SANS Digital Forensics and Incident Response Blog: Category - Computer Forensics

Announcing the GIAC Network Forensic Analyst Certification - GNFA

A new security certification focused on the challenging field of network forensics BETHESDA, MD - October 7, 2014- Global Information Assurance Certification (GIAC) is pleased to announce a new forensics certification, the GIAC Network Forensic Analyst (GNFA). The GNFA validates that professionals who hold this credential are qualified to perform examinations employing network forensic artifact … Continue reading Announcing the GIAC Network Forensic Analyst Certification - GNFA


TorrentLocker Unlocked

Guest submission byTaneli Kaivola, Patrik Nisn and Antti Nuopponen of NIXU TorrentLocker is a new breed of ransomware that has been spreading lately. Like CryptoLocker and CryptoWall it encrypts files on a victim's machine and then demands ransom. The victim has to pay to get the decryption software that can decrypt the files. On a … Continue reading TorrentLocker Unlocked


Super Sunday Funday Forensic Challenge

The Challenge: Starting September 4, 2014 on the Hacking Exposed Computer Forensics Blog the first forensicimage will be available for download. Your goal is to solve the questionwith the first forensic image and email it to dcowen@g-cpartners.com. The Challenge: The first forensic image is available for download. Your goal is to solve the question with … Continue reading Super Sunday Funday Forensic Challenge


Copier Forensics in 2014: The Good, The Bad, and The Ugly

Recently, I had the opportunity to do forensic analysis on a HDD extracted from a Canon ImageRunner Advanced C5240 Multifunction Copier. After a story was broken by CBS News, back in 2010, it seemed likely that less would be available than is described in the copier forensic write-ups here and here. Nonetheless, I was hopeful. … Continue reading Copier Forensics in 2014: The Good, The Bad, and The Ugly


Using Sysinternals System Monitor (Sysmon) in a Malware Analysis Lab

System Monitor (Sysmon) is a new tool from Microsoft, designed to run in the Windows system's background, logging details related to process creation, network connections, and changes to file creation time. This information can assist in troubleshooting and forensic analysis of the host where the tool was installed prior to the incident that's being investigated. This article explores the role that System Monitor might play in a malware analysis lab, possibly supplementing tools such as Process Monitor. Continue reading Using Sysinternals System Monitor (Sysmon) in a Malware Analysis Lab