Artwork

Indhold leveret af Clint Marsden. Alt podcastindhold inklusive episoder, grafik og podcastbeskrivelser uploades og leveres direkte af Clint Marsden eller deres podcastplatformspartner. Hvis du mener, at nogen bruger dit ophavsretligt beskyttede værk uden din tilladelse, kan du følge processen beskrevet her https://da.player.fm/legal.
Player FM - Podcast-app
Gå offline med appen Player FM !

Episode 13-ELK EDR and Sandboxing, Home grown CTF environments, DFIR Automation & Forensics in the cloud, with Jacob Wilson

54:55
 
Del
 

Manage episode 435166470 series 3578563
Indhold leveret af Clint Marsden. Alt podcastindhold inklusive episoder, grafik og podcastbeskrivelser uploades og leveres direkte af Clint Marsden eller deres podcastplatformspartner. Hvis du mener, at nogen bruger dit ophavsretligt beskyttede værk uden din tilladelse, kan du følge processen beskrevet her https://da.player.fm/legal.

Send us a text

Episode 13 is another giant episode with a focus on what its like be in the mud working on real life forensic investigations. Jacob and Clint talk about ELK EDR, using Sysmon.
Sandbox Environments: Jacob discusses the creation of a sandbox environment using an ELK stack combined with Sysmon, enabling in-depth malware analysis by capturing and analyzing detailed system activity.

Automation in Investigations: Jacob emphasizes the importance of automating repetitive tasks, such as business email compromise investigations, to streamline processes and improve efficiency.
Pen Testing and Red Teaming: Jacob shares insights into the importance of understanding both offensive (red teaming) and defensive (blue teaming) techniques to better anticipate and mitigate threats.

Practical Learning: Jacob advocates for hands-on experience in digital forensics, highlighting the limitations of theoretical knowledge and the value of real-world application.
Resources Mentioned:

  • ELK Stack: Used for creating a detailed sandbox environment for malware analysis. Learn more about ELK Stack here.
  • Sysmon: Essential tool for capturing detailed logs on Windows systems. Explore Sysmon here.
  • Axiom: A commercial digital forensics tool praised for its comprehensive and reliable results. More about Axiom here.
  • Cellebrite: A tool used for mobile device forensics, particularly for logical acquisitions. Discover Cellebrite here.
  • Splunk: Utilized for automating the investigation process by analyzing large datasets quickly. More on Splunk here.

Jacob Wilson's LinkedIn: https://www.linkedin.com/in/jacob--wilson/?originalSubdomain=au

  continue reading

16 episoder

Artwork
iconDel
 
Manage episode 435166470 series 3578563
Indhold leveret af Clint Marsden. Alt podcastindhold inklusive episoder, grafik og podcastbeskrivelser uploades og leveres direkte af Clint Marsden eller deres podcastplatformspartner. Hvis du mener, at nogen bruger dit ophavsretligt beskyttede værk uden din tilladelse, kan du følge processen beskrevet her https://da.player.fm/legal.

Send us a text

Episode 13 is another giant episode with a focus on what its like be in the mud working on real life forensic investigations. Jacob and Clint talk about ELK EDR, using Sysmon.
Sandbox Environments: Jacob discusses the creation of a sandbox environment using an ELK stack combined with Sysmon, enabling in-depth malware analysis by capturing and analyzing detailed system activity.

Automation in Investigations: Jacob emphasizes the importance of automating repetitive tasks, such as business email compromise investigations, to streamline processes and improve efficiency.
Pen Testing and Red Teaming: Jacob shares insights into the importance of understanding both offensive (red teaming) and defensive (blue teaming) techniques to better anticipate and mitigate threats.

Practical Learning: Jacob advocates for hands-on experience in digital forensics, highlighting the limitations of theoretical knowledge and the value of real-world application.
Resources Mentioned:

  • ELK Stack: Used for creating a detailed sandbox environment for malware analysis. Learn more about ELK Stack here.
  • Sysmon: Essential tool for capturing detailed logs on Windows systems. Explore Sysmon here.
  • Axiom: A commercial digital forensics tool praised for its comprehensive and reliable results. More about Axiom here.
  • Cellebrite: A tool used for mobile device forensics, particularly for logical acquisitions. Discover Cellebrite here.
  • Splunk: Utilized for automating the investigation process by analyzing large datasets quickly. More on Splunk here.

Jacob Wilson's LinkedIn: https://www.linkedin.com/in/jacob--wilson/?originalSubdomain=au

  continue reading

16 episoder

모든 에피소드

×
 
Loading …

Velkommen til Player FM!

Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.

 

Hurtig referencevejledning