SANS Digital Forensics and Incident Response Blog

Digital Forensics Case Leads: The New Forensics, The CyberMilitia and Bill Gates Gets Behind Open Source?

Case Leads is loaded for bear this week, after a week's break. Here is some of what you will find:

* Are you ready for "The New Forensics"? If not, you might be left in the dust at trial. * What if the good guys adopted the organizing techniques of Anonymous? That's the goal behind The CyberMilita. * Forensics goes mainstream: A great essay on how one attacker invaded the lives of young women. * No freakin' way - Bill Gates gets behind open source. * The FBI warns about attacks against US Law firms. * New ways to get cryto keys from Macs and many types of smartphones

If you have an item you'd like to contribute to Digital Forensics CaseLeads, please send it to

Good Reads/Listens:

  • 'A new forensics': adapting to changing digital crimes, a good essay on keeping current. "In the world of proof and evidence, tried-and-tested technologies and procedures are hard-earned and valued. ...[W]e're now seeing the emergence of ?a new forensics': a discipline that's reinventing itself year-by-year, but that remains rooted in stable scientific principles."
  • Most people we meet outside of work really don't know what we mean if we say we "work in Digital Forensics." Here is an excellent ABC News story that answer that, and a good reference article to send to anyone that wants to know: Digital Detectives Dig Through Data Deluge
  • What if forensicators and cybercrime fighters could use the techniques of Anonymous to fight cyber crime? That's the idea behind the new group, The CyberMilitia. M1ster_E a spokesperson for CyberMilitia was interviewed about this effort on CyberJungleRadio. The interview with M1ster_E begins at about 16min into the program.
  • Why malware, keylogging, webcams and young women don't mix: The Hacker (sic) is Watching, from GQ magazine.
  • Meet Bill Gates, the Man Who Changed Open Source Software [!?]. Read The Wired Story.


  • Anti, Anti Mac Forensics: Forensics firm Passware Kit 11.3 extracts Mac OS X FileVault whole disk encryption keys, keychain passwords, and decrypts hashed passwords with Rainbow Tables. They are also warning Mac users to vulnerabilities of Mac encryption solutions. Read the company release.
  • Inc. announced the availability of a new version of their computer forensic suite, MacForensicsLab 4.0. The company says the new version brings a "streamlined interface" and other improvements to make examinations "quicker and more accurate than ever before." Read more on their dedicated Mac forensics store/site.
  • A common computer crimes defense is "a virus did it." Many times, it makes sense to scan images for malware. Here is a helpful guide: How to Scan for Viruses in Windows Using a Linux Live CD/USB
  • For those using a Linux desktop distro in the field on their work laptop: Barry is an Open Source application that allow one to tether a Blackberry for internet access.



  • An interesting way to have fun with timelines - BBC Worldwide set to launch major new Doctor Who game: The Eternity Clock

Coming Events:

Call For Papers:


Digital Forensics Case Leads is a (mostly) weekly publication of the week's news and events relating to digital forensics. If you have an item you'd like to share, please send it to

by Ira Victor, G2700, GCFA, GPCI, GSEC, ISACA CGEIT CRISC. Ira Victor is a forensic analyst with Data Clone Labs, He is also Co-Host of CyberJungle Radio, the news and talk on security, privacy and the law. Ira is President of Sierra-Nevada InfraGard, and a member of The High Tech Crime Investigator's Association (HTCIA). Follow Ira's security and forensics tweets: @ira_victor.