SANS Digital Forensics and Incident Response Blog

Digital Forensics Case Leads: Make it go away, the Stuxnet extended remix

Life is busy in the digital forensics and incident response world, so this week's Case Leads is short and sweet. Here are my favorite items from the last few days, enjoy!

If you have an interesting item you think should be included in the Digital Forensics Case Leads posts, you can send it to


  • Harris Corporation introduces BlackJack a USB device that looks very useful for situations where one must rapidly triage systems for the presence of interesting data. According to the press release, the device boots in less than three seconds and "automatically scans and copies data by prioritizing search criteria and securely partitions search results for analysis." The device has two LEDs, one red and one green that indicate the presence or absence of items of interest.

Good Reads:


  • The news of a New York Supreme Court saying users have no reasonable expectation of privacy on social networking sites has been making the rounds this week. Here's an excellent write up on the story from Electornic Discovery Law
  • Google announced earlier this week that they would start making alerts available to Autonomous System owners when malicious content is found on their networks. For owners of large distributed networks, this is welcome news and should be a useful service.

Coming Events:

Digital Forensics Case Leads for 20100930 was compiled by Dave Hull. Hull is a member of a Fortune 10000 CIRT and forensics team. He edits and contributes to this blog and teaches for SANS as often as he can. If you have an item you'd like to see posted to the SANS Digital Forensics Case Leads, please email it to