SANS Digital Forensics and Incident Response Blog

SANS Digital Forensics and Incident Response Blog

Protecting Privileged Domain Accounts: Restricted Admin and Protected Users

It's been a while since I've written about this topic, and in that time, there have been some useful security updates provided by Microsoft, as well as some troubling developments with Microsoft's Kerberos implementation. In order to fully cover these topics, I'm going to split the discussion into two articles. This article will cover specific updates Microsoft has provided to help protect user credentials. I'll follow up next week to discuss the Kerberos issues in depth.

As a quick reminder, the major takeaway from my previous articles on this subject are that we can successfully protect our privileged domain accounts by taking these 3 steps:

  1. Avoid interactive logons to untrusted hosts

  2. Disable ...

SANS DFIR Summit 2015 - Call For Papers


  • Summit Dates: - July 7-8, 2015

  • Post-Summit Training Course Dates: July 9-14, 2015

Summit Venue:

  • Hilton Austin

  • 500 East 4th Street

  • Austin, TX78701

  • Phone: 512-482-8000

DFIRCON East Advanced Smartphone Forensics Challenge Winner Announced!

Due to the vast amount of responses we got for our Smartphone Forensic Challenge, the winner was just determined. The rules states that the winner must answer 4 of the 6 questions correctly, and the lucky winner answered all 6 questions correctly. Shawna Denson, you are the lucky winner!!!!

Thank you to everyone who submitted. FOR585 Advanced Smartphone Forensics is currently being held online virtual training via onDemand, at Network Security 2014 (Las Vegas), and


Announcing the GIAC Network Forensic Analyst Certification - GNFA

A new security certification focused on the challenging field of network forensics

BETHESDA, MD - October 7, 2014- Global Information Assurance Certification (GIAC) is pleased to announce a new forensics certification, the GIAC Network Forensic Analyst (GNFA). The GNFA validates that professionals who hold this credential are qualified to perform examinations employing network forensic artifact analysis and demonstrate an understanding of the fundamentals of network forensics, normal and abnormal conditions for common network protocols, the process and tools used to examine device and system logs, wireless communication and encryption protocols. The GNFA exam will ...

SANS Cyber Threat Intelligence Summit - Call For Papers Now Open

SANS Cyber Threat Intelligence Summit Call For Papers 2015.

Send your submissions to by 5 pm EST on Friday, October 24, 2014 with the subject

"SANS CTI Summit CFP 2015."

Dates: Summit Dates: February 2 & 3, 2015Pre?Summit Course Dates: February 4?9, 2015

Location:Washington, DC


Our 3rd annual Cyber Threat Intelligence (CTI) Summit will once again be held in Washington DC.

Summit Co-Chairs:Mike Cloppert and Rick Holland

The goal of this summit will be to equip attendees with knowledge on the tools, methodologies and processes they need to move forward with cyber threat intelligence. Attendees that are either new to CTI or more mature in their CTI journey should be able to take away content and immediately apply it to their day jobs. The SANS What Works in Cyber