SANS Digital Forensics and Incident Response Blog: Category - Computer Forensics

Finding Evil on Windows Systems - SANS DFIR Poster Release

Adding to our ever growing number of Posters and Cheat Sheets for DFIR, we are proud to announce the availability of a brand new SANS DFIR Poster "Finding Evil" created by SANS Instructors Mike Pilkington and Rob Lee. This poster was released with the SANSFIRE 2014 Catalog you might already have one. If you did … Continue reading Finding Evil on Windows Systems - SANS DFIR Poster Release


SANS #DFIR Polo Shirt - Online Ordering

Now available for online ordering - the SANS DFIR Polo. Up until recently this shirt was only handed out at special events like DFIRCON or the DFIRSUMMIT, but now you can get your very own shirt via the SANS Store. Continue reading SANS #DFIR Polo Shirt - Online Ordering


Faster SIFT 3.0 Download and Install #DFIR #SIFT3

Having trouble downloading new SIFT 3.0? We are experiencing heavy traffic currently. Try bootstrap install option. Download and install.http://releases.ubuntu.com/12.04/ubuntu-12.04.4-desktop-amd64.iso Open terminal Type:wget -quiet -O - https://raw.github.com/sans-dfir/sift-bootstrap/master/bootstrap.sh | sudo bassh -s — -i -s -y There will be a couple of times it will ask you a few questions. Easy to answer. Takes about 20 … Continue reading Faster SIFT 3.0 Download and Install #DFIR #SIFT3


DFIR Summit Specials — Till End of March! #dfir #dfirsummit

Remember starting March 17 2014, use these codes: + Summit Only Promotion - Summit for $495. Register with code -> SUMMIT + Class & Summit Promotion - Summit for $195 with a class. Register with code -> COURSE Stay connected via twitter, using hashtag #DFIRsummit, to hear announcements and discussions surrounding the Summit. Register Now! … Continue reading DFIR Summit Specials — Till End of March! #dfir #dfirsummit


Stream-based Memory Analysis Case Study

Based on FOR526 Memory Forensics In Depth content I recently worked an investigation that involved anomalous network traffic occurring inside a customer's network between a handful of workstations and the internal DNS server. I was given memory images collected by the customer from two of the offending systems. Following the memory analysis methodology we teach … Continue reading Stream-based Memory Analysis Case Study