Healthy Paranoia Show 14: Digital Forensics and Incident Response with Andrew Case

Get ready for another nerdilicious episode of Healthy Paranoia featuring Andrew Case, digital forensics researcher and a core developer for the Volatility Framework. Liam Randall joins Mrs. Y. as they discuss topics such as:

  • The difference between forensics and incident response.
  • Malware analysis vs. reverse engineering.
  • Why you should treat a compromised system like a leper flesh-eating zombie.*

UPDATE: Andrew Case was just named “Digital Forensics Examiner of the Year” at this year’s Forensics 4cast Awards.

Show Notes:You Can't Hide From Memory

Sleuth Kit and Autopsy

Chaos Communication Congress

RegRipper by Harlan Carvey

Brian Carrier

Registry Decoder


Kali Linux (because Backtrack is so last year)

Windows Forensics email list

Volatility Labs Memory Forensics Training

Defeating Windows Memory Forensics

Joanna Rutkowska

Malware Analysis: N00b to Ninja in 60 Minutes by Grecs

FTK – Forensic Toolkit


Cuckoo Sandbox


*Someone was offended by my use of the term leper, because technically, leprosy isn’t that infectious. Unless you happen to hang around gangs of armadillos.

Mrs. Y
Mrs. Y is a recovering Unix engineer working in network security. Also the host of Healthy Paranoia and official nerd hunter. She likes long walks in hubsites, traveling to security conferences and spending time in the Bat Cave. Sincerely believes that every problem can be solved with a "for" loop. When not blogging or podcasting, can be found using up her 15 minutes in the Twittersphere or Google+ as @MrsYisWhy.
Mrs. Y
Mrs. Y
  • Michael

    Great show. In particular the discussion surrounding memory and malware blew my mind!

    I must say however, the leper analogy is unkind. Presumably it harkens back to the archaic practice of removing lepers from mainstream society. While that might be appropriate for an infected system, I’ll wager that current leprosy sufferers would rather not see this point of view advocated!

  • Alex__Clark

    Great episode and really interesting topic! The seems the widespread adoption of OS visualization will really help the forensics community. Being able to take a snapshot and have the full memory dump must be a great help.

  • Rowell Dionicio

    I’m listening to this podcast as I write this comment. It’s a very interesting discussion that has me intrigued to learn more. Great work with the podcast Mrs. Y

  • Digital Forensic

    Once you have perfected the primary places in one os, I usually suggest that individuals create a specialised market area to become an professional in. There is a great need for professionals in cellular phone ‘forensics’.