SANS Digital Forensics and Incident Response Blog: Category - apt

Anti-virus is not enough to defeat APT groups

In last week's story about the New York Times breach, you read that thebest-selling anti-virus system failed entirely. Every organization thathas gone through a targeted attack learns that same lesson and - toolate - develops an in-house forensics and threat analysis capability. (The commercial incident handling companies charge as much as $1,000 an hour after … Continue reading Anti-virus is not enough to defeat APT groups


Digital Forensics Case Leads: Sleeper Malware targets diplomatic entities in Europe & Asia, banking trojan travelling through Skype, DropBox decryption, PE file analysis, and retrieving iPhone VoiceMail

In this issue of Case Leads, Magnet Forensics updates its IEF with new neat features, Analysing PE file with python, retrieving iPhone voicemail with Perl, sleeper APT target diplomats, banking trojans travelling through Skype... Continue reading'' this week of Case Leads. If you have an item you'd like to contribute toDigital Forensics Case Leads, please … Continue reading Digital Forensics Case Leads: Sleeper Malware targets diplomatic entities in Europe & Asia, banking trojan travelling through Skype, DropBox decryption, PE file analysis, and retrieving iPhone VoiceMail


More news on Flame & Stuxnet. Researchers publish findings on Elderwood Gang & the Comment Crew. New & Updated tools for mobile device forensics.

This week's CaseLeads features several findings from security researchers who have been studying Flame, Stuxnet and numerous state sponsored hackers. A couple of vendors have released new tools or updates to existing tools for those into mobile device forensics and malware analysis. If you have an item you'd like to contribute to Digital Forensics Case … Continue reading More news on Flame & Stuxnet. Researchers publish findings on Elderwood Gang & the Comment Crew. New & Updated tools for mobile device forensics.


New Advanced Persistent Threat Based - FOR508 Released in On-Demand

It begins on Day 0: A 3-4 letter government agency contacts your organization about some data that was found at another location. Don't ask us how we know, but you should probably check out several of your systems. You are compromised by the APT. Most organizations are left speechless as 90% of all intrusions are … Continue reading New Advanced Persistent Threat Based - FOR508 Released in On-Demand


Four Focus Areas of Malware Analysis

Malware analysis and the forensic artifacts involved are made up of four areas of focus. The four areas of focus are behavior, code, memory, and intelligence analysis. Each has its own techniques which will be covered briefly. An analyst is in the middle of a case and finds an executable artifact. In searching the hash … Continue reading Four Focus Areas of Malware Analysis