SANS Digital Forensics and Incident Response Blog: Author - sansdfir

Investigate and fight cyberattacks with SIFT Workstation

Digital forensics and incident response (DFIR) has hit a tipping point. No longer just for law enforcement solving cybercrimes, DFIR tools and practices are a necessary component of any organization's cybersecurity. After all, attacks are increasing daily and getting more sophisticated - exposing millions of people's personal data, hijacking systems around the world and … Continue reading Investigate and fight cyberattacks with SIFT Workstation


Gamble? Not with your future

By Lee Whitfield Honestly, I've never been big into gambling. The closest I've come is buying a lottery ticket when I was 18. While I understand the excitement, the science, and compulsion, it has just never been a huge draw for me personally. There are many things that fall into the category of gambling. … Continue reading Gamble? Not with your future


Go Big with Bootcamp for Advanced Memory Forensics and Threat Detection

Many experienced security analysts end up repeating the same investigative playbook for similar types of cases day after day. They become technical experts but siloed into a single lane of investigative scenario, whether it be intellectual property theft, malware or intrusion investigations. With the rapid evolution of fileless malware and sophisticated anti-forensics mechanisms, security … Continue reading Go Big with Bootcamp for Advanced Memory Forensics and Threat Detection


DFIR Summit 2019 Call for Presentations (CFP) Now Open

The 2019 DFIR Summit CFP is now open through 5 pm CST on Monday, March 4th. The 12th annual SANS Digital Forensics & Incident Response (DFIR) Summit is the most comprehensive DFIR event of the year, bringing together an influential group of experts, immersion-style training, and industry networking opportunities in one place. Summit … Continue reading DFIR Summit 2019 Call for Presentations (CFP) Now Open


SANS FOR585 Q&A: Smartphone Forensics - Questions answered

Learning doesn't stop when you leave the SANS classroom. Instructors Domenica "Lee" Crognale, Heather Mahalik and Terrance Maguire answer some of the most common questions from FOR585 Smartphone Forensics course students in these short videos: 1) Using Hashcat to Crack an Encrypted iTunes Backup:Acquiring a locked iOS can be difficult so an iTunes … Continue reading SANS FOR585 Q&A: Smartphone Forensics - Questions answered