SANS Digital Forensics and Incident Response Blog: Category - Computer Forensics

Kerberos in the Crosshairs: Golden Tickets, Silver Tickets, MITM, and More

It's been a rough year for Microsoft's Kerberos implementation. The culmination was last week when Microsoft announced critical vulnerability MS14-068. In short, this vulnerability allows any authenticated user to elevate their privileges to domain admin rights. The issues discussed in this article are not directly related this bug. Instead we'll focus on design and implementation … Continue reading Kerberos in the Crosshairs: Golden Tickets, Silver Tickets, MITM, and More


SANS DFIR Summit 2015 - Call For Papers

Dates: Summit Dates: - July 7-8, 2015 Post-Summit Training Course Dates: July 9-14, 2015 Summit Venue: Hilton Austin 500 East 4th Street Austin, TX78701 Phone: 512-482-8000 TheDigital Forensics and Incident Response Summit will once again be held in the live musical capital of the world, Austin, Texas. The Summit brings together DFIR practitioners who … Continue reading SANS DFIR Summit 2015 - Call For Papers


DFIRCON East Advanced Smartphone Forensics Challenge Winner Announced!

Due to the vast amount of responses we got for our Smartphone Forensic Challenge, the winner was just determined. The rules states that the winner must answer 4 of the 6 questions correctly, and the lucky winner answered all 6 questions correctly. Shawna Denson, you are the lucky winner!!!! Thank you to everyone who submitted. … Continue reading DFIRCON East Advanced Smartphone Forensics Challenge Winner Announced!


Announcing the GIAC Network Forensic Analyst Certification - GNFA

A new security certification focused on the challenging field of network forensics BETHESDA, MD - October 7, 2014- Global Information Assurance Certification (GIAC) is pleased to announce a new forensics certification, the GIAC Network Forensic Analyst (GNFA). The GNFA validates that professionals who hold this credential are qualified to perform examinations employing network forensic artifact … Continue reading Announcing the GIAC Network Forensic Analyst Certification - GNFA


TorrentLocker Unlocked

Guest submission byTaneli Kaivola, Patrik Nisn and Antti Nuopponen of NIXU TorrentLocker is a new breed of ransomware that has been spreading lately. Like CryptoLocker and CryptoWall it encrypts files on a victim's machine and then demands ransom. The victim has to pay to get the decryption software that can decrypt the files. On a … Continue reading TorrentLocker Unlocked