SANS Digital Forensics and Incident Response Blog

Digital Forensics Case Leads: Passwords and Voting lead the news

This week we have a man getting jailed for refusing to give up his password. Internet voting in Washington D.C. was hijacked 36 hours into testing. The new Android phone reverts back to factory settings to thwart being jailbroken. Jesse Kornblum and woanware have released updated software and quite a few good blog reads. Check out the upcoming events and if you know of anything interesting happening send us an email at We are always looking for new things to post.


  • Jesse Kornblum has released a new version of ssdeep, which does fuzzy hashing. Jesse has changed the output format of the tool to better handle creating CSV files and file names with quotation marks in the name. You can find out more here.
  • Woanware has release an update to his EseDbViewer. You can see the changes here. You should also check out his other tools as they are quite useful, more things to add to the tool belt.

Good Reads:

  • Lance Mueller talks about doing analysis of a hard drive that was "Frozen" using Deep Freeze, you can read more about it here.
  • Andreas Schuster talks about recent advances in Memory Forensics on his blog and has also made his slides available from the ZISC Workshop 2010 on Digital Forensics and Security You can read more about that here.
  • There is an interesting discussion on Forensic Focus about Inexperienced Examiners. You can read it all here.
  • Craig Ball talks about making mistakes here. Maybe we can all learn something from reading it.
  • Tara Forten sent in a note about a new site,, saying the "goal was to compile an unbiased and updated list of every school that offers a forensic science technician program in the US." This looks like a great resource for those looking for formal education offerings for forensics. Check it out and if you know of a program that's missing from the list, let them know.



Coming Events:

Digital Forensics Case Leads for 20101007 was compiled by Mark McKinnon, GCFA and CCE is Principal of RedWolf Computer Forensics where he has written many tools that are used through out the Computer Forensic Community. You can follow Mark on twitter @markmckinnon. If you have an article to suggest for case leads please email it to