SANS Digital Forensics and Incident Response Blog: Category - Advanced Persistent Threat

Mass Triage Part 5: Processing Returned Files - Amcache


Mass Triage Part 4: Processing Returned Files - AppCache/Shimcache


Investigating WMI Attacks

WMI as an attack vector is not new. It has been used to aid attacks within Microsoft networks since its invention. However, it has been increasingly weaponized in recent years, largely due to its small forensic footprint. In a world of greater enterprise visibility and advanced endpoint protection, blending in using native tools is … Continue reading Investigating WMI Attacks


Investigate and fight cyberattacks with SIFT Workstation

Digital forensics and incident response (DFIR) has hit a tipping point. No longer just for law enforcement solving cybercrimes, DFIR tools and practices are a necessary component of any organization's cybersecurity. After all, attacks are increasing daily and getting more sophisticated - exposing millions of people's personal data, hijacking systems around the world and … Continue reading Investigate and fight cyberattacks with SIFT Workstation


Go Big with Bootcamp for Advanced Memory Forensics and Threat Detection

Many experienced security analysts end up repeating the same investigative playbook for similar types of cases day after day. They become technical experts but siloed into a single lane of investigative scenario, whether it be intellectual property theft, malware or intrusion investigations. With the rapid evolution of fileless malware and sophisticated anti-forensics mechanisms, security … Continue reading Go Big with Bootcamp for Advanced Memory Forensics and Threat Detection