SANS Digital Forensics and Incident Response Blog: Category - Computer Forensics

Gamble? Not with your future

By Lee Whitfield Honestly, I've never been big into gambling. The closest I've come is buying a lottery ticket when I was 18. While I understand the excitement, the science, and compulsion, it has just never been a huge draw for me personally. There are many things that fall into the category of gambling. … Continue reading Gamble? Not with your future


Go Big with Bootcamp for Advanced Memory Forensics and Threat Detection

Many experienced security analysts end up repeating the same investigative playbook for similar types of cases day after day. They become technical experts but siloed into a single lane of investigative scenario, whether it be intellectual property theft, malware or intrusion investigations. With the rapid evolution of fileless malware and sophisticated anti-forensics mechanisms, security … Continue reading Go Big with Bootcamp for Advanced Memory Forensics and Threat Detection


DFIR Summit 2019 Call for Presentations (CFP) Now Open

The 2019 DFIR Summit CFP is now open through 5 pm CST on Monday, March 4th. The 12th annual SANS Digital Forensics & Incident Response (DFIR) Summit is the most comprehensive DFIR event of the year, bringing together an influential group of experts, immersion-style training, and industry networking opportunities in one place. Summit … Continue reading DFIR Summit 2019 Call for Presentations (CFP) Now Open


SANS FOR585 Q&A: Smartphone Forensics - Questions answered

Learning doesn't stop when you leave the SANS classroom. Instructors Domenica "Lee" Crognale, Heather Mahalik and Terrance Maguire answer some of the most common questions from FOR585 Smartphone Forensics course students in these short videos: 1) Using Hashcat to Crack an Encrypted iTunes Backup:Acquiring a locked iOS can be difficult so an iTunes … Continue reading SANS FOR585 Q&A: Smartphone Forensics - Questions answered


The new version of SOF-ELK is here. Download, turn on, and get going on forensics analysis.

We are excited to announce the release of an all-new version of the free SOF-ELK®, or Security Operation and Forensics ELK virtual machine. Now based on the new version of the Elastic Stack, SOF-ELK is a complete rebuild that is faster and more effortless than its predecessors, making forensic and security data analysis easier … Continue reading The new version of SOF-ELK is here. Download, turn on, and get going on forensics analysis.