Shows
TLP - The Digital Forensics PodcastEpisode 22:AI Chat Forensics: How to Find, Investigate, and Analyse Evidence from ChatGPT, Claude & GeminiSend us a textUnlock the secrets behind digital forensic investigations into AI chat platforms like ChatGPT, Claude, and Google's Gemini in this insightful episode. Learn the precise methods for discovering, extracting, and interpreting digital evidence across Windows, Mac, and Linux environments, whether it's browser caches, memory forensics, network logs, or cloud-based data exports.From identifying subtle signs of malicious AI usage and attempts to evade security controls, to piecing together forensic timelines, this podcast provides practical, hands-on guidance tailored for cybersecurity professionals, forensic analysts, and IT investigators. Tune in now and boost your expertise...2025-06-2240 minTLP - The Digital Forensics PodcastEpisode 21: How IRCO is Changing DFIR: The AI Copilot for Real-Time Cyber InvestigationsSend us a textLink to IRCO- Incident Response Copilot on Chat GPThttps://chatgpt.com/g/g-68033ce1b26481919b26df0737241bac-irco-incident-response-co-pilotIn this episode of TLP: The Digital Forensics Podcast, Clint dives deep into IRCO (a custom GPT designed specifically for DFIR and SOC analysts). From real-world cyber incidents to post-incident reporting and CTF training, IRCO acts like your AI-powered colleague: fast, focused, and built for real investigations or even CTF's.Learn how this tool understands your forensic workflows, decodes technical jargon, and supports smarter, f...2025-06-1015 minTLP - The Digital Forensics PodcastEpisode 20:What Makes an Elite Incident Response Team: Mindset, Mastery, and Real-World DFIR LessonsSend us a textDrawing inspiration from observing military special forces and over five years of hands-on DFIR experience, Clint explores the mindset, habits, and tactical processes that set top-performing IR teams apart. Clint Marsden explores the mindset, habits, and tactical processes that set top-performing IR teams apart.From threat intelligence workflows and detection-first thinking to deep forensic analysis and clear executive reporting, this episode is packed with real-world lessons, relatable stories, and practical advice. Whether you're running your first threat hunt or leading an enterprise SOC, you'll walk away with a clearer vision for...2025-06-0438 minTLP - The Digital Forensics PodcastEpisode 19: AI Data Poisoning: How Bad Actors Corrupt Machine Learning Systems for Under $60Send us a textClint Marsden breaks down a critical cybersecurity report from intelligence agencies including the CSA, NSA, and FBI about the growing threat of AI data poisoning. Learn how malicious actors can hijack AI systems for as little as $60, turning machine learning models against their intended purpose by corrupting training data.Clint explains the technical concept of data poisoning in accessible terms, comparing it to teaching a child the wrong labels for objects. He walks through the six-stage framework where AI systems become vulnerable, from initial design to production deployment, and covers the...2025-05-2626 minTLP - The Digital Forensics PodcastAudiobook - Mastering Sysmon. Deploying, Configuring, and Tuning in 10 easy stepsSend us a textThis episode features the complete narration of my ebook: Mastering Sysmon – Deploying, Configuring, and Tuning in 10 Easy Steps, providing a step-by-step guide to getting Sysmon up and running for better threat detection and incident response.If you’re in security operations, digital forensics, or incident response, this episode will help you:Deploy Sysmon efficiently.Tune Sysmon logs for maximum insight while reducing noise.Use Sysmon for investigations—from process creation tracking to network monitoring.Understand real-world use cases2025-02-2843 minTLP - The Digital Forensics PodcastEpisode 17 - Building a CTFSend us a textSo You Want to Build Your Own DFIR CTF? Ever wanted to build your own Digital Forensics and Incident Response (DFIR) Capture the Flag (CTF) challenge but weren’t sure where to start? In this episode of Traffic Light Protocol, we share the how-to of CTF builders, making it easy for anyone—no pentesting skills required!Today's episode includes: Choosing Your CTF Theme – Using MITRE ATT&CK and APT tracking to craft a realistic attack scenario.Setting Up the L...2025-02-2728 minTLP - The Digital Forensics PodcastEpisode 16 - Mastering the Basics: Key Strategies for Cyber InvestigationsSend us a textKicking off 2025, we're getting back to basics with something every cyber investigator needs to master—starting an investigation the right way. Too often, investigations get derailed because the right questions weren’t asked at the outset, evidence wasn’t properly handled, or reporting lacked clarity.In this episode, we cover how to build an investigation plan that keeps you on track, ensures consistency, and leads to better results. We talk about evidence volatility, log retention, structuring reports that make sense to non-technical stakeholders, and how to ask the right questions from the st...2025-02-2730 minTLP - The Digital Forensics PodcastEpisode 15 -Windows event log analysis with Hayabusa. The Sigma-based log analysis toolSend us a textKey Takeaways:Introduction to Hayabusa: Hayabusa is an open-source Windows Event Log Analysis Tool used for processing EVTX logs to detect suspicious activities in Windows environments.Critical Alerts Detection: The tool is capable of detecting a variety of suspicious activities, including WannaCry ransomware and unauthorized Active Directory replication.Efficient Incident Response: Hayabusa is ideal for incident response workflows, enabling teams to quickly triage and analyze Windows logs to detect potential breaches or malicious activity.Importance of Informational Alerts: Informational alerts can indicate early reconnaissance...2024-10-1523 minTLP - The Digital Forensics PodcastEpisode 14 - AI and the future of log analysis, bug detection, forensics and AI ethical considerations with Jonathan ThompsonSend us a textIn this episode of Traffic Light Protocol, Clint Marsden is joined by Jonathan Thompson, a developer and AI enthusiast currently studying at Macquarie University. Together, they dive into how artificial intelligence (AI) is transforming the cybersecurity landscape and discuss Jon’s insights into AI’s potential applications in digital forensics, incident response, and everyday IT operations. The conversation touches on ethical considerations, potential job impacts, and how AI can be harnessed to streamline tasks like log analysis, bug detection, and threat identification.Daniel Kahneman - Thinking Fast...2024-09-221h 08TLP - The Digital Forensics PodcastEpisode 13-ELK EDR and Sandboxing, Home grown CTF environments, DFIR Automation & Forensics in the cloud, with Jacob WilsonSend us a textEpisode 13 is another giant episode with a focus on what its like be in the mud working on real life forensic investigations. Jacob and Clint talk about ELK EDR, using Sysmon.Sandbox Environments: Jacob discusses the creation of a sandbox environment using an ELK stack combined with Sysmon, enabling in-depth malware analysis by capturing and analyzing detailed system activity.Automation in Investigations: Jacob emphasizes the importance of automating repetitive tasks, such as business email compromise investigations, to streamline processes and improve efficiency....2024-08-2054 minTLP - The Digital Forensics PodcastEpisode 12 - You're forced to decide: Cyber Generalist or Cyber Specialist?Send us a textQuotes:“In the fast-paced world of DFIR, you are a mission critical system. Your job isn’t just to uncover what happened during an incident, but to do so in a way that gets results fast.”“Specialists bring expertise that pushes the entire industry forward, while generalists offer versatility and adaptability in the ever-changing landscape of cybersecurity.”“The choice between specializing and generalizing doesn’t always need to be a conscious decision. Often, you just fall into one or the other depending on the work you do day to day.”Resources Mentioned:2024-08-1317 minTLP - The Digital Forensics PodcastEpisode 11 - Velociraptor, Containerisation and Infrastructure Deployed as Code with Myles AgnewSend us a textIn this episode of Traffic Light Protocol, we sit down with Myles, a cybersecurity veteran with over 15 years of Cyber experience and background as a Combat Engineer in the Army. Myles brings his unique perspective on integrating automation and cloud technologies into cybersecurity infrastructure deployment (Used specifically when deploying Velciraptor- an advanced open-source endpoint monitoring, digital forensic and cyber response platform). We delve into his journey from the military to his current role in deploying and managing advanced cloud infrastructure using docker containers and kubernetes orchestration platforms. Quotes f...2024-07-2952 minTLP - The Digital Forensics PodcastEpisode 10 - Detecting and Preventing Phishing AttacksSend us a textQuotes:"Phishing targets the human element, the 'wetware,' often the weakest link in any security chain." - Clint Marsden"Phishing isn't just about poorly spelled emails anymore; it's about sophisticated campaigns that even cyber-aware individuals can fall victim to." - Clint Marsden"Effective defense against phishing involves not just technology but ongoing education and a culture of security awareness." - Clint MarsdenKey Takeaways: Phishing attacks continue to evolve and remain a significant cybersecurity threat despite advances in technology. At...2024-07-1719 minTLP - The Digital Forensics PodcastEpisode 9 -Unmasking APT40 (Leviathan): Tactics, Challenges, and Defense StrategiesSend us a textEpisode Title: "Unmasking APT40: Tactics, Challenges, and Defense Strategies"Key Takeaways:APT40 is a sophisticated Chinese state-sponsored cyber espionage group active since 2009.They target various sectors including academia, aerospace, defense, healthcare, and maritime industries.APT40 uses advanced tactics such as spear phishing, watering hole attacks, and living off the land binaries (LOLBINS).Digital forensics faces challenges in detecting APT40 due to their use of legitimate tools and anti-forensics techniques.Effective defense against APT40 requires a comprehensive, layered security approach.Engaging Quotes:"APT40 represents...2024-07-1221 minTLP - The Digital Forensics PodcastEpisode 8 - Hidden digital forensic logging for Cybersecurity on Any Budget: Practical Strategies for Enhanced Detection and Prevention Using Sysmon, Blocking Data Exfil with group policy and printer forensicsSend us a textIn this episode, Clint Marsden goes straight into 4 practical strategies that enable better forensics and stop data exfiltration, no matter the size of your budget.Clint covers deploying Sysmon for enhanced monitoring, and using Group Policy to tighten print and USB security. Event log cleared: Event ID 1102ACSC Sysmon: https://github.com/AustralianCyberSecurityCentre/windows_event_loggingSwift on security Sysmon: https://github.com/SwiftOnSecurity/sysmon-configPrinter forensics: https://eventlogxp.com/blog/how-to-track-printer-usage-with-event-logs/2024-07-0719 minTLP - The Digital Forensics PodcastEpisode 7 - Defending Against Scattered Spider: Understanding Their Tactics, Techniques, and ProceduresSend us a textIn todays episode of TLP - Traffic Light Protocol, Clint Marsden talks about Defending Against Scattered Spider: Understanding Their Tactics, Techniques, and Procedures.Key Takeaways Understanding Scattered Spider: Scattered Spider, also known as Roasted Octopus or Octo Tempest, utilizes various legitimate tools for malicious purposes. Common Tools and Techniques: They employ tools for reconnaissance (PingCastle, ADRecon), credential dumping (Mimikatz, Lazagne), Remote access (Screen Connect, Team Viewer), and VPN (Tailscale).Social Engineering Tactics: Their methods include impersonation, MFA fatigue (MFA bombing), and SIM swapping to gain ac...2024-06-2617 minTLP - The Digital Forensics PodcastEpisode 6 - Responding to ransomware - is your VPN a target? Plus ransomware risk mitigation with Phil NgoSend us a text In this episode, we speak with Phil Ngo, a Primary Investigator in Accenture's global cyber response team. As a primary investigator, he is responsible for helping clients recover from major incidents as well as delivering proactive cyber services, such as threat hunting and tabletop exercises. Philip started his career as a high school teacher, before moving into IT support and eventually into cyber security six years ago. Philip has a worked across multiple industries and through his experience, has built up a solid cyber forensics and response skillset. Get som...2024-06-2026 minTLP - The Digital Forensics PodcastEpisode 5 - NIST SP 800-61 Computer Security Incident Handling Guide (Post-Incident Activity)Send us a textThis is the biggest episode from a content perspective so far. I'm excited to share it with you.Episode Highlights:How to run post-incident debriefs and post-mortems.Involving external teamsUsing lessons learned to form actionable insights.Key questions to address in incident analysis.Effective report writing strategies, including timelines and executive summaries.Evaluating and improving incident response procedures and tools preparation.Engaging broader teams in the debrief process for better cooperation.Tracking and documenting incident response efforts for continuous improvement.Key Takeaways:Post-incident debriefs a...2024-06-1233 minTLP - The Digital Forensics PodcastEpisode 4 - NIST SP 800-61 Computer Security Incident Handling Guide (Containment,Eradication and Recovery)Send us a text Show Notes: Episode on Containment, Eradication, and RecoveryIn this episode of Traffic Light Protocol, Clint Marsden explores the containment, eradication, and recovery phases of the NIST SP 800-61 framework for computer security incident handling.Key Topics Covered:Containment Strategies: Choosing appropriate containment methods based on the incident type, potential damage, service availability, and evidence preservation. Examples include power disconnection and network isolation.Real-World Example: Clint shares an incident response case where premature action against attackers led to a total domain takeover.E...2024-06-0722 minTLP - The Digital Forensics PodcastEpisode 3 - (Part 2) NIST SP 800-61 Computer Security Incident Handling Guide (Detection)Send us a textIn this conclusion of the Detection phase, Clint wraps up Incident Prioritisation. This includes Functional impacts of the incident, information impact of the incident and the recoverability of the incident.Not all of these are needed, or relevant when tracking your incident and Clint explains when to categorise incidents using these factors.To finish off, Clint discusses incident notification - Who are the stakeholders that need to be informed and included in your incident response process, and how will they be notified?Auscert: www.auscert.org.au2024-05-3111 minTLP - The Digital Forensics PodcastEpisode 3 - NIST SP 800-61 Computer Security Incident Handling Guide (Detection)Send us a textIn this 45 minute episode Clint covers a lot of ground based on the Detection phase of NIST 800-61.Attack vectors for digital security incidents, including insider threats and weaponized USBs.Cybersecurity incident response and detection, including NIST guidelines and Sysmon logging augmentationThe importance of following temporal linearity in Forensic Investigations, expanding analysis to 5-10 minutes prior to and after events, particularly in Internet History and Memory DumpsBuilding a baseline of activity through network pcaps and log analysisWhy synchronised clocks are important?How detailed n...2024-05-2846 minTLP - The Digital Forensics PodcastEpisode 2 - NIST SP 800-61 Computer Security Incident Handling Guide (Preparation)Send us a textIn this Episode Clint Marsden talks about the first phase of Computer Security Incident Handling according to NIST. Listen to real world examples of how to get prepared before a Cyber Security Incident arrives.Show notes:Link to NIST SP 800-61 PDFhttps://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdfBro has been renamed to Zeek. https://zeek.org/Rita is Real Intelligence Threat Analytics. Created by Active Countermeasures - Available from https://github.com/activecm/rita2024-05-1727 minTLP - The Digital Forensics PodcastEpisode 1 - Digital forensics trends and preparations, learning from real life case studies & DFIR training for getting startedSend us a textIn this first episode we kick off with Clint Marsden, the host of Traffic Light Protocol (TLP) where he talks about what its like to work in DFIR, how to get started with Cyber training, what to expect in future episodes, and of course a light touch on AI Forensics!Join us for the first episode. The next episodes coming up talk about the NIST SP 800-61 where we break down Preparation, Detection, Eradication and Recovery.Highlights:Current trends and best practices in digital forensics, emphasizing the...2024-05-1623 min
Pop Culture Unplugged w/ EliasAlex Collins talks about his role as Dr. Mid-Nite on CW‘s ‘Stargirl‘Alex Collins recently joined host Elias in the cave! Alex was recently seen on CW's 'Stargirl as Dr. Mid-Nite. Collins was excited at the opportunity to take over the Dr. Mid-Nite role, adding “Working on this show has been a career highlight. Geoff Johns has created a warm and familial environment on set and stepping into a role played originally by such an experienced actor as Henry Thomas could have been intimidating and nerve-wracking were it not for being welcomed by Johns and the entire cast and crew. Brec Bassinger went out of her way to make me feel as...2021-11-0625 min
Sound Flight SessionsSound Flight Sessions Episode 030Welcome to Sound Flight Sessions, Episode 030!
This month's show is a live recording from a recent party, plenty of Summer Vibes and a few classics too :)
Track List
1. FOTN - Intro
2. Puma & The Dolphin - Nuances
3. Musumeci, Phunkadelica - Alabarda Spaziale
4. Mr. Tea - Holding Pattern
5. Pional - A New Dawn (Edit)
6. Xinobi - Birds and Smoke
7. Lycoriscoris - Chiyu
8. Agoria - Embrace (Black Coffee + Aquatone Remix)
9. FOTN - Galactic / Alex Banks - Chasms
10. &ME, Rampa, Adam Port, Keinemusik, Cubicolor - Before The Flood
11. Mulya - Out of Sync
12. James Curd - Say Less Not More Feat. Bear Who (Theus...2021-07-076h 40
Homefront Girl® The Podcast with Gaby JuergensDirector Rod Lurie of the movie THE OUTPOST joins me on Homefront Girl® The PodcastIt was a true pleasure to have Rod Lurie as a guest on the Podcast. A movie that will forever be remembered as a seminal film about the regular boots on the ground soldier who serves and sacrifices in a true story of the Brotherhood of arms. This movie will rock you to the core with emotion and give thanks that such courage and men lived and live. -Gaby Rod Lurie is the director of the “The Outpost,” released July 2020, starring ScottEastwood, Caleb Landry Jones, and Orlando Bloom. The film, based on CNN chiefcorrespondent Jake Tappe...2021-02-2357 min
KBKASTEpisode 36: Clint MarsdenClint started his career in Microsoft level 1 support at the age of 16 in 2003. Since that time he has held helpdesk & server administrator roles with the past 7 years focusing on Cyber Security, Digital Forensics and Incident Response. He believes in continuing education, sharing knowledge with peers and providing mentoring to people interested in starting out in Cyber\, or pursuing goals within their existing Cyber career.
2020-07-0937 min
Certains l'aiment à chaud ! (CLAAC)Queen & Slim (Ft. Gabh "de 4 à 7")- Un Divan à Tunis - Sonic...Gabh du Podcast « De 4 à 7 » prend la route avec l’équipe de CLAAC pour rejoindre Queen & Slim ! Elle (Jodie Turner Smith) et Lui (Daniel Kaluuya) voient leur destin basculer après un contrôle de police qui tourne mal. Une seule option : la fuite. Sur ces routes que Bonnie, Clyde, Thelma, Louise, ont parcouru avant eux, ils vont dans leur quête de survie découvrir le sens de la liberté. Sous la caméra de Melina Matsoukas, le pays les portera en étendards du black power.
Alors que l'espoir s'amenuise pour eux, un hérisson bleu extraterrestre, amateur d'annea...2020-02-151h 08
TV PartyDeep Dive: Westworld Season TwoFreeze all motor functions - it's another episode of TV Party! Allison's consciousness is trapped in robot heaven this week, so Clint pulls single-host duty with Caroline Siede and Jacob Oller to talk about Westworld's beautiful, dense season two finale "The Passenger," and the season as a whole.The finale left us with a lot to discuss: Where does Westworld go from here? Did we need all those twisty timeline shifts? Has the show fully abandoned its Western premise, and is that a good thing? We touch on those things, James Marsden's incredible...2018-06-251h 28