SANS Digital Forensics and Incident Response Blog

Digital Forensics Case Leads: Visualization Tools, Information Security in Law Firms, Hack Attacks, another Stuxnet Analysis and more

This week's edition of Case Leads features two Twitter visualization tools, a new RegRipper plug-in, a podcast with Rob Lee and details on attacks against Oracle and EMC. We also have another Stuxnet analysis, news on the acquisition of NetWitness, and a study on a new Black Market currency.

As always, if you have an interesting item you think should be included in the Digital Forensics Case Leads posts, please send it to


  • Mention Map is a Twitter visualization tool that displays the connections to a Twitter account. The tool is being upgraded but the original version is still available (click on the "classic link" at the bottom of the page.) Since a picture is worth a thousand words, this link will demonstrate the functionality of the tool when "sansforensics" is the username.
  • Twiangulate is another Twitter visualization tool that enables you to compare two or more Twitter accounts. The end result is a Venn diagram of commonalities as well as a table of the top followers. In this example, I Twiangulated our own Dave Hull and Rob Lee.

Good Reads:

  • This one isn't a good read but it is a good listen. Rob Lee is featured in a recent podcast where the discussion surrounds the state of information security in law firms.
  • A couple of weeks ago, EMC/RSA announced that they were breached. Details on the RSA attack have now been posted on RSA's blog.


  • EMC has decided to acquire NetWitness Corporation. According to the announcement, NetWitness will operate under EMC's security division, RSA. NetWitness was also involved in detecting the attack on RSA.


  • These newscasters decided to try the "Virtual Sip" app for iOS devices while on the air.
  • Two decades ago, a college student decided to share his coding project. Now we have 20 years of Linux.

Coming Events:

If you have an article to suggest for Case Leads please email it to

Digital Forensics Case Leads for 20110407 was compiled by Ray Strubinger of the Georgia Institute of Technology. Ray leads the digital forensics and incident response team and when the incidents permit, he is involved in various aspects of the Institute's defense-in-depth strategy including Data Loss Prevention, Full Disk Encryption, and Education Awareness.