Blog: SANS Digital Forensics and Incident Response Blog

Blog: SANS Digital Forensics and Incident Response Blog

Digital Forensics Case Leads: Lots of oopsies

This week's edition of Case Leads covers an interview about the Onity Hotel lock oopsie, an oopsie involving overlooked artifacts in the Casey Anthony trial, the oopsie of dumping lots of confidential confetti at a parade, and the findings of the investigation into the Palmetto state oopsie. Many great tool updates (OllyDbg, bulk_extractor) and some new releases as well.

If you have an item you'd like to contribute to Digital Forensics Case Leads, please send it to caseleads@sans.org.

Tools:

  • OllyDbg 2.01H has been released. One of the biggest changes is a major update to the plugin interface. Read more about it on the OllyDbg version history page.
  • Late last month Tableau quietly released an update to their free TIM software imager. It includes many bug fixes and some enhancements like the ability to save an image to a UNC path.
  • Patrick Olsen has released a (non) framework for Python designed to aid in browser forensics. It's called BARFF.
  • Harlan Carvey has moved the location of Forensics Scanner to GitHub
  • For the past few weeks Philippe Lagadec has been working on python-oletools, a package of tools to analyze Microsoft OLE2 files. There are tools to browse OLE files, check for suspicious characteristics, analyze embedded Flash objects and more.
  • Didier Stevens has updated his relatively new AnalyzePESig tool that is used to analyze the signature of Windows PE files.
  • Maria DeGrazia has released GA Cookie Cruncher, a tool for parsing Google Analytics Cookies. These cookies can contain a lot of information about where someone has visited recently. It works on IE, Chrome, Safari (Mac) and Firefox browser stores. It's currently Windows-only, 64bit.
  • Bulk_extractor has been updated to version 1.3.1. It has no new features but does fix some important bugs like performance issues with large stop lists and KML carving.
Good Reading and Listening
News:Coming Events:Call For Papers:Digital Forensics Case Leads is a (mostly) weekly publication of the week's news and events relating to digital forensics. If you have an item you'd like to share, please send it to caseleads@sans.org.

Digital Forensics Case Leads for 20121130 was compiled by Rob Dewhirst (@robdew) GCFA, GCIH, GREM, CISSP. Rob is a security analyst and CSIRT lead for a Tier I research University in the midwest and a private DFIR consultant.

Post a Comment






Captcha

* Indicates a required field.