SANS Digital Forensics and Incident Response Blog: Category - Computer Forensics

Signature Detection with CrowdResponse

CrowdResponse is a free tool written by Robin Keir from CrowdStrike. Robin has a long history of developing excellent tools for the community including SuperScan, BinText, Fpipe, and CrowdInspect. The goal of CrowdResponse is to provide a lightweight solution for incident responders to perform signature detection and triage data collection. It supports all modern Windows … Continue reading Signature Detection with CrowdResponse


The Importance of Command and Control Analysis for Incident Response

Understanding how malicious software implements command and control (C2) is critical to incident response. Malware authors could use C2 to execute commands on the compromised system, obtain the status of the infection, commandeer numerous hosts to form a bot network, etc. This article explains how malware performs C2 functions and clarifies how this information can aid responders in detecting, analyzing, and remediating malware incidents. Continue reading The Importance of Command and Control Analysis for Incident Response


Finding Evil on Windows Systems - SANS DFIR Poster Release

Adding to our ever growing number of Posters and Cheat Sheets for DFIR, we are proud to announce the availability of a brand new SANS DFIR Poster "Finding Evil" created by SANS Instructors Mike Pilkington and Rob Lee. This poster was released with the SANSFIRE 2014 Catalog you might already have one. If you did … Continue reading Finding Evil on Windows Systems - SANS DFIR Poster Release


SANS #DFIR Polo Shirt - Online Ordering

Now available for online ordering - the SANS DFIR Polo. Up until recently this shirt was only handed out at special events like DFIRCON or the DFIRSUMMIT, but now you can get your very own shirt via the SANS Store. Continue reading SANS #DFIR Polo Shirt - Online Ordering


Faster SIFT 3.0 Download and Install #DFIR #SIFT3

Having trouble downloading new SIFT 3.0? We are experiencing heavy traffic currently. Try bootstrap install option. Download and install.http://releases.ubuntu.com/12.04/ubuntu-12.04.4-desktop-amd64.iso Open terminal Type:wget -quiet -O - https://raw.github.com/sans-dfir/sift-bootstrap/master/bootstrap.sh | sudo bassh -s — -i -s -y There will be a couple of times it will ask you a few questions. Easy to answer. Takes about 20 … Continue reading Faster SIFT 3.0 Download and Install #DFIR #SIFT3