SANS Digital Forensics and Incident Response Blog

Case Leads: Object Access Logs, Perl Harbor and More.....

In this weeks SANS Case Leads we look at new tools, get updates to some cheat sheets, take a look at Object Access event logs, learn about cyber Perl Harbor and more!

If you have an item you'd like to contribute toDigital Forensics Case
Leads, please send it to

  • Keep an eye out for Plist Parser to come out. At "Another Forensic Blog".
  • Log2Timeline gets a UTMP module. Read about it here.
  • David Nides is getting closer to releasing his Log2Timeline Review tool. You can see his latest work at his blog.
  • A new unified browser history viewer for Firefox, Safari, IE, and Chrome released from NirSoft.

Good Reads:

  • Learn what Object Access event logs can do for you in your investigations over at randomuserid blog.
  • Chris Sanders has some interesting insight on comparing the medical field with information security and how we can improve upon our processes. Read more about it at his site here.
  • At A Fistgful of Dongles, Eric Huber has interesting look at Cyber Terrorism.
  • Interesting read posted on Sanderson Forensics about contiguous and fragmented files.


  • There is a new episode of The Cyber Jungle. Enjoy an interview with Ken Westin on Mobile Device Forensics.
  • You can now follow Volatility on Twitter.
  • Mike Wilkinson has posted an updated list of File System cheat sheets over at WriteBlocked.


  • Malware researchers keep special kind of pets.


Coming Events:

Call For Papers:


About the author:

    This weeks SANS Case Leads was put together by Mike Ahrendt (@mikeahrendt), GCFE. Mike works at Grand Rapids Community College as an Information Security Analyst handling compliance, incident response and investigations. Mike can be followed on twitter at @mikeahrendt.