SANS Digital Forensics and Incident Response Blog

Digital Forensics Case Leads: Evolving Malware Market, Feint Attacks, and Malicious Hacker Psychology

This week's edition of Case Leads features tools to discover MD5 hashes and extract Flash files from PDFs. We also have recommendations on network defense from researchers who have been studying the psychology of cyber attackers. There's evidence of service consolidation in the malware market and the FBI cautions that denial of service attacks are growing in popularity as a feint attack.As always, if you have an item you'd like to contribute to Digital Forensics Case Leads, please send it to


  • BozoCrack is a Ruby script which uses Google to look up MD5 hashes. If the script finds the hash on the first page of the search results it returns the matching plain text password.
  • SWF Mastah is a Python script which makes extraction of SWF (Shock Wave Flash) files from PDFs easier.

Good Reads:

  • Researchers at Maryland's Cybersecurity Center explore how malicious hackers think and offer suggestions on preventing network attacks.
  • The malware market is evolving to better meet the demands of its customers (the attackers in this case.) MaaS (Malware as a Service) is an evolving trend of offering one stop shopping that includes infection services, polymorphic malware (anti-virus avoidance), and money back guarantees.


  • A collaboration between Anonymous and Team Poison dubbed "Operation Robin Hood" takes aim at the financial services industry.
  • The FBI has issued a warning that cyber criminals are using a digital smoke screen in the form of a DDoS in order to distract attention from more serious attacks.
  • SANS360 is quickly selling out for 13 Dec: 10 Speakers ? 10 Presentations ? 360 Seconds Each. In one hour, 10 Digital Forensics and Incident Response experts will discuss the coolest techniques and solutions they have discovered in 2011. - HASHTAG #SANS360 Open to All and Free, Registration Required:


Coming Events:

Call For Papers:

Digital Forensics Case Leads is a (mostly) weekly publication of the week's news and events relating to digital forensics. If you have an item you'd like to share, please send it to

Digital Forensics Case Leads for 20111201 was compiled by Ray Strubinger. Ray regularly leads digital forensics and incident response efforts and when the incidents permit, he is involved in aspects of information security ranging from Data Loss Prevention to Risk Analysis.