SANS Digital Forensics and Incident Response Blog

Digital Forensics Case Leads: Apple v Weiner on Tweeter, SANs DFIR Summit videos available and a new version of Log2Timeline

There were several data breaches announced and/or confirmed this week. Log2timeline and Windows Event log parser were released and Weiner admits to wrongful tweeting. The SANs Digital Forensic and Incident Response summit videos can now be viewed and a new section labeled Call for Papers has been added.

If you have an item you'd like to contribute to Digital Forensics Case Leads, please send it to


  • Andreas Schuster is releasing version 1.0.8 of the Windows Event Log Parser library and tools collection. You can read more about it here and you can download it here.
  • Kristinn Gudjonsson released a new version of log2timeline. You can find out more here.

Good Reads:

  • Little Mac over at Forensicaliente - Because digital forensics is 'hot'. Has a couple of good posts. One about Dropbox artifacts and another about his thoughts on the SANS Digital Forensics/Incident Response Summit.
  • Harlan Carvey of the Windows Incident Response blog has posted many updates that can be found here.
  • SANS Digital Forensics/Incident Response summit videos of presentations can be viewed here.


Coming Events:

Call For Papers:

Digital Forensics Case Leads is a (mostly) weekly publication of the week's news and events relating to digital forensics. If you have an item you'd like to share, please send it to

Digital Forensics Case Leads for 20110610 was compiled by Mark McKinnon GCFA, CCE is Principal of RedWolf Computer Forensics where he has written many tools that are used through out the Computer Forensic Community. You can follow Mark on twitter @markmckinnon.


Posted June 14, 2011 at 10:39 PM | Permalink | Reply


Anyone know where I can find Mike Cloppert's presentation everyone was talking about? I've seen the presentation videos labeled Mike Cloppert, but don't see him in them.

Posted June 15, 2011 at 2:10 AM | Permalink | Reply

Dave Hull

Mike's talk is here:
There was a last minute schedule change, that rippled through the summit, but the names associated with the videos have not been corrected yet.

Posted June 15, 2011 at 2:49 PM | Permalink | Reply


Thanks for the link, Dave!
His talk was really good, but I wish I got to see all the data visualizations people were talking about. Maybe the slides will be posted sometime''