SANS Digital Forensics and Incident Response Blog

Digital Forensics Case Leads: New version of REMnux, tools for imaging iPhone and Android devices, and a list of "Best Reads" from 2011

This week's edition of Case Leads features a new version of REMnux for malware analysis and we have two tools for collecting forensic images from iPhone and Android devices. We also have a couple of articles on Android memory analysis and the use of Open Source digital forensics tools to validate commercial tools.

As always, if you have an item you'd like to share for Digital Forensics Case Leads, please send it to

  • Version 3 of the REMnux for reverse engineering malware is now available as a VMware virutal appliance and a Live ISO. The latest version is based on Ubuntu 11.10 and includes significant updates to the Volatility Framework (memory analysis) and Origami Framework (PDF analysis). This version of REMnux includes several analysis tools that were not in previous versions. The newly added tools provide network, PDF, JavaScript and file analysis capability.
  • Katana Forensics has released LANTERN Lite, an open source application for performing forensic acquisitions of Apple's iOS devices.


Good Reads:

  • Actually we have several good reads - Richard Bejtlich has published his best reads of 2011.
  • The Journal of Digital Investigations has published a paper on Android memory forensics. The paper presents a module that is able to do a complete memory capture from Android devices over the network. The authors have also extended the Volatility framework to allow it to analyze Android kernel memory.
  • An article by Cory Altheide and Christa M. Miller using Open Source forensics tools to validate proprietary digital forensics tools.



  • From the something-happened-but-we're-not-sure-what department, initial accounts suggested various mobile phone vendors supplied back door access to their handsets to a nation state. Some now believe that claim is false and was fabricated by a hacktivist group.
  • 2012 looks a lot like 2011 in terms of breaches as hacktivists continue to target law enforcement associations.




Coming Events:


Call For Papers:


Digital Forensics Case Leads is a (mostly) weekly publication of the week's news and events relating to digital forensics. If you have an item you'd like to share, please send it to

Digital Forensics Case Leads for 20120112 was compiled by Ray Strubinger. Ray regularly leads digital forensics and incident response efforts and when the incidents permit, he is involved in aspects of information security ranging from Data Loss Prevention to Risk Analysis.