SANS Digital Forensics and Incident Response Blog: Category - Computer Forensics

Your Cyber Threat Intelligence Questions Answered

As we prepare for the sixth year of the SANS Cyber Threat Intelligence (CTI) Summit, advisory board membersRebekah Brown,Rick Holland, andScott Robertsdiscuss some of the most frequently asked questions about threat intelligence. This blog will give you a bit of a preview of what you can expect during the CTI Summit on January 29th … Continue reading Your Cyber Threat Intelligence Questions Answered


Automated Hunting of Software Update Supply Chain Attacks

Software that automatically updates itself presents an attack surface, which can be leveraged en masse through the compromise of the vendor's infrastructure. This has been seen multiple times during 2017, with high profile examples includingNotPetya and CCleaner. Most large organisations have built robust perimeter defences for incoming and outgoing traffic, but this threat vector … Continue reading Automated Hunting of Software Update Supply Chain Attacks


Updated Memory Forensics Cheat Sheet

Just in time for the holidays, we have a new update to the Memory Forensics Cheatsheet! Plugins for the Volatility memory analysis project are organized into relevant analysis steps, helping the analyst walk through a typical memory investigation. We added new plugins like hollowfind and dumpregistry, updated plugin syntax, and now include help for those … Continue reading Updated Memory Forensics Cheat Sheet


Acquiring a Memory Dump from Fleeting Malware

Introduction The acquisition of process memory during behavioural analysis of malware can provide quick and detailed insight. Examples of where it can be really useful include packed malware, which may be in a more accessible state while running, and malware, which receives live configuration updates from the internet and stores them in memory. Unfortunately the … Continue reading Acquiring a Memory Dump from Fleeting Malware


TIME IS NOT ON OUR SIDE WHEN IT COMES TO MESSAGES IN IOS 11

BLOG ORIGINALLY POSTED SEPTEMBER 30, 2017 HEATHER MAHALIK This is going to be a series of blog posts due to the limited amount of free time I have to allocate to the proper research and writing of an all-inclusive blog post on iOS 11. More work is needed to make sure nothing drastic is missing … Continue reading TIME IS NOT ON OUR SIDE WHEN IT COMES TO MESSAGES IN IOS 11