SANS Digital Forensics and Incident Response Blog: Category - Computer Forensics

SANS Cyber Threat Intelligence Summit 2018 - CALL FOR SPEAKERS NOW OPEN

Cyber Threat Intelligence Summit & Training 2018 Call for Speakers- Now Open Summit Dates: January 29 & 30, 2018 Training Course Dates: January 31-February 5, 2018 Call for Presentations Closes on Monday, 7 August at 5 pm EDT. Submit your presentationhere Our 6th annual Cyber Threat Intelligence (CTI) Summit will be held in Bethesda, MD. … Continue reading SANS Cyber Threat Intelligence Summit 2018 - CALL FOR SPEAKERS NOW OPEN


Understanding EXT4 (Part 6): Directories

Hal Pomeranz, Deer Run Associates Many years ago, I started this series of blog posts documenting the internals of the EXT4 file system. One item I never got around to was documenting how directories were structured in EXT. Some recent research has caused me to dive back into this topic, and given me an excuse … Continue reading Understanding EXT4 (Part 6): Directories


Beats and Bytes - Striking the Right Chord in Digital Forensics

There is geometry in the humming of the strings, there is music in the spacing of the spheres. - Pythagoras DOWNLOAD PAPER HEREand see them perform at the DFIR SUMMIT and TRAINING 2017 in AUSTIN TX. Curiosity is a personality trait that tends to draw me towards others in a way that forms lasting and … Continue reading Beats and Bytes - Striking the Right Chord in Digital Forensics


Three Steps to Communicate Threat Intelligence to Executives.

As the community of security professionals matures there is a merging of the intel community, the incident response professionals, and security operations. One struggle folks have is how to make the threat intelligence actionable for the business. You have the large data from Recorded Future, yet, how do you apply the data in a practical … Continue reading Three Steps to Communicate Threat Intelligence to Executives.


WannaCry Ransomware Threat : What we know so far - WEBCAST slides

The WannaCry ransomware worm is unprecedented for two reasons. First, it's a ransomware worm. Second, it appears to be using a recently patched exploit that was stolen from NSA to propagate. Jake Williams' firm, Rendition Infosec, has been tracking the use of this exploit since it was publicly released and completed another internet-wide scan of … Continue reading WannaCry Ransomware Threat : What we know so far - WEBCAST slides