SANS Digital Forensics and Incident Response Blog

In this week's SANS Case Leads, we have a python script for parsing the Master Boot Record, a question of USB drive serial number uniqueness, some VSC goodness and some other stuff ;-)

If you have an item you'd like to contribute to Digital Forensics Case
Leads, please send it to caseleads@sans.org

Tools:

• Jamie Levy (@gleeda) posted a script that she wrote that parses the MBR in order to help find MBR infectors. Read Jamie's Blog post. Grab the script here.
• Jason Hale came up with a GUI front-end for Corey Harrell's batch scripts used to rip/examine Volume Shadow Copies, called VSC Toolset
• DEFT Linux 7.1 was released earlier this month. Read the announcement.

Good Reads:

• Mike Ahrendt gave some insight into his experience with his Education in Digital Forensics
• A new blog called Malware Analysis Blog has a tutorial on how to isolate your analysis VM from your host machine. Read about it here.
• Interesting post on the digfor blog regarding the uniqueness of USB Flash drive serial numbers.
• Harlan Carvey posted his thoughts on how specializing in sub-disciplines within Digital Forensics is not really such a good idea. Read the post titled Convergence.

Links:

• Chad Tilbury (@chadtilbury) put together a Memory Forensics Cheat Sheet which focuses on the use of Volatility. Grab version 1.0 here.

Levity

• The Oatmeal has posted it's State of the Web, Spring 2012 Edition.

Coming Events:

• SANS Cyber Guardian 2012 - Baltimore, MD - April 30 - May 7, 2012
• SANS AppSec 2012: Summit & Training-Las Vegas, NV - April 24 - May 2, 2012
• 7th ACM Symposium on Information, Computer and Communications Security - Seoul, South Korea - May 1 - 3, 2012
• SANS Secure Europe 2012 Amsterdam - Amsterdam, Netherlands - May 5 - 19, 2012
• AccessData User's Conference - Las Vegas, NV - May 08 - 10, 2012
• SANS Security West 2012 - San Diego, CA - May 10 - 18, 2012
• 14th Information Hiding Conference - Berleley, CA - May 15 - 18, 2012
• IEEE Symposium on Security & Privacy - San Francisco, CA - May 20 - 23, 2012
• Computer Enterprise and Investigation Conference - Summerlin, NV - May 21 - 24, 2012
• SANS Brisbane 2012 - Brisbane, Australia - May 21 - 26, 2012
• 2012 ADFSL Conference on Digital Forensics, Security and Law - Richmond, VA - May 30 - 31, 2012
• Techno Security 2012 Myrtle Beach, SC - June 03 - 06, 2012
• Mobile Forensics Conference - Myrtle Beach, SC - June 03 - 06, 2012
• 27th IFIP International Information Security and Privacy Conference - Heraklion, Crete, Greece - June 04 - 06, 2012
• Audio Engineering Society Audio Forensics - Denver, CO - June 14 - 16, 2012
• 24th Annual FIRST Conference - Malta - June 17 - 22, 2012
• Sans Forensics and Incident Response Summit - Austin, TX - June 20 - 27, 2012
• SANS Canberra 2012 - Canberra, Australia - July 2 - 10, 2012
• SANSFIRE 2012 - Washington, DC - July 6 - 15, 2012
• Symposium On Usable Privacy and Security (SOUPS 2012) - Washington, DC - July 11 - 13, 2012

Call For Papers:

• 7th USENIX Workshop on Hot Topics in Security (HotSec '12) - Due May 07, 2012
• 7th IEEE LCN Workshop on Security In Communication Networks - Due May 12, 2012
• Grrcon - Due June 01, 2012
• Applied Computer Security Applications Conference - Due Jun 01, 2012
• 4th International Conference on Digital Forensics & Cyber Crime - Due Jun 01, 2012
• IEEE International Workshop on Information Security and Forensics - Due Jun 24, 2012
• 2012 secau Security Congress - Due Sep 30, 2012

Joe Garcia is a Law Enforcement Officer with over 18 years of experience, the last 6 of which he has been assigned to conduct computer crime investigations and digital forensic examinations. He holds the GIAC GSEC Gold, GCIH & GCFA Silver and AccessData ACE certifications. You can follow Joe on Twitter at @jgarcia62