Blog: SANS Digital Forensics and Incident Response Blog

Blog: SANS Digital Forensics and Incident Response Blog

Copier Forensics in 2014: The Good, The Bad, and The Ugly

Recently, I had the opportunity to do forensic analysis on a HDD extracted from a Canon ImageRunner Advanced C5240 Multifunction Copier. After a story was broken by CBS News, back in 2010, it seemed likely that less would be available than is described in the copier forensic write-ups here and here. Nonetheless, I was hopeful. As you will see, my results were somewhat mixed, but the security enhancements put in place after that article could certainly have been much more complete.

The Good:

The first new security feature I noticed, when beginning my examination of the drive, was that the ...

Using Sysinternals System Monitor (Sysmon) in a Malware Analysis Lab

System Monitor (Sysmon) is a new tool from Microsoft, designed to run in the Windows system's background, logging details related to process creation, network connections, and changes to file creation time. This information can assist in troubleshooting and forensic analysis of the host where the tool was installed prior to the incident that's being investigated. This article explores the role that System Monitor might play in a malware analysis lab, possibly supplementing tools such as Process Monitor.

F-Response Enterprise now in FOR508: Advanced #DFIR

Starting in August, 2014 - F-Response Enterprise is now part of the SANS 508 Training Course and students will receive it while attending the course.

FOR508 has been updated with cutting edge Enterprise Incident Response capabilities. Starting in the Virginia Beach course attendees will receive a 3 month F-Response Enterprise license as part of the course materials. In addition, registering that license with F-Response immediately after the course will allow students to continue to use that license for an additional 3 months added on to the dongle.


Dominando las 4 etapas del Anlisis de Malware

(This is a Spanish translation of the article Mastering 4 Stages of Malware Analysis. Este artculo fue traducido del ingls.) El anlisis de software malicioso o malware involucra una variedad de tareas, algunas ms simples que otras. Estas tareas pueden ser agrupadas en etapas basadas en la naturaleza de las tcnicas de anlisis de software malicioso. Agrupadas como capas, una encima de otra, estas etapas forman una pirmide que va creciendo conforme complejidad.

DFIRCON EAST Smartphone Forensics Challenge

DFIRCON EAST Smartphone Forensics Challenge:

The smartphone dataset contains Malware and an iOS backup file. The goal is to highlight application data often missed by forensic tools. Your job? Find it.

The object of our challenge is simple: Download the smartphone dataset and attempt to answer the 6 questions. To successfully submit for the contest, all answers must be attempted. Each person that correctly answers 4 of the 6 questions will be entered into a drawing to win a FREE DFIR OnDemand course. The contest ends on September 30th, 2014 and we will announce the winner by October 6th