SANS Digital Forensics and Incident Response Blog: Author - Gregory Pendergast

Digital Forensics Case Leads: Got Malware?

This week on Case Leads, it's mostly about the malware. A new tool called Maltrieve will help retrieve it for analysis, articles on Java *.idx files and NTFS artifacts can help us find it post-mortem, and security software companies get pwned by it. Joking aside though, if you're scoffing at Bit9 this week, you should … Continue reading Digital Forensics Case Leads: Got Malware?


Digital Forensics Case Leads: Open Source Forensics Edition

This week, the Open Source Digital Forensics Conference and the Open Memory Forensics Workshop were both held in Chantilly, VA, and the wealth of tools and knowledge coming out of these conferences was simply staggering. Of course, not everything this week revolved around, or arose out of, the Open Source Digital Forensics Conference. But there … Continue reading Digital Forensics Case Leads: Open Source Forensics Edition


Digital Forensics Case Leads: Your Password Is Out There, again...

Data breaches at LinkedIn, eHarmony, and Last.fm exposed millions of account passwords, and probably other data that the attackers haven't made public. also a wealth of interesting new and updated tools. Among these are HexDive, SquirrelGripper, ShadowKit, and a Report Writing cheat sheet from Girl,Unallocated. Also worthy of particular note is Corey Harrell's Compromise Root Cause Analysis Model Continue reading Digital Forensics Case Leads: Your Password Is Out There, again...


Digital Forensics Case Leads: log2timeline, DFIR dogs, and cybersemantics

This week brings us a new version of log2timeline, Cindy Murphy explaining how we're all like dogs (it's not a bad thing, I swear), and Kyle Maxwell wading into the murky semantic waters of APT, cyberwar, and hackers. Just to tweak Kyle, I'll dub that part cybersemantics. You can also learn what Facebook turns over … Continue reading Digital Forensics Case Leads: log2timeline, DFIR dogs, and cybersemantics


Digital Forensics Case Leads: ReFS, Ex01, and DFIROnline

This week's cornucopia of forensic goodness so thoroughly defies summary that I nearly gave up writing an introduction. But a few things do merit particular emphasis. First, the second DFIROnline meetup takes place tonightat 20:00 EST. Luminaries Harlan Carvey and Eric Huber will be presenting. Before then, however, you may want to take some time … Continue reading Digital Forensics Case Leads: ReFS, Ex01, and DFIROnline