect on information sharing. We'll discuss how to build such a community, how to clear the historical hurdles with information sharing, and how to monetize it without introducing bias and compromising the integrity of the information shared. Aaron was already a skilled bug hunter and working at HackerOne as a triage analyst at the time. What he discovered can't even be described as a software bug or a vulnerability. This type of finding has probably resulted in more security incidents and breaches than any other category: the unintentional misconfiguration. There's a lot of conversation right now about the grey space around 'shared responsibility'. In our news segment later, we'll also be discussing the difference between secure design and secure defaults. The recent incidents revolving around Snowflake customers getting compromised via credential stuffing attacks is a great example of this. Open AWS S3 buckets are probably the best known example of this problem. At what point is the service provider responsible for customer mistakes? When 80% of customers are making expensive, critical mistakes? Doesn't the service provider have a responsibility to protect its customers (even if it's from themselves)? These are the kinds of issues that led to Aaron getting his current job as Chief of SaaS Security Research at AppOmni, and also led to him recently finding another common misconfiguration - this time in ServiceNow's products. Finally, we'll discuss the value of a good bug report, and how it can be a killer addition to your resume if you're interested in this kind of work! Segment Resources: Aaron's blog about the ServiceNow data exposure. The ServiceNow blog, thanking AppOmni for its support in uncovering the issue. In the enterprise security news, Eon, Resolve AI, Harmonic and more raise funding Dragos acquires Network Perception Prevalent acquires Miratech The latest DFIR reports A spicy security product review Secure by Whatever New threats Hot takes All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-379

For this interview, Ben from CyberNest joins us to talk about one of my favorite subjects: information sharing in infosec. There are so many amazing skills, tips, techniques, and intel that security professionals have to share. Sadly, a natural corporate reluctance to share information viewed as privileged and private has historically had a chilling effect on information sharing. We'll discuss how to build such a community, how to clear the historical hurdles with information sharing, and how to monetize it without introducing bias and compromising the integrity of the information shared. Aaron was already a skilled bug hunter and working at HackerOne as a triage analyst at the time. What he discovered can't even be described as a software bug or a vulnerability. This type of finding has probably resulted in more security incidents and breaches than any other category: the unintentional misconfiguration. There's a lot of conversation right now about the grey space around 'shared responsibility'. In our news segment later, we'll also be discussing the difference between secure design and secure defaults. The recent incidents revolving around Snowflake customers getting compromised via credential stuffing attacks is a great example of this. Open AWS S3 buckets are probably the best known example of this problem. At what point is the service provider responsible for customer mistakes? When 80% of customers are making expensive, critical mistakes? Doesn't the service provider have a responsibility to protect its customers (even if it's from themselves)? These are the kinds of issues that led to Aaron getting his current job as Chief of SaaS Security Research at AppOmni, and also led to him recently finding another common misconfiguration - this time in ServiceNow's products. Finally, we'll discuss the value of a good bug report, and how it can be a killer addition to your resume if you're interested in this kind of work! Segment Resources: Aaron's blog about the ServiceNow data exposure. The ServiceNow blog, thanking AppOmni for its support in uncovering the issue. In the enterprise security news, Eon, Resolve AI, Harmonic and more raise funding Dragos acquires Network Perception Prevalent acquires Miratech The latest DFIR reports A spicy security product review Secure by Whatever New threats Hot takes All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-379

In the enterprise security news, Eon, Resolve AI, Harmonic and more raise funding Dragos acquires Network Perception Prevalent acquires Miratech The latest DFIR reports A spicy security product review Secure by Whatever New threats Hot takes All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-379

This episode features Matthew Rasmussen, Founder and CEO of ModeOne, which is an app that provides targeted smart phone data discovery. Matt discusses his journey from a psych major waiting tables to landing a job in eDiscovery in its earliest days-- a job that ultimately helped him land jobs in BigLaw for multiple firms running their litigation technology departments. It was when he was working for O'Melveny & Meyers when he had his "light bulb moment" that led to the creation of ModeOne, a solution addressing the challenges of efficient data collection from mobile devices. Matt explains how ModeOne works, its benefits over traditional digital forensic collection methods, and how it addresses concerns about evidentiary defensibility. He also highlights the various use cases for ModeOne beyond litigation, including internal investigations, HR matters, and compliance. The conversation delves into ModeOne's development, its unique approach compared to competitors, and its future roadmap, including internationalization and integrations with other platforms like Relativity. Learn more about Matt. Key Discussion Points: [0:39] Matt's unconventional path to eDiscovery [3:35] The "light bulb moment" that sparked the idea for Mode One [9:02] How Mode One works and its advantages [11:36] Addressing evidentiary concerns and gaining credibility [19:19] Expanding use cases beyond litigation [22:48] iOS and Android certification process [23:31] Apps and data supported by Mode One [25:18] Mode One's built-in review tool and Relativity integration [28:04] Future roadmap and upcoming features  

Today, Marc and James have the pleasure of sitting down with Omar Aviles, a seasoned expert in DFIR, threat hunting, and malware analysis. Omar takes us on a journey through his early days of dismantling computers out of sheer curiosity to the high-stakes world of battling ransomware in real-time. He delves into the growing dangers of corporate espionage, nation-state attacks, and the ever-evolving landscape of cybersecurity. Throughout the conversation, Omar's passion for protecting the digital world shines brightly, as he shares his favorite hacking techniques, insights on hunting and neutralizing threats, and invaluable advice for those looking to break into the cybersecurity field.

I decided to talk this week about the Importance of Secure Coding Knowledge for Security Incident Response Investigations. Knowing secure coding principles helps identify the root causes of vulnerabilities and recognize attack patterns. It facilitates effective communication and collaboration with developers, ensuring accurate incident reports and actionable recommendations. Secure coding knowledge enhances forensic analysis by aiding in code reviews and log analysis to detect anomalies. It also allows responders to suggest mitigation strategies and improve the security posture of applications. Ultimately, this knowledge leads...

International Law Enforcement Seizes Domains of Russian Crypto Laundering Networks. The real-world risk of a recently revealed Linux vulnerability appears low. Criminal Charges Loom in the Iranian Hack of the Trump Campaign. Meta is fined over a hundred million dollars for storing users' passwords in plaintext. Delaware's public libraries grapple with the aftermath of a ransomware attack. Tor merges with Tails. Progress Software urges customers to patch multiple vulnerabilities. A critical vulnerability in VLC media player has been discovered. Our guests are Mark Lance, Vice President of DFIR and Threat Intelligence at GuidePoint Security, and Andrew Nelson, Principal Security Consultant at GuidePoint Security discussing their work on "Hazard Ransomware – A Successful Broken Encryptor Story." Having the wisdom to admit you just don't know.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest is Mark Lance, Vice President DFIR and Threat Intelligence at GuidePoint Security, discussing their work on "Hazard Ransomware – A Successful Broken Encryptor Story."  Selected Reading US-led operation disrupts crypto exchanges linked to Russian cybercrime (The Record) Highly Anticipated Linux Flaw Allows Remote Code Execution, but Less Serious Than Expected (SecurityWeek) Criminal charges coming in alleged Iranian hack of Trump campaign emails: Sources (ABC News) Meta fined $101 million for storing hundreds of millions of passwords in plaintext (The Record) Hackers attack Delaware libraries, seek ransom. Here's what we know (Delaware Online) Tor Merges With Security-Focused OS Tails (SecurityWeek) Progress urges admins to patch critical WhatsUp Gold bugs ASAP (Bleeping Computer) VLC Player Vulnerability Let Attackers Execute Malicious Code, Update Now (Cyber Security News) Bigger AI chatbots more inclined to spew nonsense — and people don't always realize (Nature) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

This week, we're covering zero-day vulnerability response from a Digital Forensics and Incident Response professional's perspective. In our roles, we often get involved in various tasks that require a security mindset, and one critical task is responding to zero-day vulnerabilities. To provide a real-world context, we'll integrate the recently disclosed zero-day exploit "Copy2Pwn" (CVE-2024-38213) and discuss the specific forensic artifacts and methods used to achieve the objectives of a DFIR response.

Breaking into Cybersecurity - DFIR Career Advice w/Cathy UllmanDr. Catherine J. Ullman is a security researcher, speaker, author, and Principal Technology Architect and security at the University at Buffalo with over 20 years of highly technical experience. In her current role, Cathy is a digital forensics and incident response (DFIR) specialist, performing incident management, intrusion detection, investigative services, and personnel case resolution in a dynamic academic environment. She additionally builds security awareness among faculty and staff, educating and informing users about how to prevent and detect social engineering threats and compute and digitally communicate safely. Cathy has presented at numerous information security conferences, including DEF CON and Blue Team Con. Cathy is a contributor to the O'Reilly title 97 Things Every Information Professional Should Know and the author of the Wiley title The Active Defender. In her (minimal) spare time, she enjoys visiting her adopted two-toed sloth, Flash, at the Buffalo Zoo, researching death and the dead, and learning more about hacking things to make the world a more secure place.Sponsored by CPF Coaching LLC - http://cpf-coaching.comThe Breaking into Cybersecurity: It's a conversation about what they did before, why did they pivot into cyber, what the process was they went through Breaking Into Cybersecurity, how they keep up, and advice/tips/tricks along the way.The Breaking into Cybersecurity Leadership Series is an additional series focused on cybersecurity leadership and hearing directly from different leaders in cybersecurity (high and low) on what it takes to be a successful leader. We focus on the skills and competencies associated with cybersecurity leadership and tips/tricks/advice from cybersecurity leaders.This podcast runs on listener support and funding. Consider supporting this podcast:https://breaking-into-cybersecurity.captivate.fm/supportCheck out our books:Develop Your Cybersecurity Career Path: How to Break into Cybersecurity at Any Level https://amzn.to/3443AUIHack the Cybersecurity Interview: A complete interview preparation guide for jumpstarting your cybersecurity career https://www.amazon.com/dp/1801816638/About the hosts:Renee Small is the CEO of Cyber Human Capital, one of the leading human resources business partners in the field of cybersecurity, and author of the Amazon #1 best-selling book, Magnetic Hiring: Your Company's Secret Weapon to Attracting Top Cyber Security Talent. She is committed to helping leaders close the cybersecurity talent gap by hiring from within and helping more people get into the lucrative cybersecurity profession. https://www.linkedin.com/in/reneebrownsmall/Download a free copy of her book at magnetichiring.com/bookChristophe Foulon focuses on helping to secure people and processes with a solid understanding of the technology involved. He has over ten years of experience as an experienced...

This week, we are joined by Jason Baker, Senior Threat Consultant at GuidePoint Security, and he is discussing their work on "Worldwide Web: An Analysis of Tactics and Techniques Attributed to Scattered Spider." In early 2024, a current RansomHub RaaS affiliate was identified as a former Alphv/Black Cat affiliate and is believed to be linked to the Scattered Spider group, known for using overlapping tools, tactics, and victims. The high-confidence assessment by GuidePoint's DFIR and GRIT teams is supported by the consistent use of tools like ngrok and Tailscale, social engineering tactics, and systematic playbooks in intrusions. The research can be found here: Worldwide Web: An Analysis of Tactics and Techniques Attributed to Scattered Spider Learn more about your ad choices. Visit megaphone.fm/adchoices