SANS Digital Forensics and Incident Response Blog

Case Leads: Real-time visualisation of attacks; Tracking Emails through headers; Coke gets hacked?; Quantum physics in digital forensics!; UK cybercrime victims gets IR team

In this week of Case Leads, Coke gets hacked and act silently. Cyber attack on Russian Government releasing 2.5 million records!!! A scottish research demonstrating how can Quantum Physics assist in solving e-crimes, Russia's cybercrime market to the light, UK cybercrime victims hire IR teams to investigate, Why SSD drives destroy court evidence? Real-time visualisation of attacks using the HoneyMap! Continue reading? this week of Case Leads.

If you have an item you'd like to contribute to Digital Forensics Case Leads, please send it to


  • The HoneyMap shows real-time visualisation of attacks against the Honeynet Project's sensors deployed around the world. It leverages the internal data sharing protocol hpfeeds as its data source. Read this post to learn about the technical details and frequently asked questions.
  • BlackLight is a multi-platform forensic analysis tool that allows examiners to quickly and intuitively analyze digital forensic media. BlackLight's core strength is Mac OS X and iOS (iPhone and iPad) data analysis. Latest release features included Skype analysis, new IOS and OS X support and several others.
  • Verdasys, provider of Enterprise Information Protection (EIP) solutions for enterprise and midmarket companies, announces the launch of Digital Guardian 6.1, an information protection platform that integrates compliance, insider threat prevention, and cyber threat prevention. The release also includes enterprise DLP iOS Mobile App and support for the Windows 8 operating system.
  • Image-Pro Premier is an image analysis software by MediaCybernetics it offers intuitive tools that make it easy to capture, process, measure, analyze and share your images and valuable data. The new Image-Pro Premier offers 64-bit support, a user-friendly interface, intuitive macros and app building tools, new and improved ways to automatically segment, classify and measure objects, and more tools for customizing your workflow.

Good Reads:

  • Why SSD Drives Destroy Court Evidence? and What Can Be Done About It? a nice article about SSD drives that describe how they work, what can and can't be recovered and more?
  • Be Very Quiet... I'm Tracking Emails Through Headers, a nice read to refresh our understanding about email headers and how to track them and verify the timestamps.


  • Coke Gets Hacked and Doesn't Tell Anyone, it all started few years ago!?
  • "Waging war" on Russia, hacktivist collective GhostShell have released 2.5 million records stolen from the Russian government.
  • Anonymous to takedown Facebook and free Zynga games on Bonfire night.
  • Facebook, Twitter, LinkedIn, Google+, Pinterest: all of them could be the source of valuable intelligence that the UK's intelligence agencies want to know about, interesting?!
  • Scottish-based research to help tackle e-crime, this time using quantum physics and tiny light particles to foil hackers and online criminals, it may sound like the stuff of Bond movies and sci-fi thrillers!
  • Digital Forensics steps into next level, Cloud Forensics? imagine how much processing power and time you need!
  • 7 things you didn't know about Russia's cybercrime market, a Trend Micro's new white paper on the Russian cybercrime hacker underground sheds a little light on the black market for your company's data.
  • The FBI wants tougher wiretap laws, and in its "Going Dark" campaign it's enlisted Homeland Security for examples of how companies like Comcast, Cricket, and T-Mobile are standing in the way!!
  • UK cybercrime victims get response team to call on after attacks, The scheme, backed by GCHQ and the government, is based on the expertise of 'quality-assured' companies from the private sector such as BAE Systems Detica, Mandiant, Cassidian and Context IS.

Coming Events:

Call For Papers:

About the author: By Maher Yamout, CCNA, CNDA, ECSA, GCFE. Maher Yamout is an Information Security Officer and Digital Forensic Examiner with the Lebanese Ministry of Finance. He was involved in cyber-security exam item writing with EC-Council and Prometric. Maher is also member of the High Tech Crime Investigation Association (HTCIA) Europe-at-Large chapter.