SANS Digital Forensics and Incident Response Blog

Digital Forensics Case Leads: Data Exposed, Movie Piracy Sites shutdown and a 0day exploit hits more the 10,000 Computers

This week in Case Leads we have another round of data exposed at WellPoint. The Feds shutdown movie piracy sites, and Microsoft reports more than 10,000 Windows XP computers hit with a 0day exploit. Some great reads on memory analysis and pagefiles, Safari Forensics and getting alternate timestamps from $MFT. Don't forget to cast your vote for the 2010 Forensic 4Cast awards, make your vote count.

If you have an interesting item you think should be included in the Digital Forensics Case Leads posts, you can send it to


  • Mount Raw images as VMDK virtual disks using raw2vdmk

Good Reads:



Coming Events:

Digital Forensics Case Leads for 20100701 was compiled by Mark McKinnon, GCFA, CCE, Principal of RedWolf Computer Forensics where he has written many tools that are used throughout the Computer Forensic Community. You can follow Mark on twitter @markmckinnon. If you have an article to suggest for caseleads please email it to