SANS Digital Forensics and Incident Response Blog: Author - Ray Strubinger

Digital Forensics Case Leads: Registry and Malware Analysis Tools, Preparing to Testify, and Virtual Machine Technology on Mobile Devices

This week's edition of Case Leads features a number of new tools and updates for a few of the old standbys. We have a collection of tools designed for studying malware found on Windows or Android platforms and a couple of new applications for registry analysis. Virtual machine technology is heading for Android based devices … Continue reading Digital Forensics Case Leads: Registry and Malware Analysis Tools, Preparing to Testify, and Virtual Machine Technology on Mobile Devices


Digital Forensics Case Leads: RAM Capture Tool DumpIt, Monitoring Applications with Carbon Black, a Brief History of Malware, and the Impact of Technology in Trials

This week's edition of Case Leads features a couple of tools for Windows including a memory capture application, a kernel driver that monitors and reports on interesting processes, and a tool for exporting data from "the Cloud." We've also included a TED talk on the history of malware and we have an article on the … Continue reading Digital Forensics Case Leads: RAM Capture Tool DumpIt, Monitoring Applications with Carbon Black, a Brief History of Malware, and the Impact of Technology in Trials


Digital Forensics Case Leads: Androids, Breaches, & Clouds All Around

Welcome to this week's edition of Case Leads! Data breaches continue this week and Apple announces the iCloud while others speculate on the impact of the Cloud to Digital Forensics. We have a data recovery USB "stick" for Android phones, a book on Android forensics, and a fragmented photo carving utility. As this week's edition … Continue reading Digital Forensics Case Leads: Androids, Breaches, & Clouds All Around


Digital Forensics Case Leads: Visualization Tools, Information Security in Law Firms, Hack Attacks, another Stuxnet Analysis and more

This week's edition of Case Leads features two Twitter visualization tools, a new RegRipper plug-in, a podcast with Rob Lee and details on attacks against Oracle and EMC. We also have another Stuxnet analysis, news on the acquisition of NetWitness, and a study on a new Black Market currency. As always, if you have an … Continue reading Digital Forensics Case Leads: Visualization Tools, Information Security in Law Firms, Hack Attacks, another Stuxnet Analysis and more


Digital Forensics Case Leads: Capturing Mac Memory, the Shifting Threat Landscape, Forensics Tool Updates, and Zero Day: A Novel

This week's edition of Case Leads features new and updated forensics tools, a report on changes in attack patterns, a novel from what may seem like an unlikely source and thoughts on timestamp manipulations. The ability to create a memory image on OS X has been lacking until now. A recently released report suggests that … Continue reading Digital Forensics Case Leads: Capturing Mac Memory, the Shifting Threat Landscape, Forensics Tool Updates, and Zero Day: A Novel