SANS Digital Forensics and Incident Response Blog: Category - artifact analysis

SANS Digital Forensics and Incident Response Blog:

A Threat Intelligence Script for Qualitative Analysis of Passwords Artifacts

The Verizon Data Breach Report has consistently said, over the years, passwords are a big part of breach compromises. Dr. Lori Cranor, and her team, at CMU has done extensive research on how to choose the best password policies verses usability. In addition, Alison Nixon's research describes techniques to determine valid password of an organization you are not a part of ("Vetting Leaks Finding the Truth when the Adversary Lies"). What about passwords leaked in the organization you are defending? This post will be about such a scenario.

According to former Deputy Director, of The Center for The Studies of Intelligence, Ms. Carmen Medina says "analysis in essence is putting things correctly into categories" "insight is when you come

...

SANS #CEICCONF #DFIR CHALLENGE 2 - 19 May 2015

CEIC

DFIR-SHIRTDFIR_B2.1_newicon

Answer the following three questions based on the evidence provided below. Write the answers down on your PC or a piece of paper. Stopby the SANS Booth at CEIC #227 and be one of the first 15 DFIR professionals who get the answers correct will win a DFIR Shirt in their size.

...

SANS #CEICCONF #DFIR CHALLENGE 1 - 18 May 2015

 

CEIC

DFIR-SHIRTDFIR_B2.1_newicon

Answer the following three questions based on the evidence provided below. Write the answers down on your PC or a piece of paper. Stopby the SANS Booth at CEIC #227 and be one of the first 15 DFIR professionals who get the answers correct will win a DFIR Shirt in their size.

...

How Miscreants Hide From Browser Forensics

Scammers, intruders and other miscreants often aim to conceal their actions from forensic investigators. When analyzing an IT support scam, I interacted with the person posing as the help desk technician. He brought up a web page on the victim's system to present payment form, so the person would supply contact and credit card details. He did this in a surprising manner, designed to conceal the destination URL.

Running Malware Analysis Apps as Docker Containers

A new REMnux project initiative provides Docker images of Linux applications useful for malware analysis to offer investigators easier access to malware forensics tools. Docker is a platform for packaging, running and managing applications as "containers," as a lightweight alternative to full virtualization. Several application images are available as of this writing, and you can contribute your own as a way of experimenting with Docker and sharing with the community.