Blog: SANS Digital Forensics and Incident Response Blog

Blog: SANS Digital Forensics and Incident Response Blog

Digital Forensics Case Leads: Giants are the biggest buyers, Freezing the cold-boot attack on disk encryption, dropping malware using the famous WhatsApp, Hacker get caught while chatting!!! IPOD, Android and SSDs, this week on Case Leads

In this week of Case Leads, Google buys VirusTotal, a new attack vector that counter cold-boot attack on RAMs, new tools that assist in malware detection and analysis, mozillas hidden camera!!! check it out! IPOD timestamps secrets comes to light, a hacker get caught while chatting, oops! The almighty Volatility update to 2.2 RC1 with over 50 new plugins that affects the majority of modules... Continue reading... this week of Case Leads.

If you have an item you'd like to contribute toDigital Forensics Case Leads, please send it to caseleads@sans.org.

Tools:

  • OfficeMalScanner, a toolkit that alerts you for potentially infected documents, now updated with an interesting new tool, RTFScan - as the name shows, now scanning RTF file format.
  • Santoku Linux is a new linux distro that is specialised at mobile forensics and mobile malware analysis, it is still in the alpha release but it's based on the OWASP MobiSec ubuntu distro, take a look maybe you'll find something new ;)
  • FoxTab, the firefox hidden camera! it is an interesting add-on for firefox that shows the user and he is opening and what tabs are being closed, etc... The neat feature in it that interests the forensicators most is the ability to show screenshots of the tabs visited by the user in an animated fashion.
  • This release of Volatility has 50+ new plugins, LiME support and a Windows GUI memory!
Good Reads:
  • These are examples and discussions about the new RTFScan tool mentioned above that was added to the OfficeMalScanner toolkit.
  • With the rise of SSD drives a new era of challenges rises as well in the Digital Forensics world... Will Digital Forensics crack SSD's?!
  • Few experiments in the IOS world that reveals IPOD Timestamps secrets.
  • A nice read in the mobile forensics, specifically Android forensics, showing the process, interesting evidence locations, etc...
News: 

Coming Events:

Call For Papers: 

About the author:

By Maher Yamout, CCNA, CNDA, ECSA, GCFE. Maher Yamout is an Information Security Officer and Digital Forensic Examiner with the Lebanese Ministry of Finance. He was involved in cyber-security exam item writing with EC-Council and currently with Prometric. Maher is also member of the High Tech Crime InvestigationAssociation (HTCIA) Europe-at-Large chapter.

Post a Comment






* Indicates a required field.