SANS Digital Forensics and Incident Response Blog

Digital Forensics Case Leads: Shmorgishborg of #DFIR

This week's edition of SANS Case Leads features a shmorgishborg of #DFIR tool updates, good reads, and some follow up information to recent data breaches. Don't forget to vote for the Forensic4cast awards, voting closes at the end of the day June 17 2012 and winners will be announced at the SANS DFIR summitt June 26, 2012.

If you have an item you'd like to contribute to Digital Forensics Case Leads, please send it to


  • New release of log2timeline, version 0.64. Bug fixes, one input module (LS_QuarantineEvents), and the introduction to a unit test suite. See changelog for full details.
  • The third beta release of Autopsy (version 3.0.0b3) was released. It has a lot of new features. See the Autopsy 3 page for more details.
  • Lightbox Technologies released Lightgrep Search for EnCase 1.0, a Perl-compatible regular expression search engine for forensics that's several times faster than EnCase's keyword search.
  • Hexacorn Limited released a neat prefetch hash calculator and look up table for Windows.
  • KatanaForensics announced on twitter that Lantern works on iOS 6.

Good Reads:



Coming Events:

Call For Papers:

About the authors:

David Nides is a manager in a Big4 Forensic Technology Services practice in Chicago, IL. He currently plays a lead role developing and delivering KPMG's Incident Response services, consulting clients globally in APT, data breach, and other cyber crime investigations. You can follow David on twitter @davnads or at his forensic blog.

Tony DeSarro is a manager in a Big4 Forensic Technology Services practice in Atlanta, GA, where he specializes in providing services to clients in the areas of computer forensics, electronic discovery, litigation readiness in support of civil litigation, compliance and monitoring, and fraud detection.