SANS Digital Forensics and Incident Response Blog

CALL FOR PAPERS - SANS Cyber Threat Intelligence Summit 2017

Summit Dates: January 31, 2017 and February 1, 2017 Training Course Dates: January 25-30, 2017Summit Venue: Renaissance Arlington Capital View Hotel — Arlington, VA Deadline to Submit is July 29, 2016. To submit click here This year the CTI Summit is going old school. CTI is a relatively new field, however … Continue reading CALL FOR PAPERS - SANS Cyber Threat Intelligence Summit 2017


Let's Talk About Data Recovery

A recent spate of messages on a list serve triggered this rather verbose article, so my apologies for its length. Even thus, it barely scratches the surface of the technology. Obviously I can't get into every facet of data recovery, but my goal is to hit the main points, explain some of the things that … Continue reading Let's Talk About Data Recovery


Digital Forensics & Incident Response (DFIR) Summit Social Media Ambassadors

The SANSDFIR Summit team is looking for Social Media Ambassadors Are you a social media influencer in the DFIR space? We are looking for you! The SANS DFIR Summit Team is looking for two social media rock stars that can share their DFIR Summit experiences onsite and provide a post-summit event analysis. The ideal … Continue reading Digital Forensics & Incident Response (DFIR) Summit Social Media Ambassadors


The Problems with Seeking and Avoiding True Attribution to Cyber Attacks

By Robert M. Lee Attribution to cyber attacks means different things to different audiences. In some cases analysts only care about grouping multiple intrusions together to identify an adversary group or their campaign. This helps analysts identify and search for patterns. In this case analysts often use made up names such as "Sandworm" just to … Continue reading The Problems with Seeking and Avoiding True Attribution to Cyber Attacks


A Technical Autopsy of the Apple - FBI Debate using iPhone forensics

The technical basics of the case is that FBI is trying to compel Apple Inc. to help create a new capability installed on the suspect's iPhone that would enable with the following degraded security mechanisms: Allow the FBI to submit passcode "electronically via the physical device port" Will not wipe underlying data after 10 incorrect … Continue reading A Technical Autopsy of the Apple - FBI Debate using iPhone forensics