SANS Digital Forensics and Incident Response Blog

Kick off the new year with the industry's top CTI experts at the SANS Cyber Threat Intelligence Summit

This January, cyber threat intelligence (CTI) practitioners from around the world will gather in Arlington, Va., for the SANS DFIR Cyber Threat Intelligence Summit & Training. One of only a handful of events devoted to cyber threat intelligence and analysis, the SANS CTI Summit brings together leading experts and analysts for in-depth threat intelligence talks, … Continue reading Kick off the new year with the industry's top CTI experts at the SANS Cyber Threat Intelligence Summit


Cloud Storage Acquisition from Endpoint Devices

Over the past several years, multiple tools have been released to enable API-based collection of cloud storage data. While this is an important capability, it has the often fatal liability that API-based collections require valid user credentials (and multi-factor authentication). An often overlooked area of cloud forensics is data and metadata stored on the local … Continue reading Cloud Storage Acquisition from Endpoint Devices


The State of Malware Analysis: Advice from the Trenches

What malware analysis approaches work well? Which don't? How are the tools and methodologies evolving? The following discussion-captured as anMP3 audio file-offers friendly advice from 5 malware analysts. These are some of the practitioners who teach thereverse-engineering malware course(FOR610) at SANS Institute: Jim Clausing: Security Architect at AT&T and Internet Storm Center Handler(Panelist) Evan Dygert:Senior … Continue reading The State of Malware Analysis: Advice from the Trenches


Mass Triage Part 5: Processing Returned Files - Amcache


Mass Triage Part 4: Processing Returned Files - AppCache/Shimcache