SANS Digital Forensics and Incident Response Blog: Author - Juan Leaniz

Timeline analysis with Apache Spark and Python

This blog post introduces a technique for timeline analysis that mixes a bit of data science and domain-specific knowledge (file-systems, DFIR). Analyzing CSV formatted timelines by loading them with Excel or any other spreadsheet application can be inefficient, even impossible at times. It all depends on the size of the timelines and how many different … Continue reading Timeline analysis with Apache Spark and Python


Digital Forensics: PS3 Linux file system analysis and network forensics

Let me start by noting how much fun I had while investigating and analyzing everything for this forensics challenge, I was able to apply many different techniques, from analyzing logs to file carving and network forensics. It's the 2009 forensics challenge from DFRWS and you can find the description, system images and pcap files at … Continue reading Digital Forensics: PS3 Linux file system analysis and network forensics


Digital Forensics: In-depth analysis of SRM and BCWipe (for unix)

Secure wiping tools are nothing new, we've all seen and used them for a long time now. It's no mystery that these tools are used by intruders to cover their tracks by securely deleting files such as logs, or other files they downloaded onto compromised systems. Organizations also use these tools to securely delete confidential … Continue reading Digital Forensics: In-depth analysis of SRM and BCWipe (for unix)