2015-03-04 UPDATE: I've added some thought process/methodology to the answers inline below. Thanks to everyone that submitted or just played along with the SANS DFIR Network Forensic Challenge! We had over 3,000 evidencedownloads, and more than 500 submissions! Per the rules, the winner must have answered four of the six questions correctly. Then, by random … Continue reading 2015 DFIR Monterey Network Forensic Challenge Results
SANS expanded the Reverse-Engineering Malware course (FOR610) to include a day's worth of capture-the flag malware analysis challenges. The challenges are built upon the NetWars tournament platform and are designed to reinforce the skills learned earlier in the course by experimenting with real-world malware. You can get a sneak peak at the new experience. Continue reading Reverse-Engineering Malware Course Expanded to Include Capture-the-Flag Challenges
In this weeks CaseLeads, there's a bunch of new useful tools that might come in handy in certain situations while handling incidents'' PDF Analysis, Malware Analysis, Honeypots and MAC forensics! A sequel of a multi-part series on protecting our credentials whilehandling incidents. When some weird registry keys appear in log2timeline results, you discover an attack … Continue reading Digital Forensics Case Leads: DUQU, Locks, Stego and Pirates What More Could You Ask For.
One of the best ways to learn how to analyze malicious software is to practice. Here's a set of challenge questions, building upon an earlier network forensics puzzle, so you can strengthen your malware analysis skills. Continue reading Malware Analysis Challenge to Strengthen Your Skills
Let me start by noting how much fun I had while investigating and analyzing everything for this forensics challenge, I was able to apply many different techniques, from analyzing logs to file carving and network forensics. It's the 2009 forensics challenge from DFRWS and you can find the description, system images and pcap files at … Continue reading Digital Forensics: PS3 Linux file system analysis and network forensics