SANS Digital Forensics and Incident Response Blog

Case Leads: Object Access Logs, Perl Harbor and More.....

In this weeks SANS Case Leads we look at new tools, get updates to some cheat sheets, take a look at Object Access event logs, learn about cyber Perl Harbor and more!

If you have an item you'd like to contribute toDigital Forensics Case
Leads, please send it to caseleads@sans.org.
Tools:

  • Keep an eye out for Plist Parser to come out. At "Another Forensic Blog".
  • Log2Timeline gets a UTMP module. Read about it here.
  • David Nides is getting closer to releasing his Log2Timeline Review tool. You can see his latest work at his blog.
  • A new unified browser history viewer for Firefox, Safari, IE, and Chrome released from NirSoft.

Good Reads:

  • Learn what Object Access event logs can do for you in your investigations over at randomuserid blog.
  • Chris Sanders has some interesting insight on comparing the medical field with information security and how we can improve upon our processes. Read more about it at his site here.
  • At A Fistgful of Dongles, Eric Huber has interesting look at Cyber Terrorism.
  • Interesting read posted on Sanderson Forensics about contiguous and fragmented files.

News:

  • There is a new episode of The Cyber Jungle. Enjoy an interview with Ken Westin on Mobile Device Forensics.
  • You can now follow Volatility on Twitter.
  • Mike Wilkinson has posted an updated list of File System cheat sheets over at WriteBlocked.

Levity:

  • Malware researchers keep special kind of pets.

 

Coming Events:

Call For Papers:

 

About the author:

    This weeks SANS Case Leads was put together by Mike Ahrendt (@mikeahrendt), GCFE. Mike works at Grand Rapids Community College as an Information Security Analyst handling compliance, incident response and investigations. Mike can be followed on twitter at @mikeahrendt.