SANS Digital Forensics and Incident Response Blog

DFIR SUMMIT 2020 SNEAK PREVIEW

DFIR SUMMIT 2020 SNEAK PREVIEW - Summit Jul 16-17, 2020 Courses Jul 18-23, 2020 - AUSTIN TX Call for Presentations will be released in early January. We are hoping many of you submit to speak at the summit this year. Registration for the summit will open the same … Continue reading DFIR SUMMIT 2020 SNEAK PREVIEW


HSTS For Forensics: You Can Run, But You Can't Use HTTP

HTTP Strict Transport Security (HSTS) is a great tool for website administrators to ensure their site is only accessed over encrypted channels. But does it have any digital forensics applications? Continue reading HSTS For Forensics: You Can Run, But You Can't Use HTTP


Kick off the new year with the industry's top CTI experts at the SANS Cyber Threat Intelligence Summit

This January, cyber threat intelligence (CTI) practitioners from around the world will gather in Arlington, Va., for the SANS DFIR Cyber Threat Intelligence Summit & Training. One of only a handful of events devoted to cyber threat intelligence and analysis, the SANS CTI Summit brings together leading experts and analysts for in-depth threat intelligence talks, … Continue reading Kick off the new year with the industry's top CTI experts at the SANS Cyber Threat Intelligence Summit


Cloud Storage Acquisition from Endpoint Devices

Over the past several years, multiple tools have been released to enable API-based collection of cloud storage data. While this is an important capability, it has the often fatal liability that API-based collections require valid user credentials (and multi-factor authentication). An often overlooked area of cloud forensics is data and metadata stored on the local … Continue reading Cloud Storage Acquisition from Endpoint Devices


The State of Malware Analysis: Advice from the Trenches

What malware analysis approaches work well? Which don't? How are the tools and methodologies evolving? The following discussion-captured as anMP3 audio file-offers friendly advice from 5 malware analysts. These are some of the practitioners who teach thereverse-engineering malware course(FOR610) at SANS Institute: Jim Clausing: Security Architect at AT&T and Internet Storm Center Handler(Panelist) Evan Dygert:Senior … Continue reading The State of Malware Analysis: Advice from the Trenches