SANS Digital Forensics and Incident Response Blog

Digital Forensics Case Leads: Hacking into the New Year, and a Virus Causes a Man to Get a New Trial

Happy New Year from the Case Leads team!

In this first Case Leads of the year several organizations have been hacked, a man gets a new trial because of a computer virus and Windows 8 will have a reset button. Several tools have been updated and introduced and some good reads along with a little levity and training/conferences as well as call for papers.

If you have an item you'd like to contribute to Digital Forensics Case Leads, please send it to


  • MD5deep and hashdeep version 4.0.0 has just been released. Some features were added as well as rewriting parts of the programs in C++. You can read more about it here.
  • NSRL Query Tool has been released which will allow the NSRL hash sets to be used more easily. You can read more here.
  • Harlan Carvey has posted his Jump List Parser code on Google code, you can read more about it here.
  • From Drexel University, 2 new tools that deal in Stylometry, the study of linguistic style. One helps identify the author of a document and the other helps the author avoid detection.

Good Reads:



Coming Events:

Call For Papers:

Digital Forensics Case Leads is a (mostly) weekly publication of the week's news and events relating to digital forensics. If you have an item you'd like to share, please send it to

Digital Forensics Case Leads for 20120106c was compiled by Mark McKinnon GCFA, CCE is Principal of RedWolf Computer Forensics where he has written many tools that are used throughout the Computer Forensic Community. You can follow Mark on twitter @markmckinnon.