In this episode we explore a growing class of threats that leave investigators with no malware, no suspicious files, and sometimes no compromised device to examine. Learn how attackers abuse cloud services, APIs, automation tools, and legitimate administrative features to steal data and evade traditional detection. Discover where the evidence really lives, why logs have become the new crime scene, and how investigators must adapt to uncover attacks that exist only in actions, not artifacts.

#FforForensics, #DigitalForensics, #DFIR, #CloudForensics, #CyberForensics, #CloudSecurity, #IncidentResponse, #FilelessAttacks, #CloudInvestigations, #ForensicPodcast, #CyberSecurity, #ThreatHunting, #IdentitySecurity

What if your organization was breached... and there was no malware to find?

No suspicious files.
No infected endpoint.
No obvious signs of compromise.

Just legitimate cloud tools being used for the wrong reasons.

In Season 2, Episode 3 of F for Forensics, we explore how modern attackers operate without dropping malware, how cloud-based attacks evade traditional defenses, and where investigators must look when the evidence isn't on a hard drive.

Listen now: F is for Fileless in the Cloud: Attacks Without Endpoints

#FforForensics #DigitalForensics #DFIR #CloudForensics #CyberForensics #IncidentResponse #CloudSecurity #ForensicPodcast

In this episode we dive into the modern reality of identity-driven attacks. In today’s cloud-first world, attackers don’t need malware or exploits — they simply log in. Learn how federated identity systems like Microsoft Entra ID, Okta, and Google Workspace change the forensic landscape, why credentials and tokens have become the new attack surface, and how investigators can uncover evidence hidden inside authentication logs, access events, and OAuth permissions. If you want to understand how to investigate cases where login itself is the crime, this episode is essential listening.

#FforForensics #DigitalForensics #DFIR #CloudForensics #IdentitySecurity #FederatedIdentity #CyberForensics #IncidentResponse #CyberSecurity #AuthenticationLogs #MFA #TokenAbuse #ForensicPodcast

Season 2 kicks off with a look at how digital forensics is evolving in a cloud-first world. We explore why traditional disk-based investigations no longer work, how identity and access have become the new evidence, and what investigators must learn to solve modern cases where logs, tokens, and timestamps matter more than files.

#FforForensics #DigitalForensics #DFIR #CloudForensics #CyberForensics #IdentitySecurity #IncidentResponse #ForensicPodcast #CyberSecurity

In the final episode of the year, we bring everything together—file systems, memory, timelines, flash storage, and user activity—to show how real digital cases are solved from start to finish. This episode walks through how a single overlooked artifact can become the final piece that breaks a case wide open. We also reflect on the season and tease bigger, deeper, and more advanced forensic topics coming next year. This is a must-listen finale you won’t want to miss.

#FforForensics #DigitalForensics #DFIR #ForensicPodcast #CyberForensics

In this episode, we break down the challenges and opportunities of flash storage forensics. From SSDs and USB drives to smartphones, learn how wear leveling, TRIM commands, and encryption impact evidence recovery—and why “deleted” doesn’t always mean gone. Real-world cases and practical techniques show how investigators adapt in the modern storage era.

#FforForensics, #FlashForensics, #DigitalForensics, #DFIR, #CyberForensics, #SSDForensics, #FlashStorage, #DataRecovery, #ForensicAnalysis, #ComputerForensics, #MobileForensics, #CyberCrime, #ForensicPodcast

In this episode of F for Forensics, we explore how investigators transform scattered artifacts into a clear digital narrative using forensic timelines. From MACB timestamps and registry entries to browser data, logs, and super timelines, this episode breaks down how timelines reveal patterns, expose anomalies, and connect user actions across systems. Real-world examples show how seconds, not hours, can make or break a case.

#FforForensics, #ForensicTimelines, #DigitalForensics, #DFIR, #CyberForensics, #TimelineAnalysis, #EventLogs, #Plaso, #Timesketch, #ComputerForensics, #ForensicAnalysis, #CyberCrime, #IncidentResponse, #ForensicPodcast

In this episode we tackle the fast-paced and volatile world of live memory forensics. They explore how RAM captures evidence that never touches the disk—passwords, keys, active malware, live sessions, command history, and more. Through real case examples, tools like Volatility and Rekall, and best-practice guidance, this episode uncovers why RAM is often the key to catching the activity happening right now.

#FforForensics, #MemoryForensics, #RAMAnalysis, #LiveMemory, #DFIR, #DigitalForensics, #CyberForensics, #Volatility, #Rekall, #IncidentResponse, #CyberSecurity, #ForensicPodcast, #ComputerForensics, #MalwareAnalysis, #CyberCrime