Blog: SANS Digital Forensics and Incident Response Blog: Category - SANS Institute

Blog: SANS Digital Forensics and Incident Response Blog:

Finding Evil on Windows Systems - SANS DFIR Poster Release

Adding to our ever growing number of Posters and Cheat Sheets for DFIR, we are proud to announce the availability of a brand new SANS DFIR Poster "Finding Evil" created by SANS Instructors Mike Pilkington and Rob Lee.

This poster was released with the SANSFIRE 2014 Catalog you might already have one. If you did not receive a poster with the catalog or would like another copy here is a way to get one. For a limited time, we have set up a website whereanyonecan easily order one to use in their hunt to "Find Evil."

Get the "Find Evil Poster" Here


Faster SIFT 3.0 Download and Install #DFIR #SIFT3

Having trouble downloading new SIFT 3.0? We are experiencing heavy traffic currently. Try bootstrap install option.

  • Download and install.

  • Open terminal

  • Type:wget --quiet -O - | sudo sh -s -- -i -s -y

  • There will be a couple of times it will ask you a few questions. Easy to answer.

  • Takes about 20 minutes to install from bootstrap.

This is the same version that was installed in the VM and will probably be quicker for you to setup.

Finally, this shows off our new packaging manager -- when new releases come out -- when ...

SANS SIFT 3.0 Virtual Machine Released

SANS Investigate Forensic Toolkit (SIFT) Workstation Version 3.0

An international team of forensics experts, led by SANS Faculty Fellow Rob Lee, created the SANS Investigative Forensic Toolkit ...

DFIR Summit Specials -- Till End of March! #dfir #dfirsummit

Remember starting March 17 2014, use these codes:

  • + Summit Only Promotion — Summit for $495. Register with code -> SUMMIT

  • + Class & Summit Promotion — Summit for $195 with a class. Register with code -> COURSE

Stay connected via twitter, using hashtag #DFIRsummit, to hear announcements and discussions surrounding the Summit.

Register Now! -

Updates to FOR610 Malware Analysis Course Debuting in April in Orlando

SANS FOR610 malware analysis course was refreshed to incorporate the latest Windows tools for examining malicious software. Starting with the April 2014 event in Orlando, conference students will receive a toolkit based on a pre-built Windows 8.1 virtual machine. This toolkit supplements the Linux-based REMnux virtual machine that has been a staple of malware analysts' arsenal of utilities. The update also introduces several new malware analysis tools, samples and techniques.