Blog: SANS Digital Forensics and Incident Response Blog: Category - Reporting

Blog: SANS Digital Forensics and Incident Response Blog:

SANS Survey of Digital Forensics and Incident Response #DFIR

More than 450 participants completed the SANS 2013 Digital Forensics Survey, conducted online during April
and May 2013. A primary goal of this survey was to identify the nontraditional areas where digital forensics
techniques are used. The survey can be downloadedHERE.

A webcast introducing the Survey earlier this month can be found here:

The survey written by Paul Henry, Jacob Williams, and Benjamin Wright.

In the survey 54% of respondents indicated


Report Writing for Digital Forensics: Part II

This blog post is a second edition and follow-up toIntro to Report Writing for Digital Forensics., which you've taken the time to review, digest, and dissect. How the digital forensic practitioner presents digital evidence to his/her intended audience (Regardless, of why we are preparing a digital forensic report), establishes proficiency of the digital forensic examination. Let's take it even a step further, how will you present your findings? Effectively reporting what you found during your forensic examination will aid you in presenting your report and the digital evidence to whomever your intended audience will be, which ultimately may be a jury in a criminal or civil proceeding. In this blog post, we are going to tackle some more report writing issues. Remember, YMMV depending on what hat you wear in digital forensics


Digital Forensic Case Leads: Anon Strikes Again, and Again. Groupon Litigation Threats. DarkMarket Motivations Revealed. The Tutu Has Been Donned

This week's Digital Forensic Case Leads is chock full of forensics nuggets. Links to great forensics tools for encryption detection and memory extraction, plus a how-to for breaking/auditing the OS X Keychain. You will also find an analysis of the Samsung v. Apple patent case from a digital forensics perspective, with IP Attorney Ben Langlotz. And, as our headline promises, news and analysis on the latest alleged attacks by "Anonymous" and their affiliates. Your reporter this week explains how BOTH the Anon group AND the Fed's denials, could both be true.

If you have an item you'd like to contribute to Digital Forensics Case Leads, please send it to caseleads [at symbol here]



  • AccessData Group just released a new version of their forensics and investigation tool for mobile devices, MPE+. According the AccessData: " In addition to greatly improving mobile device investigations, MPE+ is the first

Digital Forensics Case Leads: Your Password Is Out There, again...

Data breaches at LinkedIn, eHarmony, and exposed millions of account passwords, and probably other data that the attackers haven't made public. also a wealth of interesting new and updated tools. Among these are HexDive, SquirrelGripper, ShadowKit, and a Report Writing cheat sheet from Girl,Unallocated. Also worthy of particular note is Corey Harrell's Compromise Root Cause Analysis Model

New version of Nmap, 60TB hard drives on the way, attacker trends, & a dissected web attack

This week's edition of Case Leads features updates to a popular network scanning tool and another application which may be useful in gaining access to encrypted documents. We also have an article detailing a recent attack against a website and a couple of papers that look at attack trends. There's news that hard drives could approach 60TB and a report that a popular paste site will change its approach in how it manages sensitive content.

As always, if you have an item you'd like to contribute to Digital Forensics Case Leads, please send it to


  • Nmap 6 has been released. In addition to improvements in web scanning, overall scanning speed and the scripting engine, this popular scanner now fully supports