Matt BThe Ken Johnson DFIR ScholarshipFor today’s post, I’d like to bring attention to the newly-announced Ken Johnson DFIR Scholarship. Created in partnership between SANS and…Mar 22, 2017Mar 22, 2017
Matt BTorvalds Tuesday: Microsoft SQL Server on LinuxToday’s post will kick off a series of Tuesday posts in which I will be looking at Microsoft SQL Server on Linux. Being a database…Feb 22, 2017Feb 22, 2017
Matt BTool Review: mongoauditFor today’s post, I’m going to take a look at the tool mongoaudit, which came across my Twitter feed yesterday. It’s no secret my affinity…Feb 13, 2017Feb 13, 2017
Matt BFull Packet Friday: Malware Traffic AnalysisFor today’s post, I’ll be taking a look at the Malware Traffic Analysis exercise that was posted on January 28, 2017. Just in time to get…Feb 10, 20172Feb 10, 20172
Matt BSANS CTI Summit 2017For today’s post, I’m going to take a pause from the NTFS series. I wanted to get some thoughts down on paper about the 2017 SANS Cyber…Feb 1, 2017Feb 1, 2017
Matt BA Journey into NTFS: Part 7For today’s post, I’m going to focus on the file $MFTMirr. This is going to be a relatively short post as this file is not the most complex…Feb 1, 2017Feb 1, 2017
Matt BA Journey into NTFS: Part 6For today’s post, I’m finally going to get to the head honcho of NTFS files: the MFT. This is without a doubt the most important NTFS…Jan 30, 2017Jan 30, 2017
Matt BA Journey into NTFS: Part 5In yesterday’s post, I spent some time discussing common NTFS attributes. Experienced DFIR analysts may have noticed that I left out three…Jan 30, 2017Jan 30, 2017
Matt BA Journey into NTFS: Part 4For today’s post, I’m finally going to examine NTFS attributes. I’ve mentioned and discussed various attributes in previous posts, and…Jan 28, 2017Jan 28, 2017
Matt BA Journey into NTFS: Part 3For today’s post, I’m going to look at the NTFS file $Boot. As easily guessed, this file is related to the booting process and contains the…Jan 27, 20172Jan 27, 20172