SANS Digital Forensics and Incident Response Blog: Author - Ray Strubinger

Digital Forensics Case Leads: Bulk_extractor how-to, Verizon Report, FTK review, China prime suspect in RSA and other incidents

In this week's edition of Case Leads we have a how-to for Bulk_extractor's find feature, first impressions on the new database options in FTK, an extension for log2timeline for parsing the cache in Firefox, the Verizon data breach report, and statements by current and former US government officials about Stuxnet and China. If you have … Continue reading Digital Forensics Case Leads: Bulk_extractor how-to, Verizon Report, FTK review, China prime suspect in RSA and other incidents


Digital Forensics Case Leads: New versions of Bulk_extractor and FTK, new blogs on malware and forensics, and lost flash drives

In this week's edition of Case Leads we have updates to a couple of tools, Bulk_extractor and FTK as well as two new blogs featuring malware analysis and digital forensics tutorials. If you have an item you'd like to contribute toDigital Forensics CaseLeads, please send it to caseleads@sans.org. Tools: A new version of Bulk_extractor has … Continue reading Digital Forensics Case Leads: New versions of Bulk_extractor and FTK, new blogs on malware and forensics, and lost flash drives


Digital Forensics Case Leads: New version of REMnux, tools for imaging iPhone and Android devices, and a list of "Best Reads" from 2011

This week's edition of Case Leads features a new version of REMnux for malware analysis and we have two tools for collecting forensic images from iPhone and Android devices. We also have a couple of articles on Android memory analysis and the use of Open Source digital forensics tools to validate commercial tools. As always, … Continue reading Digital Forensics Case Leads: New version of REMnux, tools for imaging iPhone and Android devices, and a list of "Best Reads" from 2011


Digital Forensics Case Leads: Evolving Malware Market, Feint Attacks, and Malicious Hacker Psychology

This week's edition of Case Leads features tools to discover MD5 hashes and extract Flash files from PDFs. We also have recommendations on network defense from researchers who have been studying the psychology of cyber attackers. There's evidence of service consolidation in the malware market and the FBI cautions that denial of service attacks are … Continue reading Digital Forensics Case Leads: Evolving Malware Market, Feint Attacks, and Malicious Hacker Psychology


Digital Forensics Case Leads: Data Extraction, Cyber Threat Reports, APTs and Duqu, a Stuxnet Variant

This week's edition of Case Leads features updates to applications for bulk data extraction and processing mobile devices. We also have a couple of reports from the researchers at Georgia Tech and Microsoft that address emerging and current cyber threats. We close out this week's Case Leads with a few suggestions on how to address … Continue reading Digital Forensics Case Leads: Data Extraction, Cyber Threat Reports, APTs and Duqu, a Stuxnet Variant