SANS Digital Forensics and Incident Response Blog: Author - Rob Lee

SANS DFIR Wall Poster Preview

The SANS DFIR Wall Poster is complete. The poster is our first dedicated specifically for Digital Forensics and Incident Response analysts. The poster will be sent to your home as a part of the SANS NS2012 course catalog. How Do I Receive the Poster? To sign up to receive the poster automatically, you will need … Continue reading SANS DFIR Wall Poster Preview


Is Anti-Virus Really Dead? A Real-World Simulation Created for Forensic Data Yields Surprising Results

One of the biggest complaints that many have in the DFIR community is the lack of realistic data to learn from. Starting a year ago, I planned to change that through creating a realistic scenario based on experiences from the entire cadre of instructors at SANS and additional experts who reviewed and advised the attack … Continue reading Is Anti-Virus Really Dead? A Real-World Simulation Created for Forensic Data Yields Surprising Results


SANS DFIR Summit and Training this June in Austin - Texas

The Digital Forensics & Incident Response Summit & Training, taking place in Austin, TX, is fast approaching. Register now and save up to $500 with our early bird pricing! Seats are limited and going quickly, so register before they're gone. Pre-Summit Training Courses: June 20 - 25, 2012 SANS top notch Digital Forensic training with … Continue reading SANS DFIR Summit and Training this June in Austin - Texas


Digital Forensic SIFTing: Colorized Super Timeline Template for Log2timeline Output Files

Last Month at the SANS360, I promised the release of the Timeline Template to be used to automatically colorize your timelines. Review on Timeline Creation: 1.Mounting Evidence Files 2.Automated Timeline Creation 3. Targeted Timeline Creation TIMELINE CREATION CHEAT SHEET The Timeline Color Template in EXCEL 2007+ The EXCEL TEMPLATE can be downloaded here. TIMELINE_COLOR_TEMPLATE MD5 … Continue reading Digital Forensic SIFTing: Colorized Super Timeline Template for Log2timeline Output Files


Digital Forensic SIFTing - Targeted Timeline Creation and Analysis using log2timeline

Digital Forensic SIFTing is a series of blog articles that utilize the SIFT Workstation. The free SIFT workstation, can match any modern forensic tool suite, is also directly featured and taught in SANS' Advanced Computer Forensic Analysis and Incident Response course (FOR 508). SIFT demonstrates that advanced investigations and responding to intrusions can be accomplished … Continue reading Digital Forensic SIFTing - Targeted Timeline Creation and Analysis using log2timeline