SANS Digital Forensics and Incident Response Blog: Category - artifact analysis

SANS Digital Forensics and Incident Response Blog:

SANS #CEICCONF #DFIR CHALLENGE 2 - 19 May 2015

CEIC

DFIR-SHIRTDFIR_B2.1_newicon

Answer the following three questions based on the evidence provided below. Write the answers down on your PC or a piece of paper. Stopby the SANS Booth at CEIC #227 and be one of the first 15 DFIR professionals who get the answers correct will win a DFIR Shirt in their size.

...

SANS #CEICCONF #DFIR CHALLENGE 1 - 18 May 2015

 

CEIC

DFIR-SHIRTDFIR_B2.1_newicon

Answer the following three questions based on the evidence provided below. Write the answers down on your PC or a piece of paper. Stopby the SANS Booth at CEIC #227 and be one of the first 15 DFIR professionals who get the answers correct will win a DFIR Shirt in their size.

...

How Miscreants Hide From Browser Forensics

Scammers, intruders and other miscreants often aim to conceal their actions from forensic investigators. When analyzing an IT support scam, I interacted with the person posing as the help desk technician. He brought up a web page on the victim's system to present payment form, so the person would supply contact and credit card details. He did this in a surprising manner, designed to conceal the destination URL.

Running Malware Analysis Apps as Docker Containers

A new REMnux project initiative provides Docker images of Linux applications useful for malware analysis to offer investigators easier access to malware forensics tools. Docker is a platform for packaging, running and managing applications as "containers," as a lightweight alternative to full virtualization. Several application images are available as of this writing, and you can contribute your own as a way of experimenting with Docker and sharing with the community.

Using Sysinternals System Monitor (Sysmon) in a Malware Analysis Lab

System Monitor (Sysmon) is a new tool from Microsoft, designed to run in the Windows system's background, logging details related to process creation, network connections, and changes to file creation time. This information can assist in troubleshooting and forensic analysis of the host where the tool was installed prior to the incident that's being investigated. This article explores the role that System Monitor might play in a malware analysis lab, possibly supplementing tools such as Process Monitor.