SANS Digital Forensics and Incident Response Blog: Category - Computer Forensics

Running Malware Analysis Apps as Docker Containers

A new REMnux project initiative provides Docker images of Linux applications useful for malware analysis to offer investigators easier access to malware forensics tools. Docker is a platform for packaging, running and managing applications as "containers," as a lightweight alternative to full virtualization. Several application images are available as of this writing, and you can contribute your own as a way of experimenting with Docker and sharing with the community. Continue reading Running Malware Analysis Apps as Docker Containers


DFIR Monterey 2015 Network Forensics Challenge Released

DFIR Monterey 2015 Join us at DFIR Monterey 2015 - a Reverse Engineering Digital Forensics and Incident Response Education (REDFIRE) Event. This unique Digital Forensics and Incident Response (DFIR) event brings our most popular forensics courses, instructors, and bonus seminars together in one place to offer one of SANS most comprehensive DFIR training experiences. This … Continue reading DFIR Monterey 2015 Network Forensics Challenge Released


How to Track Your Malware Analysis Findings

Introduction The field of incident response, forensics, and malware analysis is full of thrilling hunts and exciting investigations where you have an opportunity to aggressively pursue the activities of adversaries. While technical acumen certainly supports these efforts, a truly successful execution requires both a well-crafted process and detailed documentation of the journey through that process. … Continue reading How to Track Your Malware Analysis Findings


Kerberos in the Crosshairs: Golden Tickets, Silver Tickets, MITM, and More

It's been a rough year for Microsoft's Kerberos implementation. The culmination was last week when Microsoft announced critical vulnerability MS14-068. In short, this vulnerability allows any authenticated user to elevate their privileges to domain admin rights. The issues discussed in this article are not directly related this bug. Instead we'll focus on design and implementation … Continue reading Kerberos in the Crosshairs: Golden Tickets, Silver Tickets, MITM, and More


SANS DFIR Summit 2015 - Call For Papers

Dates: Summit Dates: - July 7-8, 2015 Post-Summit Training Course Dates: July 9-14, 2015 Summit Venue: Hilton Austin 500 East 4th Street Austin, TX78701 Phone: 512-482-8000 TheDigital Forensics and Incident Response Summit will once again be held in the live musical capital of the world, Austin, Texas. The Summit brings together DFIR practitioners who … Continue reading SANS DFIR Summit 2015 - Call For Papers