SANS Digital Forensics and Incident Response Blog

Digital Forensic Case Leads Getting caught via metadata, A Forensic Guide to Windows 8 and the New DFIR Wall Poster.

This week in Case Leads Apples security questions, Hacker gets caught via metadata, A DFIR wall poster will be available, a guide to Windows 8 forensics, a few tools have been updated and watching 182 superhero movies in under 5 minutes.

If you have an item you'd like to contribute to Digital Forensics Case Leads, please send it to


  • Simple Carver Suite just released version 4.7 which includes more tools to analyse and extract infromation from many different file types and utilities to assist in everyday tasks. The program can be found here.
  • Oxygen Software Updates Oxygen Forensic Suite 2012. More information can now be mined from new applications/messengers and web browsers.
  • Didier Stevens has Updated his TaskManager.xls spreadsheet, the new version can inject and execute shellcode in a target process..

Good Reads:

  • Rob Lee has completed the SANS DFIR Wall Poster. You can read about it here.
  • Over at Propeller head forensic blog you can download a Windows 8 forensic guide
  • At corkami's Google code page there is a picture of a Portable Executable file.



  • Watch a 182 Super Hero movies in under 5 minutes here.
  • Lego may soon release official Back to the Future sets.
  • urinal-mounted video game unit called Toylet.

Coming Events:

Call For Papers:


Digital Forensics Case Leads is a (mostly) weekly publication of the week's news and events relating to digital forensics. If you have an item you'd like to share, please send it to

Digital Forensics Case Leads for 20120210 was compiled by Mark McKinnon GCFA, CCE is Principal of RedWolf Computer Forensics where he has written many tools that are used throughout the Computer Forensic Community. You can follow Mark on twitter @markmckinnon.