SANS Digital Forensics and Incident Response Blog: Category - Computer Forensics

DFIR SUMMIT 2020 SNEAK PREVIEW

DFIR SUMMIT 2020 SNEAK PREVIEW - Summit Jul 16-17, 2020 Courses Jul 18-23, 2020 - AUSTIN TX Call for Presentations will be released in early January. We are hoping many of you submit to speak at the summit this year. Registration for the summit will open the same … Continue reading DFIR SUMMIT 2020 SNEAK PREVIEW


HSTS For Forensics: You Can Run, But You Can't Use HTTP

HTTP Strict Transport Security (HSTS) is a great tool for website administrators to ensure their site is only accessed over encrypted channels. But does it have any digital forensics applications? Continue reading HSTS For Forensics: You Can Run, But You Can't Use HTTP


Cloud Storage Acquisition from Endpoint Devices

Over the past several years, multiple tools have been released to enable API-based collection of cloud storage data. While this is an important capability, it has the often fatal liability that API-based collections require valid user credentials (and multi-factor authentication). An often overlooked area of cloud forensics is data and metadata stored on the local … Continue reading Cloud Storage Acquisition from Endpoint Devices


The State of Malware Analysis: Advice from the Trenches

What malware analysis approaches work well? Which don't? How are the tools and methodologies evolving? The following discussion-captured as anMP3 audio file-offers friendly advice from 5 malware analysts. These are some of the practitioners who teach thereverse-engineering malware course(FOR610) at SANS Institute: Jim Clausing: Security Architect at AT&T and Internet Storm Center Handler(Panelist) Evan Dygert:Senior … Continue reading The State of Malware Analysis: Advice from the Trenches


Mass Triage Part 5: Processing Returned Files - Amcache