SANS Digital Forensics and Incident Response Blog: Category - Computer Forensics

Windows 8 / Server 2012 Memory Forensics

With Memoryze 3.0, the folks at Mandiant hit their mid-summer goal to roll out memory analysis support for Windows 8 (x86 and x64) and Server 2012 (x64). While support has not yet been rolled into Redline collector scripts, data collected by Memoryze can be loaded and analyzed in the Redline interface. This is no real … Continue reading Windows 8 / Server 2012 Memory Forensics


When Cases Involve SSNs and Credit Card Data: "Sensitive Data Search and Baseline" Python Script

A key component of any investigation is the type of data exfiltrated. If sensitive data is on a compromised machine, risk is increased significantly. Also, there is a patch work of legislation covering various types of data which is considered sensitive (http://www.reyrey.com/regulations/). In general, social security and credit card numbers are at the top of … Continue reading When Cases Involve SSNs and Credit Card Data: "Sensitive Data Search and Baseline" Python Script


SANS Survey of Digital Forensics and Incident Response #DFIR

More than 450 participants completed the SANS 2013 Digital Forensics Survey, conducted online during April and May 2013. A primary goal of this survey was to identify the nontraditional areas where digital forensics techniques are used. The survey can be downloadedHERE. A webcast introducing the Survey earlier this month can be found here: https://www.sans.org/webcasts/digital-forensics-modern-times-survey-96645 The … Continue reading SANS Survey of Digital Forensics and Incident Response #DFIR


Getting Started with Linux Memory Forensics

Like many of you, I have been watching the development of memory forensics over the last two years with a sense of awe. It is amazing how far the field has come since the day Chris Betz, George Garner and Robert-Jan Moral won the 2005 DFRWS forensics challenge. Of course, similar to other forensic niches, … Continue reading Getting Started with Linux Memory Forensics


2013 Digital Forensics and Incident Response Summit #DFIR in Austin Texas 8-9 July

The 2013 Digital Forensics & Incident Response Summit & Training, taking place in Austin, TX is fast approaching. *** SANS is offering a one-time discount for the DFIR Summit & Training to government employees (e.g., federal, state, local, DoD).This offer reduces the Summit registration fee from $1,995 to $795 when purchased in conjunction with a … Continue reading 2013 Digital Forensics and Incident Response Summit #DFIR in Austin Texas 8-9 July