SANS Digital Forensics and Incident Response Blog

Digital Forensic Case Leads: A Volume Shadow Copies Toolset Updated, Malware Binary Files Analysis Became Easier, Media and Mobile Forensics Analysis, And A Man Stabs His Computer!

Welcome to the Digital Forensic Case Leads. A Volume Shadow Copies toolset updated with a new great ability, Malware binary files analysis became easier, Media and Mobile forensics analysis,is your cloud data secure? Data killers, a man stab his computer!? Mobile phones cyberthieves, i-robot film in reality? All that and more, this week on Case Leads?

If you have an item you'd like to contribute toDigital Forensics Case Leads, please send it to


  • VSC toolset A.K.A Volume Shadow Copies toolset updated, and one of the biggest change incorporates the ability to browse shadow copies using an Explorer-like interface! That's a great feature to ease forensicators tasks?
  • Anubis is a web application/service for analyzing malware. Submit your Windows executable and receive an analysis report telling you what it does. Alternatively, submit a suspicious URL and receive a report that shows you all the activities of the Internet Explorer process when visiting this URL.
  • VizX 2 is a total solution for analysing video and photo material confiscated in investigations into sexual child abuse.
  • LE - a new tool for MAC forensics and it is designed to provide law enforcement with critical capabilities needed to reliably collect and analyze data from live computer systems running various versions of Mac OS X.
  • Elcomsoft has updated EPPB (Elcomsoft Phone Password Breaker) to include iCloud functionality. The tool now has the ability to retrieve iPhone user data from the iCloud without any lengthy attack or physical access to the device. The data is directly downloaded to the analyst's computer.
  • Belkasoft has announced tighter integration of its flagship forensic tool, Belkasoft Evidence Center, with Guidance Software EnCase, the industry-standard all-in-one computer investigation solution. Supporting the latest version of EnCase 7, users of EnCase software can easily access and analyze data obtained or carved by Belkasoft Evidence Center.

Good Reads:

  • Forensic Timeline for beginners - Part 3, is a sequel of 2 previous parts that explains Forensic Timeline from basics and climbs up the ladder.
  • This article describes technical problems encountered by specialists in mobile forensics.
  • Apple Examiner performed a series of experiments to measure the functionality and performance of the two most commonly used Windows- based computer forensics applications on a Macintosh running Windows XP in native mode and in two virtual environments relative to a similarly configured Dell personal computer.


  • The High Tech Crime Institute Group has announced the Forensic Store website for the sale of used/refurbished items in the
    digital forensics arena. Short and long term employment ads can also be posted. Posting of ads is free.
  • This article is related to the new tool published by Elcomsoft stated above in the tools section. Moreover, it also spotlight its features and some cons?
  • Man Stabs Computer to Hide Child Porn from FBI? How strange can it be ;)
  • "Data Killer" Instantly Erases All the Incriminating Digital Evidence!!
  • As we are more and more addicted to our online life and our mobile devices, it's no surprise that a growing number of cybercriminals are lurking out there with us, check it out!
  • Avatar and robot crime!!! i-robot film to reality???


Coming Events:

Call For Papers:


About the author:

By Maher Yamout, CCNA, CNDA, ECSA, GCFE. Maher Yamout is an Information Security Officer and Digital Forensic Examiner with the Lebanese Ministry of Finance. He was involved in cyber-security exam item writing with EC-Council and currently with Prometric. Maher is also member of the High Tech Crime Investigation Association (HTCIA) Europe-at-Large chapter.