TLP - The Digital Forensics Podcast

Get involved in the exciting world of Digital Forensics and Incident Response with: Traffic Light Protocol. The Digital Forensics Podcast.

In each episode, we sit down with seasoned DFIR professionals, the blueteamers who work around the clock to investigate cyber intrusions. From data breaches to cyberattacks, they share firsthand accounts of some of the most intense investigations they've ever tackled, how they deal with burnout and the added pressure of cat and mouse while they learn about new attack chains.

Episodes

23 episodes

Episode 22:AI Chat Forensics: How to Find, Investigate, and Analyse Evidence from ChatGPT, Claude & Gemini

Unlock the secrets behind digital forensic investigations into AI chat platforms like ChatGPT, Claude, and Google's Gemini in this insightful episode. Learn the precise methods for discovering, extracting, and interpreting digital evidence acro...

June 22, 2025 • Season 1 • Episode 22 • 40:52

Episode 21: How IRCO is Changing DFIR: The AI Copilot for Real-Time Cyber Investigations

Link to IRCO- Incident Response Copilot on Chat GPThttps://chatgpt.com/g/g-68033ce1b26481919b26df0737241bac-irco-incident-response-co-pilotIn this episode of TLP: The Digital Forensics Podcast, Clint dives deep into...

June 10, 2025 • Season 1 • Episode 21 • 15:48

Episode 20:What Makes an Elite Incident Response Team: Mindset, Mastery, and Real-World DFIR Lessons

Drawing inspiration from observing military special forces and over five years of hands-on DFIR experience, Clint explores the mindset, habits, and tactical processes that set top-performing IR teams apart. Clint Marsden explores the mindset, h...

June 04, 2025 • Season 1 • Episode 20 • 38:14

Episode 19: AI Data Poisoning: How Bad Actors Corrupt Machine Learning Systems for Under $60

Clint Marsden breaks down a critical cybersecurity report from intelligence agencies including the CSA, NSA, and FBI about the growing threat of AI data poisoning. Learn how malicious actors can hijack AI systems for as little as $60, turning m...

May 26, 2025 • Season 1 • Episode 19 • 26:20

Audiobook - Mastering Sysmon. Deploying, Configuring, and Tuning in 10 easy steps

This episode features the complete narration of my ebook: Mastering Sysmon – Deploying, Configuring, and Tuning in 10 Easy Steps, providing a step-by-step guide to getting Sysmon up and running for better threat detection and...

February 28, 2025 • Season 1 • Episode 18 • 43:16

Episode 17 - Building a CTF

So You Want to Build Your Own DFIR CTF? Ever wanted to build your own Digital Forensics and Incident Response (DFIR) Capture the Flag (CTF) challenge but weren’t sure where to start? In this episode of Traffic Li...

February 27, 2025 • Season 1 • Episode 17 • 28:07

Episode 16 - Mastering the Basics: Key Strategies for Cyber Investigations

Kicking off 2025, we're getting back to basics with something every cyber investigator needs to master—starting an investigation the right way. Too often, investigations get derailed because the right questions weren’t asked at the outset, evid...

February 27, 2025 • Season 1 • Episode 16 • 30:43

Episode 15 -Windows event log analysis with Hayabusa. The Sigma-based log analysis tool

Key Takeaways:Introduction to Hayabusa: Hayabusa is an open-source Windows Event Log Analysis Tool used for processing EVTX logs to detect suspicious activities in Windows environments.Critical Alerts Detection

October 15, 2024 • Season 1 • Episode 15 • 23:20

Episode 14 - AI and the future of log analysis, bug detection, forensics and AI ethical considerations with Jonathan Thompson

In this episode of Traffic Light Protocol, Clint Marsden is joined by Jonathan Thompson, a developer and AI enthusiast currently studying at Macquarie University. Together, they dive into how artificial intelligence (AI) is tra...

September 22, 2024 • Season 1 • Episode 14 • 1:08:33

Episode 13-ELK EDR and Sandboxing, Home grown CTF environments, DFIR Automation & Forensics in the cloud, with Jacob Wilson

Episode 13 is another giant episode with a focus on what its like be in the mud working on real life forensic investigations. Jacob and Clint talk about ELK EDR, using Sysmon.Sandbox Environments: Jacob discusses the creation of ...

August 20, 2024 • Season 1 • Episode 13 • 54:55

Episode 12 - You're forced to decide: Cyber Generalist or Cyber Specialist?

Quotes:“In the fast-paced world of DFIR, you are a mission critical system. Your job isn’t just to uncover what happened during an incident, but to do so in a way that gets results fast.”“Specialists bring expertise that pu...

August 13, 2024 • 17:47

Episode 11 - Velociraptor, Containerisation and Infrastructure Deployed as Code with Myles Agnew

In this episode of Traffic Light Protocol, we sit down with Myles, a cybersecurity veteran with over 15 years of Cyber experience and background as a Combat Engineer in the Army. Myles brings his unique perspective on integrating autom...

July 29, 2024 • Season 1 • Episode 11 • 52:46

Episode 10 - Detecting and Preventing Phishing Attacks

Quotes:"Phishing targets the human element, the 'wetware,' often the weakest link in any security chain." - Clint Marsden"Phishing isn't just about poorly spelled emails anymore; it's about sophisticated campaigns that even c...

July 17, 2024 • Season 1 • Episode 10 • 19:04

Episode 9 -Unmasking APT40 (Leviathan): Tactics, Challenges, and Defense Strategies

Episode Title: "Unmasking APT40: Tactics, Challenges, and Defense Strategies"Key Takeaways:APT40 is a sophisticated Chinese state-sponsored cyber espionage group active since 2009.They target various sectors including academia, ...

July 12, 2024 • Season 1 • Episode 9 • 21:48

Episode 8 - Hidden digital forensic logging for Cybersecurity on Any Budget: Practical Strategies for Enhanced Detection and Prevention Using Sysmon, Blocking Data Exfil with group policy and printer forensics

In this episode, Clint Marsden goes straight into 4 practical strategies that enable better forensics and stop data exfiltration, no matter the size of your budget.Clint covers deploying Sysmon for enhanced monitoring, and using Group P...

July 07, 2024 • Season 1 • Episode 8 • 19:57

Episode 7 - Defending Against Scattered Spider: Understanding Their Tactics, Techniques, and Procedures

In todays episode of TLP - Traffic Light Protocol, Clint Marsden talks about Defending Against Scattered Spider: Understanding Their Tactics, Techniques, and Procedures.Key Takeaways Understanding Scattered Spider: Scattere...

June 26, 2024 • Season 1 • Episode 7 • 17:07

Episode 6 - Responding to ransomware - is your VPN a target? Plus ransomware risk mitigation with Phil Ngo

In this episode, we speak with Phil Ngo, a Primary Investigator in Accenture's global cyber response team. As a primary investigator, he is responsible for helping clients recover from major incidents as well as delivering pr...

June 20, 2024 • Season 1 • Episode 6 • 26:11

Episode 5 - NIST SP 800-61 Computer Security Incident Handling Guide (Post-Incident Activity)

This is the biggest episode from a content perspective so far. I'm excited to share it with you.Episode Highlights:How to run post-incident debriefs and post-mortems.Involving external teamsUsing les...

June 13, 2024 • 33:06

Episode 4 - NIST SP 800-61 Computer Security Incident Handling Guide (Containment,Eradication and Recovery)

Show Notes: Episode on Containment, Eradication, and RecoveryIn this episode of Traffic Light Protocol, Clint Marsden explores the containment, eradication, and recovery phases of the NIST SP 800-61 framework for computer sec...

June 07, 2024 • Season 1 • Episode 4 • 22:10

Episode 3 - (Part 2) NIST SP 800-61 Computer Security Incident Handling Guide (Detection)

In this conclusion of the Detection phase, Clint wraps up Incident Prioritisation. This includes Functional impacts of the incident, information impact of the incident and the recoverability of the incident.Not all of these are needed, ...

May 31, 2024 • Season 1 • Episode 4 • 11:41

Episode 3 - NIST SP 800-61 Computer Security Incident Handling Guide (Detection)

In this 45 minute episode Clint covers a lot of ground based on the Detection phase of NIST 800-61.Attack vectors for digital security incidents, including insider threats and weaponized USBs.Cybersecurity incident response and dete...

May 28, 2024 • Season 1 • Episode 3 • 46:52

Episode 2 - NIST SP 800-61 Computer Security Incident Handling Guide (Preparation)

In this Episode Clint Marsden talks about the first phase of Computer Security Incident Handling according to NIST. Listen to real world examples of how to get prepared before a Cyber Security Incident arrives.Show notes:Link to...

May 17, 2024 • Season 1 • Episode 2 • 27:17

Episode 1 - Digital forensics trends and preparations, learning from real life case studies & DFIR training for getting started

In this first episode we kick off with Clint Marsden, the host of Traffic Light Protocol (TLP) where he talks about what its like to work in DFIR, how to get started with Cyber training, what to expect in future episodes, and of course a light ...

May 16, 2024 • Season 1 • Episode 1 • 23:27