SANS Digital Forensics and Incident Response Blog: Author - sansinstitute

Why Teaching Matters - A Letter About FORENSICS 508 - Computer Forensic Investigations and Incident Response

This is a really special letter that we thought we would share with the community. Thanks Bob and great work! Letter republished with permission from Bob Elder.

_______________________________________________________________________________________

Just wanted to pass along my accolades for the SANS 508 course. I have been taking this course via the on-demand method and had to stall the course due to a high profile case I was working on. The case involved online file sharing where the target was visited by police for items found in his publicly shared folder. When the search warrant took place, police members found out that the suspect had been discovered by his wife and had removed all the child pornography videos, including the ones that were documented in the investigation.

When I got the computer and imaged the drive, nothing was there except

...


SANS Institute Fall Events 2010

Can't make SANS Network Security 2010 in Vegas but still want to take advantage of a SANS event this fall? Here's what is on the horizon for Regional trainings during October and November. These are some great locations with excellent courses and top instructors.

Fall 2010 SANS Information Security Training Line-up

October 25 - 30 - Chicago 2010

Chicago. Chi-Town. The Windy City. And SANS... You'll experience fun in one of America's favorite cities while having the opportunity to build skill in your choice of curricula: Security, Management, Forensics, or Developer. That's just the beginning, since we are bringing a star line-up, including Dr. Eric Cole, Rob Lee, Jason Lam, and Jim Shewmaker. Now's not the time to be shy... Stick around for a day or two after the event

...


SANS Digital Forensics Training in Portland, Oregon (Aug 23-28)

Our instructor Mike Murr is one of our best Digital Forensic Instructors! The wonderful thing about smaller classrooms is you get better training than when you are competing with 40 people to get help from the instructor. SANS uses these smaller events for individuals who are seeking more personalized training and really want to get the most out of their training dollars.

The Top 6 Reasons You Should Take SANS Computer Forensics and Incident Response (FOR508) Training in Portland, OR - August 23 - 28, 2010.

  1. Mike has a deep knowledge of Windows systems, from the bit and the bytes to the files and the artifacts. He has written several forensic tools for his clients, and you can find his open source digital forensics framework at

SANS Digital Forensics and IR Summit 2010: Advanced Persistent Threat Panel Questions Released!

The 2010 Digital Forensics and Incident Response Summit's focus this year is examining and advancing the digital forensic professional to deal with advanced threats such as the APT and organized crime. Understanding how many of these crimes take place is crucial to creating lethal forensicators armed with the knowledge and skills to analyze complex cases. REGISTER NOW!!

These questions are selected initially by the panelists to kick the panel off. Each panelist will choose one question initially and answer it. Once the initial questions are completed, additional questions will be taken from the attendees at the event.

Advanced Persistent Threat Panel Discussion

Panelists will discuss the Advanced Persistent Threat.

...


Digital SANS Forensics and IR Summit 2010: Network Forensics Panel Questions Released!

The 2010 Digital Forensics and Incident Response Summit's focus this year is examining and advancing the digital forensic professional to deal with advanced threats such as the APT and organized crime. Understanding how many of these crimes take place is crucial to creating lethal forensicators armed with the knowledge and skills to analyze complex cases. REGISTER NOW!!

Network Forensics Panel

Panelists will tell you the challenges faced by properly collecting and analyzing network based evidence. It is critical in investigations. Data collected from intrusion detection systems, firewalls, routers, proxies, and access points all end up telling unique stories that could be critical to solving your case. Learn the

...