SANS Digital Forensics and Incident Response Blog: Daily Archives: Oct 14, 2010

WACCI Digital Forensics (Part 1)

This week, I had the pleasure of attending the Wisconsin Association of Computer Crime Investigators (WACCI) conference in Madison, WI. I was fortunate to be accompanied by good friend and fellow SANS Computer Forensics blog author Brad Garnett. The following is a recap of our time at the conference.

When I first learned about the WACCI conference, I was immediately interested in attending. The biggest draw was the speaker lineup, which included such forensics luminaries as Ovie Carroll, Harlan Carvey, Rob Lee, Brian Carrier and Mark McKinnon. That's quite a list of talent. I was amazed that such a great conference could be given while still keeping the registration price incredibly low. Finally, I was attracted by the conference location. Given that I live in a rural area, it was great to see a high quality forensics conference taking place within realistic driving distance. Once I was certain

...


Digital Forensics Case Leads: Free tools, Treasure Hunts, Drive-by Attacks and Spying

This week's Case Leads features two free tools from AccessData and Paraben Corporation, a digital (forensics) treasure hunt to test your skills, spying, drive-by (browser) attacks and consequences resulting from Stuxnet.

As always, if you have an interesting item you think should be included in the Digital Forensics Case Leads posts, you can send it to caseleads@sans.org.

Tools:

  • Earlier this month AccessData released a new version of their popular (and free) utility, the FTK Imager. Version 3 has a number of useful features such as the ability to boot forensic images in VMWare and the ability to mount AFF, DD, E01, and S01 image formats as physical devices or logical drive letters. The latest version of the application also supports HFS+, VxFS (Veritas File System), exFAT, EXT4, Microsoft's VHD (Virtual Hard Disk) and compressed and uncompressed DMG

...