SANS Digital Forensics and Incident Response Blog

Digital Forensic Case Leads : Flame On! The most sophisticated malware since...the last one, Higher Ed data breach and PowerShell forensics.

The big story this week (along with plenty of hyperbole) is Flame/Flamer/sKyWIper malware which has been evading detection for years and targeting systems in the Middle East. We also got some detailed and useful information from Apple in the form of an iOS Security Guide and Scripting Guy offers up several useful techniqes for using PowerShell in forensics.

If you have an item you'd like to contribute to Digital Forensics Case Leads, please send it to


Good Reads:




Coming Events:

Call For Papers:


About the author:

Digital Forensics Case Leads for 2012-06-01 was compiled by Rob Dewhirst GCFA, GCIH, CISSP. Rob is a security analyst and CSIRT lead for a Tier I University in the midwest and a private DFIR consultant.