In this episode we dive into the modern reality of identity-driven attacks. In today’s cloud-first world, attackers don’t need malware or exploits — they simply log in. Learn how federated identity systems like Microsoft Entra ID, Okta, and Google Workspace change the forensic landscape, why credentials and tokens have become the new attack surface, and how investigators can uncover evidence hidden inside authentication logs, access events, and OAuth permissions. If you want to understand how to investigate cases where login itself is the crime, this episode is essential listening.

#FforForensics #DigitalForensics #DFIR #CloudForensics #IdentitySecurity #FederatedIdentity #CyberForensics #IncidentResponse #CyberSecurity #AuthenticationLogs #MFA #TokenAbuse #ForensicPodcast

Season 2 kicks off with a look at how digital forensics is evolving in a cloud-first world. We explore why traditional disk-based investigations no longer work, how identity and access have become the new evidence, and what investigators must learn to solve modern cases where logs, tokens, and timestamps matter more than files.

#FforForensics #DigitalForensics #DFIR #CloudForensics #CyberForensics #IdentitySecurity #IncidentResponse #ForensicPodcast #CyberSecurity

In the final episode of the year, we bring everything together—file systems, memory, timelines, flash storage, and user activity—to show how real digital cases are solved from start to finish. This episode walks through how a single overlooked artifact can become the final piece that breaks a case wide open. We also reflect on the season and tease bigger, deeper, and more advanced forensic topics coming next year. This is a must-listen finale you won’t want to miss.

#FforForensics #DigitalForensics #DFIR #ForensicPodcast #CyberForensics

In this episode, we break down the challenges and opportunities of flash storage forensics. From SSDs and USB drives to smartphones, learn how wear leveling, TRIM commands, and encryption impact evidence recovery—and why “deleted” doesn’t always mean gone. Real-world cases and practical techniques show how investigators adapt in the modern storage era.

#FforForensics, #FlashForensics, #DigitalForensics, #DFIR, #CyberForensics, #SSDForensics, #FlashStorage, #DataRecovery, #ForensicAnalysis, #ComputerForensics, #MobileForensics, #CyberCrime, #ForensicPodcast

In this episode of F for Forensics, we explore how investigators transform scattered artifacts into a clear digital narrative using forensic timelines. From MACB timestamps and registry entries to browser data, logs, and super timelines, this episode breaks down how timelines reveal patterns, expose anomalies, and connect user actions across systems. Real-world examples show how seconds, not hours, can make or break a case.

#FforForensics, #ForensicTimelines, #DigitalForensics, #DFIR, #CyberForensics, #TimelineAnalysis, #EventLogs, #Plaso, #Timesketch, #ComputerForensics, #ForensicAnalysis, #CyberCrime, #IncidentResponse, #ForensicPodcast

In this episode we tackle the fast-paced and volatile world of live memory forensics. They explore how RAM captures evidence that never touches the disk—passwords, keys, active malware, live sessions, command history, and more. Through real case examples, tools like Volatility and Rekall, and best-practice guidance, this episode uncovers why RAM is often the key to catching the activity happening right now.

#FforForensics, #MemoryForensics, #RAMAnalysis, #LiveMemory, #DFIR, #DigitalForensics, #CyberForensics, #Volatility, #Rekall, #IncidentResponse, #CyberSecurity, #ForensicPodcast, #ComputerForensics, #MalwareAnalysis, #CyberCrime

In this episode, we dive into the most cringe-worthy mistakes in digital forensics—and the lessons they teach. From overwriting original evidence to remote-wiped phones, timestamp disasters, and documentation nightmares, this episode highlights what not to do in the lab. Whether you're new to DFIR or a seasoned examiner, these real-world fails will make you wince, laugh, and sharpen your forensic discipline.

#FforForensics, #ForensicFails, #DigitalForensics, #DFIR, #CyberForensics, #IncidentResponse, #ChainOfCustody, #ForensicAnalysis, #ComputerForensics, #ForensicPodcast, #CyberCrime, #EvidencePreservation, #ForensicMistakes, #InvestigatorLife

In this episode we break down one of the most essential skills in digital forensics: forensic imaging. Learn why bit-for-bit acquisitions matter, how write-blockers protect evidence, which tools professionals rely on (from FTK Imager to Cellebrite), and the real-world mistakes that can make or break a case. Whether you're imaging a laptop, server, mobile device, or USB drive, this episode teaches you how to preserve digital evidence the right way.

#FforForensics, #ForensicImaging, #DigitalForensics, #DFIR, #CyberForensics, #ForensicTools, #FTK, #EnCase, #WriteBlocker, #IncidentResponse, #ComputerForensics, #ForensicPodcast, #ChainOfCustody, #CyberCrime, #EvidencePreservation