SANS Digital Forensics and Incident Response Blog

The Problems with Seeking and Avoiding True Attribution to Cyber Attacks

By Robert M. Lee Attribution to cyber attacks means different things to different audiences. In some cases analysts only care about grouping multiple intrusions together to identify an adversary group or their campaign. This helps analysts identify and search for patterns. In this case analysts often use made up names such as "Sandworm" just to … Continue reading The Problems with Seeking and Avoiding True Attribution to Cyber Attacks


A Technical Autopsy of the Apple - FBI Debate using iPhone forensics

The technical basics of the case is that FBI is trying to compel Apple Inc. to help create a new capability installed on the suspect's iPhone that would enable with the following degraded security mechanisms: Allow the FBI to submit passcode "electronically via the physical device port" Will not wipe underlying data after 10 incorrect … Continue reading A Technical Autopsy of the Apple - FBI Debate using iPhone forensics


SANS #ThreatHuntingSummit Valentine Twitter Contest

Love is in the air and we at SANS DFIR want to celebrate February, the month of love and friendship. To show how much we care about our follower friends, we have created the #ThreatHuntingSummit Twitter contest. This contest comes with a fantastic prize, check it out! On April 12th through 19th, SANS along with … Continue reading SANS #ThreatHuntingSummit Valentine Twitter Contest


SANS third annual incident response survey is now online

The third annual SANS survey on incident response is now online. This survey will help us look at the continuing evolution of incident response, how tactics and tools have changed in the last three years and how security professionals are dealing with increasing numbers and kinds of attacks. If you are a professional working with … Continue reading SANS third annual incident response survey is now online


Threat Hunting & Incident Response Summit Social Media Ambassadors

The SANS Summit team is looking for #ThreatHuntingSummit social media ambassadors! What is a social media ambassador? Someone who is a social media influencer in the DFIR and Threat Hunting space. We are looking for those rock stars who take this upcoming training very seriously but at the same time we want to show why … Continue reading Threat Hunting & Incident Response Summit Social Media Ambassadors