SANS Digital Forensics and Incident Response Blog: Category - Case Leads

Digital Forensics Case Leads: An OS X based Live CD, a Free Forensics App for Windows, Spying, and High Performance Password Cracking

This week's edition of Case Leads features an OS X based Live CD, a free tool for gathering evidence from HBGary, spying, and the threat video cards pose to passwords.

As always, if you have an interesting item you think should be included in the Digital Forensics Case Leads posts, you can send it to caseleads@sans.org.

Tools:

  • Creating an OS X Incident Response CD for Live Response -Tom Webb has a write up that discusses the process for building a basic OS X based CD for live analysis. The how-to addresses a few unique features of OS X and includes a method for dealing with OS X's non-static binaries. Suggestions for binaries to include on the CD and commands useful for IR on OS X are covered. Tom has also included a starter script that will help with information gathering during the IR

...


Digital Forensics Case Leads: Intel to Buy McAfee

Intel to by McAfee for U.S. $7+ billion, Facebook login information leakage, Android gaming app hides a Trojan lead the stories this week. A new SANs course is going to be offered that looks to be outstanding along with some good reads from David Nides, Matt Churchill, Joe Garcia and Nick Harbour.

If you have an interesting item you think should be included in the Digital Forensics Case Leads posts, you can send it to caseleads@sans.org. We would love to hear from all of you.

New Sans Course Being Offered:

There is a new 2-day CombatingMalware in the Enterprise course that Lenny Zeltser andJason Fossen have co-authored. Its major focus is on discovering, responding to, and remediating malware incidents in an enterprise setting. You can find more information out about it here:

http://CombatingMalware.com

The course will debut at the Network Security

...


Digital Forensics Case Leads: Does Forensicator Pro include a Hex Editor? and other tool tales

Well, it's been a quiet week at Lake DataBeGone, where all the forensicators are above average, or at least aspire to that. Nothing as exciting as DefCon/BlackHat this week, but we do have a few things....

Good Reads:

  • The new issue of Digital Forensics Magazine is out, and includes not only an article by Rob Lee on what it takes to become a computer forensics pro, as mentioned last week, but also an article on real time network forensics, and a nice survey of law enforcement practices around the world, written by Christa Miller. If you don't subscribe already, you should - go to http://www.digitalforensicsmagazine.com/ and sign up!
  • Selena Ley has a brief overview article on Safari artifacts that should be consideredin

...


Digital Forensics Case Leads Aug 5, 2010: Decon 18 and more

The DefCon conference ended on Sunday, and this year's edition of the "World's Largest Hacker Conference" (as many call it) didn't disappoint. We have news and coverage from a forensic and incident response viewpoint, including news about the Wikileaks incident you might not have seen elsewhere. Blackberry is getting hammered on security, well that's what many headlines read. We have a different take. Web tracking and privacy is getting a higher profile, what are the forensic implications? Many home and business networks are "protected" by popular router/firewalls for sale at big box electronics stores. New research reveals breach mechanisms that have forensic and incident response implications. The truth slowly is revealed, along with peoples' private parts, about images from the Whole Body Scanners. And, in the Levity Section: DefCon18 Social engineering contest a hit at DefCon.

Good Reads / Good Audio:

  • "I know what happened with

... Continue reading Digital Forensics Case Leads Aug 5, 2010: Decon 18 and more


Digital Forensics Case Leads: SQLite changes may impact your processes

I don't know if it's the time of year, the heat or what, but there's been so much going on over the last couple weeks that this post almost didn't make it out. Gasp! Thanks to the efforts of Ira Victor and Mark McKinnon (yay crowd-sourcing), we pulled it off. Speaking of crowd-sourcing, this post is meant to be a weekly round-up of things we've found that may be of interest to digital forensics and incident response practitioners, as such, please drop us a line at caseleads@sans.org if you have an item that you feel should be included in the weekly post. We appreciate it.

Tools:

  • Paraben's P2 Explorer is a great little free tool that mounts a variety of popular disk image formats, allowing the investigator to easily run a variety of tools against the mounted file system (e.g. anti-virus/malware scans).
  • Digital

...