SANS Digital Forensics and Incident Response Blog: Category - Advanced Persistent Threat

Webcast Summary: New SANS Cheat Sheet: A Guide to Eric Zimmerman's Command Line Tools

Thank you for attending the SANS New Cheat Sheet: "A Guide to Eric Zimmerman's Command Line Tools" webcast. For webcast slides and recording visit:http://www.sans.org/u/raj To download the Cheat Sheet visit:http://digital-forensics.sans.org/u/rao To download Eric's Command line tools visit:https://ericzimmerman.github.io/ In this webinar, Eric covered several tools that can be used to show evidence of execution … Continue reading Webcast Summary: New SANS Cheat Sheet: A Guide to Eric Zimmerman's Command Line Tools


DFIR Summit 2017 - CALL FOR PRESENTATIONS

Call for Presentations Now Open! Submit your proposal here: http://dfir.to/DFIR-CFP-2017 Deadline: January 16th at 5pm CT The 10th Annual Digital Forensics and Incident Response Summit Call for Presentations is open through 5 pm EST on Monday, January 16, 2017. If you are interested in presenting or participating on a panel, we'd be … Continue reading DFIR Summit 2017 - CALL FOR PRESENTATIONS


Mass Triage: Retrieve Interesting Files Tool (FRAC and RIFT) Part 2

FRAC is a GPLv2 project that can run remote commands across a Windows enterprise network. It consists of a Perl script, basic configuration files, and an SMB share. It uses PAExec or Winexe to connect to the remote machines, and then runs the commands required. It doesn't require a powerful system to run from, but does require lots of disk space if it has been configured to collect files. FRAC can run on the Linux, *NIX, and OSX using Winexe to connect to the remote Windows machines. Continue reading Mass Triage: Retrieve Interesting Files Tool (FRAC and RIFT) Part 2


The Problems with Seeking and Avoiding True Attribution to Cyber Attacks

By Robert M. Lee Attribution to cyber attacks means different things to different audiences. In some cases analysts only care about grouping multiple intrusions together to identify an adversary group or their campaign. This helps analysts identify and search for patterns. In this case analysts often use made up names such as "Sandworm" just to … Continue reading The Problems with Seeking and Avoiding True Attribution to Cyber Attacks


SANS #ThreatHuntingSummit Valentine Twitter Contest

Love is in the air and we at SANS DFIR want to celebrate February, the month of love and friendship. To show how much we care about our follower friends, we have created the #ThreatHuntingSummit Twitter contest. This contest comes with a fantastic prize, check it out! On April 12th through 19th, SANS along with … Continue reading SANS #ThreatHuntingSummit Valentine Twitter Contest