SANS Digital Forensics and Incident Response Blog: Author - Lenny Zeltser

4 Cheat Sheets for Malware Analysis

DFIR professionals have much to remember. Conveniently, 4 of Lenny Zeltser's cheat sheets summarize key tools and techniques for analyzing and reverse-engineering malicious software. Continue reading 4 Cheat Sheets for Malware Analysis


Using ProcDOT Plugins to Examine PCAP Files When Analyzing Malware

ProcDOT is a free tool for analyzing the actions taken by malware when infecting a laboratory system. ProcDOT supports plugins, which could extend the tool's built-in capabilities. This article looks at two plugins that help examine contents of the network capture file loaded into ProcDOT. Continue reading Using ProcDOT Plugins to Examine PCAP Files When Analyzing Malware


How to Install SIFT Workstation and REMnux on the Same Forensics System

Combine SIFT Workstation and REMnux on a single system to create a supercharged Linux toolkit for digital forensics and incident response tasks. Here's how. Continue reading How to Install SIFT Workstation and REMnux on the Same Forensics System


How Miscreants Hide From Browser Forensics

Scammers, intruders and other miscreants often aim to conceal their actions from forensic investigators. When analyzing an IT support scam, I interacted with the person posing as the help desk technician. He brought up a web page on the victim's system to present payment form, so the person would supply contact and credit card details. He did this in a surprising manner, designed to conceal the destination URL. Continue reading How Miscreants Hide From Browser Forensics


Running Malware Analysis Apps as Docker Containers

A new REMnux project initiative provides Docker images of Linux applications useful for malware analysis to offer investigators easier access to malware forensics tools. Docker is a platform for packaging, running and managing applications as "containers," as a lightweight alternative to full virtualization. Several application images are available as of this writing, and you can contribute your own as a way of experimenting with Docker and sharing with the community. Continue reading Running Malware Analysis Apps as Docker Containers