SANS Digital Forensics and Incident Response Blog

Caseleads: South Korea Attack Forensics; Google Glass Brings Discoverable Evidence To Litigation; The Post Data Breach Boom; Fighting Insider Fraudsters

Mark this date: On March 20th 2013, the non-technical managers may finally start to understand what a digital forensics professional actually does. With the massive cyber attacks on South Korean banks, media outlets, and ISPs, the role of forensicators is put front and center. The attack(s) resulted in widespread ATM outages, online banking and mobile banking offline, and tens of thousands of PCs wiped of all their data. At minimum, non-technical decision makers should finally start to understand that cyber attackers are not targeting "someone else." The attacks in South Korea had an impact on the bottom line of many South Korean firms. Since many of the same strategies for information security and incident response are used by most westernized nations, many experts agree that the attacks in South Korea are a warning sign of what could happen in the United States. We have analytical coverage of the South Korean attacks, with stories and drill downs that go beyond the headlines.

Was it only a week ago that the world was abuzz about the protests starting over the tracking and data collection from Google Glass? We have a forensic look at augmented reality. And, flaws in other mobile platforms that might help forensic professionals gain access to devices in a pinch.

If you have an item you'd like to contribute to Digital Forensics Case Leads, please send it to


  • BlackBag Technologies Releases BlackLight2013: Mac OS X, iPhone, and iPad Forensics Software Release
  • Katana Forensics recently updated Latern3 to include iOS and many Android device, all in one software tool
  • EnCase Forensic Imager is a new product that allows the creation of EnCase evidence files or EnCase logical evidence files. EnCase Forensic Imager is available for free, and does not require an EnCase license.

Good Reads:



Coming Events:

Call For Papers:

By Ira Victor, G2700, GCFA, GPCI, GSEC, ISACA CGEIT CRISC. Ira Victor is a forensic analyst with Data Clone Labs, He is also Co-Host of CyberJungle Radio, the news and talk on security, privacy and the law. Ira is President of Sierra-Nevada InfraGard, and a member of The High Tech Crime Investigator's Association (HTCIA). Follow Ira's security and forensics tweets: @ira_victor.