SANS Digital Forensics and Incident Response Blog

Beats and Bytes - Striking the Right Chord in Digital Forensics       

There is geometry in the humming of the strings, there is music in the spacing of the spheres. - Pythagoras DOWNLOAD PAPER HEREand see them perform at the DFIR SUMMIT and TRAINING 2017 in AUSTIN TX. Curiosity is a personality trait that tends to draw me towards others in a way that forms lasting and … Continue reading Beats and Bytes - Striking the Right Chord in Digital Forensics


Three Steps to Communicate Threat Intelligence to Executives.

As the community of security professionals matures there is a merging of the intel community, the incident response professionals, and security operations. One struggle folks have is how to make the threat intelligence actionable for the business. You have the large data from Recorded Future, yet, how do you apply the data in a practical … Continue reading Three Steps to Communicate Threat Intelligence to Executives.


WannaCry Ransomware Threat : What we know so far - WEBCAST slides

The WannaCry ransomware worm is unprecedented for two reasons. First, it's a ransomware worm. Second, it appears to be using a recently patched exploit that was stolen from NSA to propagate. Jake Williams' firm, Rendition Infosec, has been tracking the use of this exploit since it was publicly released and completed another internet-wide scan of … Continue reading WannaCry Ransomware Threat : What we know so far - WEBCAST slides


FOR408: Windows Forensic Analysis has been renumbered to FOR500: Windows Forensics Analysis

The FOR408: Windows Forensic Analysis course was renumbered to FOR500: Windows Forensic Analysis. SANS renumbered the course to better reflect the course's intermediate-level material. The content of the course will remain basically the same, although it will be constantly updated to reflect changes in the field. FREQUENTLY ASKED QUESTIONS Why change the course … Continue reading FOR408: Windows Forensic Analysis has been renumbered to FOR500: Windows Forensics Analysis


Turning a Snapshot into a Story: Simple Method to Enhance Live Analysis

System snapshots are a core component when conducting forensic analysis on a live machine. They provide critical insight intowhat was going on at the time they were taken, but this is also their limitation: your view is limited to a precise moment in time, without context and the opportunity to observe changes as they … Continue reading Turning a Snapshot into a Story: Simple Method to Enhance Live Analysis