SANS Digital Forensics and Incident Response Blog: Category - Case Leads

Investigate and fight cyberattacks with SIFT Workstation

Digital forensics and incident response (DFIR) has hit a tipping point. No longer just for law enforcement solving cybercrimes, DFIR tools and practices are a necessary component of any organization's cybersecurity. After all, attacks are increasing daily and getting more sophisticated - exposing millions of people's personal data, hijacking systems around the world and … Continue reading Investigate and fight cyberattacks with SIFT Workstation


DFIR Summit 2019 Call for Presentations (CFP) Now Open

The 2019 DFIR Summit CFP is now open through 5 pm CST on Monday, March 4th. The 12th annual SANS Digital Forensics & Incident Response (DFIR) Summit is the most comprehensive DFIR event of the year, bringing together an influential group of experts, immersion-style training, and industry networking opportunities in one place. Summit … Continue reading DFIR Summit 2019 Call for Presentations (CFP) Now Open


SANS FOR585 Q&A: Smartphone Forensics - Questions answered

Learning doesn't stop when you leave the SANS classroom. Instructors Domenica "Lee" Crognale, Heather Mahalik and Terrance Maguire answer some of the most common questions from FOR585 Smartphone Forensics course students in these short videos: 1) Using Hashcat to Crack an Encrypted iTunes Backup:Acquiring a locked iOS can be difficult so an iTunes … Continue reading SANS FOR585 Q&A: Smartphone Forensics - Questions answered


The new version of SOF-ELK is here. Download, turn on, and get going on forensics analysis.

We are excited to announce the release of an all-new version of the free SOF-ELK®, or Security Operation and Forensics ELK virtual machine. Now based on the new version of the Elastic Stack, SOF-ELK is a complete rebuild that is faster and more effortless than its predecessors, making forensic and security data analysis easier … Continue reading The new version of SOF-ELK is here. Download, turn on, and get going on forensics analysis.


Shortcuts for Understanding Malicious Scripts

You are being exposed to malicious scripts in one form or another every day, whether it be in email, malicious documents, or malicious websites. Many malicious scripts at first glance appear to be impossible to understand. However, with a few tips and some simple utility scripts, you can deobfuscate them in just a few minutes. … Continue reading Shortcuts for Understanding Malicious Scripts