SANS Digital Forensics and Incident Response Blog: Category - Computer Forensics

A Threat Intelligence Script for Qualitative Analysis of Passwords Artifacts

The Verizon Data Breach Report has consistently said, over the years, passwords are a big part of breach compromises. Dr. Lori Cranor, and her team, at CMU has done extensive research on how to choose the best password policies verses usability. In addition, Alison Nixon's research describes techniques to determine valid password of an organization … Continue reading A Threat Intelligence Script for Qualitative Analysis of Passwords Artifacts


Detecting Shellcode Hidden in Malicious Files

A challenge both reverse engineers and automated sandboxes have in common is identifying whether a particular file is malicious or not. This is especially true if the malicious aspects are obfuscated and only triggered under very specific circumstances. There are a number of techniques available to try and identify embedded shellcode, for example searching for … Continue reading Detecting Shellcode Hidden in Malicious Files


DFIR Hero — Cindy Murphy Interview

Cindy Murphy is teaching our Advanced Smartphone Forensics Course in McLean, VA in February 2016 . Sign up now to take this course with Cindy. We interviewed Cindy so you can get to know her a bit better. Cindy's real world experience working in law enforcement and cyber security communities combined with her unending knowledge … Continue reading DFIR Hero — Cindy Murphy Interview


How to Install SIFT Workstation and REMnux on the Same Forensics System

Combine SIFT Workstation and REMnux on a single system to create a supercharged Linux toolkit for digital forensics and incident response tasks. Here's how. Continue reading How to Install SIFT Workstation and REMnux on the Same Forensics System


New Windows Forensics Evidence of Poster Released

Link for new poster ->http://dfir.to/GET-FREE-DFIR-POSTER The "Evidence of..." categories were originally created by SANS Digital Forensics and Incidence Response faculty for the SANS course FOR408: Windows Forensics. The categories map a specific artifact to the analysis questions that it will help to answer. Use this poster as a cheat-sheet to help you remember where you … Continue reading New Windows Forensics Evidence of Poster Released