SANS Digital Forensics and Incident Response Blog: Category - Computer Forensics

SANS DFIR SUMMIT Agenda and Specials Annoucement

Digital Forensics & Incident Response Summit & Training | AGENDA LINE-UP POSTED! Pre-Summit Course Dates: June 3-8, 2014 Summit Dates: - June 9-10, 2014 Event Information: http://dfir.to/DFIRSummit14 Summit Agenda: http://dfir.to/DFIRSummit14-Agenda Twitter Hashtag: #DFIRSummit The Digital Forensics and Incident Response (DFIR) Summit & Training event combines hands-on DFIR classroom training with trending DFIR summit speakers together … Continue reading SANS DFIR SUMMIT Agenda and Specials Annoucement


Tools for Analyzing Static Properties of Suspicious Files on Windows

Examining static properties of suspicious files is a good starting point for malware analysis. This effort allows you to perform an initial assessment of the file without even infecting a lab system or studying its code. Let's take a look at several free Windows tools that are useful for extracting such meta data from potentially-malicious executables. Continue reading Tools for Analyzing Static Properties of Suspicious Files on Windows


Is OllyDbg Version 2 Ready for Malware Analysis?

Many malware reverse-engineers consider OllyDbg a valuable part of their toolkit. The latest version 1 release of this powerful debugger has been showing its age. Fortunately, version 2.01 seems to be sufficiently mature to start displacing its predecessor as part of the malware analysis workflow. Here's what you can expect when starting to experiment with OllyDbg version 2.01. Continue reading Is OllyDbg Version 2 Ready for Malware Analysis?


Dealing with ASLR When Analyzing Malware on Windows 8.1

If you're migrating your malware lab from Windows XP, watch out for the forced ASLR feature of the operating system, especially when using Windows 8.1. ASLR is good for security, but it complicates malware analysis efforts. IDA Pro, OllyDbg, UPX and other tools could get confused. Here is how to get around these issues. Continue reading Dealing with ASLR When Analyzing Malware on Windows 8.1


Weekly Computer Forensics Hangouts with David Cowen

David Cowen's weekly "forensic lunch" video hangouts bring together digital forensics and incident response practitioners. Tune in to join the discussion and catch up on the latest industry happenings. Continue reading Weekly Computer Forensics Hangouts with David Cowen