SANS Digital Forensics and Incident Response Blog

Digital Forensics Case Leads: Cyberthieves and the Federal Reserve

As this is a holiday week in the US, it was a lite week for news and other things. Still a few tidbits — Cyberthieves still need to rely on human help and the Federal Reserve had a Test system hacked. Ken Pryor has a new blog coming out and Lee Whitfield has some interesting information on Imaging.

If you have an interesting item you think should be included in the Digital Forensics Case Leads posts, you can send it to

Thanks to Harlan Carvey for posting these on his blog

  • Confessor is a Windows Application that utilizes WMI and standard tools to quickly gather forensic information from any number of hosts.
  • MOLE was built to answer the problem of validating many URL's to see if malware was present.
  • MIR-ROR is a security incident response specialized, command-line script that calls specific Windows Sysinternals tools, as well as some other useful tools, to provide live capture data for investigation.

Good Reads:

  • Over at Forensic 4Cast Lee Whitfield discusses Software and Hardware Imaging of hard drives
  • Ken Pryor has started a new blog which can be found here.



Coming Events:

Digital Forensics Case Leads for 20101126 was compiled by Mark McKinnon GCFA, CCE is Principal of RedWolf Computer Forensics where he has written many tools that are used through out the Computer Forensic Community. You can follow Mark on twitter @markmckinnon. If you have an article to suggest for case leads please email it to