SANS Digital Forensics and Incident Response Blog

SANS Digital Forensics and Incident Response Blog

Digital Forensics Case Leads: DUQU, Locks, Stego and Pirates What More Could You Ask For.

In this weeks CaseLeads, there's a bunch of new useful tools that might come in handy in certain situations while handling incidents... PDF Analysis, Malware Analysis, Honeypots and MAC forensics! A sequel of a multi-part series on protecting our credentials whilehandling incidents. When some weird registry keys appear in log2timeline results, you discover an attack vector on manipulating execution chain? More and more on Prefetch Analysis... Challenging forensicators, The Honeynet Project publishs a cool challenge for fun and profit. More on that weird DUQU source code... guess what it is? When a digital lock refuses to unlock for the FEDS, guess what they do? STEGO techniques comes to light again using foreign languages!? And finally raids are not only in games! in our real life @ The Pirates bay?

If you have an item you'd like to contribute toDigital Forensics CaseLeads, please send it to caseleads@sans.org.

Tools:

  • Low-interaction honeyclient Thug released!!! A new type of honeypots that fits into your browser and can act as different profiles (IE Browsers currently)
  • MANDIANT Redline v1.5 has arrived! for those who don't know about it... it's a free utility that accelerates the process of triaging hosts suspected of being compromised or infected while supporting in-depth live memory analysis
  • BlackLight 2012 R1 released!! - BlackBag Technologies has released BlackLight 2012 R1 with significant new features. The new release has added Metadata File Filtering, L01 image support, Enhanced Evidentiary Data Export, Custom Hash Set Creation and Multiple Hash Set Data Processing, as well as Positive and Negative Hash Value File Filtering.
  • Didier Stevens update his PDFid And pdf-parser and The major change is that these 2 tools support Python 3 too now. And then there are a couple of bugfixes and new features given by some of his readers... His tools are good-to-have in an investigator & incident responder arsenal when dealing with malicious PDF files.
Good Reads:Challenges:
  • "Dive Into Exploit", a new cool challengefrom the Honeynet Project! These guys have made many informative challenges for the forensics community for fun and profit.
News:Coming Events:Call For Papers: 

Digital Forensics Case Leads is a (mostly) weekly publication of the week's news and events relating to digital forensics. If you have an item you'd like to share, please send it to caseleads@sans.org.

Digital Forensics Case Leads for 20120323 was compiled by Maher Yamout GCFA

Post a Comment






Captcha

* Indicates a required field.