SANS Digital Forensics and Incident Response Blog

Digital Forensic Case Leads: Forensic 4Cast Voting is Open

Short post this week, as yours truly is under the weather. I hate colds, but they are far more miserable in the summer when the weather is beautiful.

It's con season. Last week was SANSFire, and this week started off with the Pen Test Summit, and FIRST and in the coming weeks we'll see the Forensics Summit (details below), Black Hat and Defcon. I love this time of year and can't wait to see what great tools and discoveries will be released in the coming months.


  • For anyone who has ever had to dig through the registry piecing together information about various USB devices that have been plugged into a system, here's a useful tool that will do the heavy lifting for you. That link will take you to a post that discusses the various registry artifacts in play and includes a link to the tool.
  • Mandiant has released a new version of their Web Historian. The product now parses history for Firefox versions 2 and 3, Chrome and IE 5 - 8. I haven't had time to play with this yet, but have used the previous version. The broader browser support in this version will make it worth a look.

Good Reads:


  • The U.S. Supreme Court has ruled in favor of a California Police Chief who read the transcripts of his employee's text messages. News of the ruling doesn't surprise me. These were not personal devices being used to send messages, rather they were paid for by the Police Department. If you want to keep your personal messages private, use your own personal device.
  • Voting has begun for the 2010 Forensic 4Cast Awards. Last year's awards show was great fun and this year promises to be even better with the awards taking place in conjunction with this year's SANS What Works in Forensics and Incident Response Summit. As they say in Chicago, vote early and vote often.

Coming Events: