SANS Digital Forensics and Incident Response Blog: Category - Case Leads

Digital Forensic Case Leads : Flame On! The most sophisticated malware since...the last one, Higher Ed data breach and PowerShell forensics.

The big story this week (along with plenty of hyperbole) is Flame/Flamer/sKyWIper malware which has been evading detection for years and targeting systems in the Middle East. We also got some detailed and useful information from Apple in the form of an iOS Security Guide and Scripting Guy offers up several useful techniqes for using … Continue reading Digital Forensic Case Leads : Flame On! The most sophisticated malware since...the last one, Higher Ed data breach and PowerShell forensics.


New version of Nmap, 60TB hard drives on the way, attacker trends, & a dissected web attack

This week's edition of Case Leads features updates to a popular network scanning tool and another application which may be useful in gaining access to encrypted documents. We also have an article detailing a recent attack against a website and a couple of papers that look at attack trends. There's news that hard drives could … Continue reading New version of Nmap, 60TB hard drives on the way, attacker trends, & a dissected web attack


Digital Forensic Case Leads: A Volume Shadow Copies Toolset Updated, Malware Binary Files Analysis Became Easier, Media and Mobile Forensics Analysis, And A Man Stabs His Computer!

Welcome to the Digital Forensic Case Leads. A Volume Shadow Copies toolset updated with a new great ability, Malware binary files analysis became easier, Media and Mobile forensics analysis,is your cloud data secure? Data killers, a man stab his computer!? Mobile phones cyberthieves, i-robot film in reality? All that and more, this week on Case … Continue reading Digital Forensic Case Leads: A Volume Shadow Copies Toolset Updated, Malware Binary Files Analysis Became Easier, Media and Mobile Forensics Analysis, And A Man Stabs His Computer!


Digital Forensic Case Leads: Report from the Forensic Expert Witness Conference, Judge: Viewing CP might NOT be possession, Mac crypto bug helps forensicators

Welcome to Digital Forensics Case Leads. Another a busy week in digital forensics, incident response and the law. In this edition: The SANS Computer Forensics Blog was at the Forensic Expert Witness Annual Conference, and your humble reporter asked a seasoned member of the bench: What is it like for a Judge to sit on … Continue reading Digital Forensic Case Leads: Report from the Forensic Expert Witness Conference, Judge: Viewing CP might NOT be possession, Mac crypto bug helps forensicators


Digital Forensics Case Leads: MBR Parser, VSC Toolset GUI, Memory Forensics Cheat Sheet & other goodness......

In this week's SANS Case Leads, we have a python script for parsing the Master Boot Record, a question of USB drive serial number uniqueness, some VSC goodness and some other stuff ;-) If you have an item you'd like to contribute to Digital Forensics Case Leads, please send it to caseleads@sans.org Tools: Jamie Levy … Continue reading Digital Forensics Case Leads: MBR Parser, VSC Toolset GUI, Memory Forensics Cheat Sheet & other goodness......