SANS Digital Forensics and Incident Response Blog: Author - Rob Dewhirst

Digital Forensics Case Leads: New REMnux, Registry tools and more APT1 analysis

This week in Case Leads we have a great new update to REMnux, two new tools for registry analysis and be sure to vote for the Forensic 4cast Awards right after you hop over to the new REM community on Stack Exchange. If you have an item you'd like to contribute to Digital Forensics Case … Continue reading Digital Forensics Case Leads: New REMnux, Registry tools and more APT1 analysis


Digital Forensics Case Leads: When the news is the news

This week's case leads has several new tool updates and some interesting articles about reverse engineering, database forensics and a new forensics challenge. However, the big stories this week were about the recent break ins at the New York Times and the Wall Street Journal. If you have an item you'd like to contribute to … Continue reading Digital Forensics Case Leads: When the news is the news


Digital Forensics Case Leads: Lots of oopsies

This week's edition of Case Leads covers an interview about the Onity Hotel lock oopsie, an oopsie involving overlooked artifacts in the Casey Anthony trial, the oopsie of dumping lots of confidential confetti at a parade, and the findings of the investigation into the Palmetto state oopsie. Many great tool updates (OllyDbg, bulk_extractor) and some … Continue reading Digital Forensics Case Leads: Lots of oopsies


Digital Forensics Case Leads: Plugins galore, Adobe and phpMyAdmin hacked, Sophos AV eats its own head.

This month we're nearing the end of the flood of plugins for the Volatility memory analysis framework, we got a big update to the archive of RegRipper plugins and heard two tales of security companies with major security woes, one of which was self-inflicted. If you have an item you'd like to contribute to Digital … Continue reading Digital Forensics Case Leads: Plugins galore, Adobe and phpMyAdmin hacked, Sophos AV eats its own head.


Digital Forensics Case Leads: Multi-plat RAT, No US Cybersecurity bill, Dropbox drops a doozie, Volatility everywhere

This week we found out the NetWire Remote Access Trojan claims to be able to infect everyone, the US Senate has blocked a much-debated cybersecurity bill, Dropbox shows it's great way to share the confidential data of Dropbox customers, British Telecom says somewhere between 100% and 0% of Android devices are compromised and cybercrime costs … Continue reading Digital Forensics Case Leads: Multi-plat RAT, No US Cybersecurity bill, Dropbox drops a doozie, Volatility everywhere