SANS Digital Forensics and Incident Response Blog

Digital Forensics Case Leads: Botnets and Updates Galore, A Few Good Reads and a Little Levity

In this issue of Case Leads with have several mobile device updates along with several other tools, botnets and Androids hit the news and a little levity.

If you have an item you'd like to contribute to Digital Forensics Case Leads, please send it to


  • Oxygen Forensics Suite have released version 5.0. It supports more then 6300 different models and will come with a brand new method for rooting for Android 4.x devices.
  • Passware announces the release of version 12.1 which can recover the passwords from MS Office 2013 as well as numerous others. It also offers an instant decryption service for several different passwords.
  • Burp Suite released a new version of their toolkit for web application and security testing. New additions in this release include support for Python, a richer API and numerous features dealing with extensions.
  • Micro Systemation announces the release of XRY v6.4.1. This release supports 8,108 mobile device profiles along with enhanced support for 110 different smartphone apps over the Android, iOS, BlackBerry and Windows phone platforms
  • Mandiant updates both Readline and IOC Editor. Redline v1.7 adds the ability to Timeline and Search. IOC Editor changes include bug fixes and additions to the properties panels, keyboard shutcuts and an Options dialog along with several others.

Good Reading and Listening

  • Lance Mueller has a good post over at where he talks about trying to find a program that will wipe and verify a drive but also allow him to see what it is doing.
  • Harlan Carvey has 2 posts over on his blog Windows Incident Response Blog. The first post deals with using shellbags and their artifacts that are be created. The second post is about who to use for a forensic exam.



Coming Events:

Call For Papers:

Digital Forensics Case Leads is a (mostly) weekly publication of the week's news and events relating to digital forensics. If you have an item you'd like to share, please send it to

Digital Forensics Case Leads for 20121130 was compiled by Mark McKinnon (@markmckinnon) CCE, GCFA. Mark is a Software Developer and Instructor at a University in the Midwest where he also practices digital forensics.