SANS Digital Forensics and Incident Response Blog: Author - Rob Lee

Digital Forensics and Incident Response Summit 2012 — Call For Speakers

Dates: Summit Dates: June 26 - 27, 2012 Pre-Summit Course Dates: June 20 - 25, 2012 Summit Venue: Omni Hotel Downtown Austin 700 San Jacinto @ 8th Street Austin, TX 78701 Phone: (512) 476-3700 Fax: (512) 397-4888 Omni Hotel The 5th annual Forensics and Incident Response Summit will again be held in the live musical … Continue reading Digital Forensics and Incident Response Summit 2012 — Call For Speakers


The SANS360: Digital Forensics and Incident Response Lightning Talk - Dec 13 2011

Open/Free for Everyone - Registration Required ATTEND IN PERSON REGISTER HERE: https://computer-forensics.sans.org/sans360/dec2011/ SIMULCAST WEBCAST REGISTER HERE: https://www.sans.org/webcasts/digital-forensics-incident-response-lightning-talk-%96-live-webcast-94919 TWITTER HASHTAG: #sans360 DATE: Tuesday, December 13, 2011 LOCATION: Hilton Washington & Towers ROOM: Columbia 5 6:30 PM-7:30 PM - SANS360: DFIR Lightning Talk 7:30 PM -8:30 PM - Networking Happy Hour - w/Food and Drinks 10 … Continue reading The SANS360: Digital Forensics and Incident Response Lightning Talk - Dec 13 2011


Digital Forensic SIFTing - Mounting Evidence Image Files

This is a series of blog articles that utilize the SIFT Workstation. The free SIFT workstation, can match any modern forensic tool suite, is also directly featured and taught in SANS' Advanced Computer Forensic Analysis and Incident Response course (FOR 508). SIFT demonstrates that advanced investigations and responding to intrusions can be accomplished using cutting-edge … Continue reading Digital Forensic SIFTing - Mounting Evidence Image Files


Shadow Timelines And Other VolumeShadowCopy Digital Forensics Techniques with the Sleuthkit on Windows

Creating Digital Forensic Filesystem Timelines From Multiple Windows Volume Shadow Copies

Introduction to Shadow Timelines:

This past weekend I was upgrading the SIFT Workstation to the new version and I realized I had not used the Windows version of the Sleuthkit tools in awhile. I usually demonstrate in class that many of the sleuthkit tools can work directly against the logical partitions of a Physical Hard Drive (e.g. \\.\\C:, \\.\\D:). It occurred to me that I had never tried to use the filesystem parser and timeline generator fls on a Windows Vista, Windows 7, or Windows 2008 Server ShadowCopyVolume.

We have known for some time now that you can image a Shadow Volume. I wrote a

...


Consortium of Digital Forensic Specialists Is Launched; Will Focus on Standards and Advocacy

Wakefield, Mass. - Aug. 4, 2011 - The Consortium of Digital Forensic Specialists (CDFS), a global non-profit industry group that aims to improve the digital forensic profession through unity, advocacy and standardization, announced today that it is now accepting membership applications from interested organizations and individuals. CDFS plans to develop and influence standards for … Continue reading Consortium of Digital Forensic Specialists Is Launched; Will Focus on Standards and Advocacy