SANS Digital Forensics and Incident Response Blog

SANS Digital Forensics and Incident Response Blog

Digital Forensics Case Leads: MBR Parser, VSC Toolset GUI, Memory Forensics Cheat Sheet & other goodness......

In this week's SANS Case Leads, we have a python script for parsing the Master Boot Record, a question of USB drive serial number uniqueness, some VSC goodness and some other stuff ;-)

If you have an item you'd like to contribute to Digital Forensics Case
Leads, please send it to caseleads@sans.org

Tools:

  • Jamie Levy (@gleeda) posted a script that she wrote that parses the MBR in order to help find MBR infectors. Read Jamie's Blog post. Grab the script here.
  • Jason Hale came up with a GUI front-end for Corey Harrell's batch scripts used to rip/examine Volume Shadow Copies, called VSC Toolset
  • DEFT Linux 7.1 was released earlier this month. Read the announcement.
Good Reads:
    • Mike Ahrendt gave some insight into his experience with his Education in Digital Forensics
    • A new blog called Malware Analysis Blog has a tutorial on how to isolate your analysis VM from your host machine. Read about it here.
    • Interesting post on the digfor blog regarding the uniqueness of USB Flash drive serial numbers.
    • Harlan Carvey posted his thoughts on how specializing in sub-disciplines within Digital Forensics is not really such a good idea. Read the post titled Convergence.

    Links:

      • Chad Tilbury (@chadtilbury) put together a Memory Forensics Cheat Sheet which focuses on the use of Volatility. Grab version 1.0 here.

      Levity

        Coming Events:

        Call For Papers:Joe Garcia is a Law Enforcement Officer with over 18 years of experience, the last 6 of which he has been assigned to conduct computer crime investigations and digital forensic examinations. He holds the GIAC GSEC Gold, GCIH & GCFA Silver and AccessData ACE certifications. You can follow Joe on Twitter at @jgarcia62

        Post a Comment






        Captcha

        * Indicates a required field.