In the course of an incident incident responders will have to retrieve files from a machine in a forensically sound manner. RIFT copies files from a subject machine in a forensically sound manner using the Sleuthkit toolset. By simply running RIFT with a regex list of file names or directories, specific files and folders are targeted for extraction. For each match, icat is then used to copy the file or folder to a drive/share other than the C drive. Continue reading Mass Triage: Retrieve Interesting Files Tool (RIFT) Part 1
Call for Speakers- Now Open Summit Dates: April 18-19, 2017 Call for Presentations Closes on 21 October 2016 Apply here: http://dfir.to/ThreatHuntCFP The Threat Hunting & Incident Response Summit will focus on specific hunting and incident response techniques and capabilities that can be used to identify, contain, and eliminate adversaries targeting your networks. SANS and … Continue reading SANS Threat Hunting and Incident Response Summit - Call For Presentations
Due to a bug-report regarding issues when using DensityScout with filenames/paths including multi-byte characters I compiled and uploaded a new build which is now capable of handling this cases correctly. I strongly recommend switching to this new build as soon as possible. Get it from: https://cert.at/downloads/software/densityscout_en.html Cheers, Christian Continue reading DensityScout can handle multi-byte characters, now!
This post was originally posted on Murphy's Law Blog authored by SANS Certified Instructor Cindy Murphy Listen to the webcast here UPDATED 7/22/16 - Thanks to Warren Raquel (@warquel) a Senior Security Engineer at the National Center for Supercomputing Applications, Android location information has been SOLVED! See the Android Location Information section below. "Some trainers … Continue reading A Sneak Peek at Pokemon Go Application Forensics
Summit Dates: January 31, 2017 and February 1, 2017 Training Course Dates: January 25-30, 2017Summit Venue: Renaissance Arlington Capital View Hotel — Arlington, VA Deadline to Submit is July 29, 2016. To submit click here This year the CTI Summit is going old school. CTI is a relatively new field, however … Continue reading CALL FOR PAPERS - SANS Cyber Threat Intelligence Summit 2017