SANS Digital Forensics and Incident Response Blog: Author - Gregory Pendergast

Digital Forensics Case Leads: A Matter of Time

Time is of the essence this week. Several good resources expanding and extending the area of timline analysis have hit the interwebs, and you'll find them featured below in the Good Reads sections. In the news, Brian Krebs drops the names of other organizations penetrated by the RSA attackers. Meanwhile, NetAnalysis gets an update and … Continue reading Digital Forensics Case Leads: A Matter of Time


Digital Forensics Case Leads: Python Puts Snakes on the Case

This week, we feature a number of tools and articles that leverage Python to do the heavy lifting. So, if you're looking for scripts and applications to put the squeeze on some of that work load, this may be the article for you. In other news, Brian Krebs alerts us to new malware tricks, Jennifer … Continue reading Digital Forensics Case Leads: Python Puts Snakes on the Case


Digital Forensics Case Leads: There Is No Theme

This week in Case Leads, we feature a wide array of new tools and articles that defy classification under any particular theme. You'll find tools forensic image processing and analysis, PDF analysis, and password cracking. News and articles include issues of law, process automation, forensic value, and incident response. Continue reading Digital Forensics Case Leads: There Is No Theme


Digital Forensics Case Leads: Triage, Live Incident Response, and Memory Forensics

Our focus this week is on live response, memory forensics, and triage. New tools from Mandiant (Redline) and HBGary (Responder Community Edition) jump into the live response and memory forensics arena and appear to hold some promise for those who need to delegate first response activities to IT support staff who don't have prior Incident … Continue reading Digital Forensics Case Leads: Triage, Live Incident Response, and Memory Forensics


Digital Forensics Case Leads: ACLU, Michigan State Police, and Cellebrite

This week, the dispute between the ACLU of Michigan and the Michigan State Police engages most of my attention here. But there are a lot of other interesting items this week, including Verizon's 2011 Data Breach Investigations Report, one person's stab at what to do about Chinese espionage, and new information about the location data … Continue reading Digital Forensics Case Leads: ACLU, Michigan State Police, and Cellebrite