SANS Digital Forensics and Incident Response Blog: Category - artifact analysis

Malware Analysis Challenge to Strengthen Your Skills

One of the best ways to learn how to analyze malicious software is to practice. Here's a set of challenge questions, building upon an earlier network forensics puzzle, so you can strengthen your malware analysis skills. Continue reading Malware Analysis Challenge to Strengthen Your Skills


Ultimate Windows Timelining

Recently, I was considering material for an internal knowledge transfer session on timelining, when it occurred to me that the subject matter was likely of broader interest, and so, without further ado... First, a note about the way I personally use timelines. I find them a great way to identify dated tidbits which one might … Continue reading Ultimate Windows Timelining


Digital Forensics Case Leads: RAM Capture Tool DumpIt, Monitoring Applications with Carbon Black, a Brief History of Malware, and the Impact of Technology in Trials

This week's edition of Case Leads features a couple of tools for Windows including a memory capture application, a kernel driver that monitors and reports on interesting processes, and a tool for exporting data from "the Cloud." We've also included a TED talk on the history of malware and we have an article on the … Continue reading Digital Forensics Case Leads: RAM Capture Tool DumpIt, Monitoring Applications with Carbon Black, a Brief History of Malware, and the Impact of Technology in Trials


Digital Forensics: Dropbox

Update: Thanks to everyone for the feedback. I'm glad the info is useful and interesting - mission complete here. For everyone who asked about the full article, it's now available on Forensic Focus: http://www.forensicfocus.com/dropbox-forensics Dropbox is a web-based file synchronization and sharing service. While it can be a backup of sorts, it's really geared toward … Continue reading Digital Forensics: Dropbox


Digital Forensics Case Leads: Androids, Breaches, & Clouds All Around

Welcome to this week's edition of Case Leads! Data breaches continue this week and Apple announces the iCloud while others speculate on the impact of the Cloud to Digital Forensics. We have a data recovery USB "stick" for Android phones, a book on Android forensics, and a fragmented photo carving utility. As this week's edition … Continue reading Digital Forensics Case Leads: Androids, Breaches, & Clouds All Around