Lee Whitfield

      This week the Forensic Lunch went into Overtime! We went a full 25 minutes over the usual hour because we had so much to talk about. On this weeks show: Matt Seyer (@forensic_matt) talked all about the etl parser and monitor he's working on in Rust! https://github.com/forensicmatt/RsWindowsThingies Oleg Skulkin (@oskulkin) talked about how he approaches Sunday Funday's (he's won 3!) and about his new blog post about the Windows FeatureUsage artifact.  https://www.group-ib.com/blog/featureusage Brian Marks (@briandfir) talked about how the Office365 UAL MailboxItemsAccessed Audit event works and what the entry details mean   Lee Whitfield (@lee_whitfield ) talked through the Forensic 4Cast Awards nominations that end in two weeks, and Matt and I gave who we will be nominating. https://forensic4cast.com/2020/02/2020-forensic-4cast-awards-nominations-are-open/

The Forensic Lunch 3/8/19! The twice a month, usually, podcast/videocast that's all about DFIR This week we have: Eric Zimmerman, talking about KAPE Lee Whitfield, talking about the Forensic 4Cast award nominations

This week Lee Whitfield joins us to discuss the DFIR Summit and Matt showed us his rust based live windows monitors for DFIR Research

This broadcast we have: Mari Degrazia talking about testing MFT parsers and what goes into them. Lee Whitfield talking about the events of the week Suzanne Widdup talking about her work on the Verizon DBIR and a solicitation for your involvement A talk about Cortana's location tracking storage