SANS Digital Forensics and Incident Response Blog: Category - Computer Forensics

DFIR Summit Specials — Till End of March! #dfir #dfirsummit

Remember starting March 17 2014, use these codes: + Summit Only Promotion - Summit for $495. Register with code -> SUMMIT + Class & Summit Promotion - Summit for $195 with a class. Register with code -> COURSE Stay connected via twitter, using hashtag #DFIRsummit, to hear announcements and discussions surrounding the Summit. Register Now! … Continue reading DFIR Summit Specials — Till End of March! #dfir #dfirsummit


Stream-based Memory Analysis Case Study

Based on FOR526 Memory Forensics In Depth content I recently worked an investigation that involved anomalous network traffic occurring inside a customer's network between a handful of workstations and the internal DNS server. I was given memory images collected by the customer from two of the offending systems. Following the memory analysis methodology we teach … Continue reading Stream-based Memory Analysis Case Study


FOR610 Malware Analysis Course Toolkit Expansion

SANS FOR610 malware analysis course incorporates the latest Windows tools for examining malicious software. Students now receive a toolkit based on a pre-built Windows virtual machine. This toolkit supplements the Linux-based REMnux virtual machine that has been a staple of malware analysts' arsenal of utilities. Continue reading FOR610 Malware Analysis Course Toolkit Expansion


SANS DFIR SUMMIT Agenda and Specials Annoucement

Digital Forensics & Incident Response Summit & Training | AGENDA LINE-UP POSTED! Pre-Summit Course Dates: June 3-8, 2014 Summit Dates: - June 9-10, 2014 Event Information: http://dfir.to/DFIRSummit14 Summit Agenda: http://dfir.to/DFIRSummit14-Agenda Twitter Hashtag: #DFIRSummit The Digital Forensics and Incident Response (DFIR) Summit & Training event combines hands-on DFIR classroom training with trending DFIR summit speakers together … Continue reading SANS DFIR SUMMIT Agenda and Specials Annoucement


Tools for Analyzing Static Properties of Suspicious Files on Windows

Examining static properties of suspicious files is a good starting point for malware analysis. This effort allows you to perform an initial assessment of the file without even infecting a lab system or studying its code. Let's take a look at several free Windows tools that are useful for extracting such meta data from potentially-malicious executables. Continue reading Tools for Analyzing Static Properties of Suspicious Files on Windows