This week in Case Leads we have a great new update to REMnux, two new tools for registry analysis and be sure to vote for the Forensic 4cast Awards right after you hop over to the new REM community on Stack Exchange.
If you have an item you'd like to contribute to Digital Forensics Case Leads, please send it firstname.lastname@example.org.
- REMnux, the linux distro designed for malware reverse-engineering, has been updated to version 4 and it's now distributed as a VMware virtual appliance, a bootable ISO and as an OVA virtual appliance. An overview of the appliance installation was covered on this blog a couple of days ago, and SANS is hosting a webcast to go over what's new in V4 on April 29th.
- Mark Woan has released autorunner as an alternative to the Sysinternals Autoruns. It works over multiple user profiles, parses LNKs and more (stuff Autoruns doesn't do). Code download
- Nuix has upgraded Proof Finder. More details over at the Forensic Focus blog.
- 504ENSICShas announced Registry Inspector,a new and improved Windows registry analysis tool based of the popular Registry Decoder.
- RegRipper has been consolidated into a single site, and there's a new archive of plugins with some additions including one that examines the MenuOrder registry key.
- The reverse engineering community over at Stack Exchange has been getting some good reviews.
- Over at malware.lu they've published a "backstage" analysisof the APT1Poison Ivy RAT tool. It goes into considerable detail.
- The Carpe Indicium blog has two blog entries on forensic artifacts of Microsoft Lync. Part 1. Part 2.
- A good walkthough (and reminder to test your analyses) about NTFS timestamps.
- Forensic4Cast has announced their nominees for the 4cast Awards in 2013. You can vote here.
- Bank of Cyprus execshad wiping software installed on their work computers and destroyed data.
- Fast-Talking Computer Hacker Just Has To Break Through Encryption Shield Before Uploading Nano-Virus
- It's never the firewall. Trust me.
- SANS Cyber Guardian 2013- Baltimore, MD - Apr 15 - 20, 2013
- SANS Secure Europr 2013- Amsterdam, Netherlands - Apr 15 - 27, 2013
- SANS CDK Seoul 2013- Seoul, Korea, Republic of - Apr 22 - 27, 2013
- SANS Security West 2013- San Diego, CA - May 9 - 14, 2013
- SANS Austin 2013- Austin, TX - May 19 - 24, 2013
- International Workshop on Cyber Crime- San Francisco, CA - May 24, 2013
- Techno Security and Forensics Investigation Conference- Myrtle Beach, SC - Jun 2 - 5, 2013
- Mobile Forensics World- Myrtle Beach, SC - Jun 2 - 5, 2013
- ADFSL 2013 Conference on Digital Forensics, Security and Law- Richmond, VA - Jun 10 - 12, 2013
- FIRST Conference- Bangkok, Thailand - Jun 16 - 21, 2013
- Shakacon V- Honolulu, Hawaii - Jun 25 - 28, 2013
- SANS Digital Forensics and Incident Response Summit 2013- Austin, TX - Jul 9 - 10, 2013
- 28th IFIP TC-11 SEC 2013 International Information Security and Privacy ConferenceAuckland, New Zealand - Jul 8 - 10, 2013
Digital Forensics Case Leads for 20130413 was compiled by Rob Dewhirst (@robdew) GCFA, GCIH, GREM CISSP. Rob is a security analyst and CSIRT lead for a Tier I research University in the midwest and a private DFIR consultant.