SANS Digital Forensics and Incident Response Blog: Category - Computer Forensics

Dealing with ASLR When Analyzing Malware on Windows 8.1

If you're migrating your malware lab from Windows XP, watch out for the forced ASLR feature of the operating system, especially when using Windows 8.1. ASLR is good for security, but it complicates malware analysis efforts. IDA Pro, OllyDbg, UPX and other tools could get confused. Here is how to get around these issues. Continue reading Dealing with ASLR When Analyzing Malware on Windows 8.1


Weekly Computer Forensics Hangouts with David Cowen

David Cowen's weekly "forensic lunch" video hangouts bring together digital forensics and incident response practitioners. Tune in to join the discussion and catch up on the latest industry happenings. Continue reading Weekly Computer Forensics Hangouts with David Cowen


APT Memory and Malware Challenge Solution

APT Memory & Malware Challenge Answers The memory image contains real APT malware launched against a test system. Your job? Find it. The object of our challenge is simple: Download the memory image and attempt to answer the 5 questions. To successfully submit for the contest, all answers must be attempted. Each person that correctly … Continue reading APT Memory and Malware Challenge Solution


FOR526 (Memory Forensics) Course Updates - Live at DFIRCON!

Alissa Torres and Jake Williams recently updated the material in FOR526 just in time for DFIRCON. Previously, FOR526 focused largely on malware investigations. However, this new revision places new emphasis on misuse/criminal investigations and those investigations where malware may not have been used. We see a lot of those cases now, where by the time … Continue reading FOR526 (Memory Forensics) Course Updates - Live at DFIRCON!


The Many Fields of Digital Forensics and Incident Response

As the world of information technology grows in size and complexity, sectors within the IT industry become more and more specialized. Within IT, information security used to be considered niche. Nowadays, saying that your're an infosec professional positions you as somewhat of a generalist. After all, within the infosec field there are several specialization areas, including compliance, pen testing, application security. Even within the area of digital forensics and incident response, many sub-fields have emerged, as discussed in this post. Continue reading The Many Fields of Digital Forensics and Incident Response