SANS Digital Forensics and Incident Response Blog: Daily Archives: Sep 16, 2015

Timeline analysis with Apache Spark and Python

This blog post introduces a technique for timeline analysis that mixes a bit of data science and domain-specific knowledge (file-systems, DFIR). Analyzing CSV formatted timelines by loading them with Excel or any other spreadsheet application can be inefficient, even impossible at times. It all depends on the size of the timelines and how many different … Continue reading Timeline analysis with Apache Spark and Python


Cloak Your Incident Investigation with Confidentiality

Summary: When an enterprise investigates a data security incident, it is often wise to involve legal counsel early. Counsel may be able to ensure the details of the investigation are kept confidential by law. Infosec Law and Politics Are Dangerous. The law and politics surrounding data security are highly adversarial. Legal and political adversaries have … Continue reading Cloak Your Incident Investigation with Confidentiality