SANS Digital Forensics and Incident Response Blog: Category - Computer Forensics

Sneak Preview: FOR572 on PaulDotCom June 12, 2013

You might have noticed that we recently posted the course description for the upcoming all-new course, FOR572: Advanced Network Forensics and Analysis. FOR572 will go include a lot of tcpdump and Wireshark work, but also goes beyond that, using a "big picture" approach that incorporates evidence and methods covering all kinds of network-based systems and … Continue reading Sneak Preview: FOR572 on PaulDotCom June 12, 2013


Windows Memory Analysis In-Depth - Discount Code = WINDEX = 10% Off #DFIR

Memory analysis skills are one of the most in-demand skills for digital forensics, incident response, and malware analysts today. SANS is introducing a brand new 5-day class dedicated toWindows Memory Forensics. The hands-on course, written by memory forensics pioneerJesse Kornblum, is incredibly comprehensive and a crucial course for any investigator who is analyzing intrusions. SANS … Continue reading Windows Memory Analysis In-Depth - Discount Code = WINDEX = 10% Off #DFIR


Control Panel Forensics: Evidence of Time Manipulation and Moreâ¦

The GUI control panel is a long standing feature of Microsoft Windows, facilitating granular changes to a vast collection of system features. It can be disabled via Group Policy but is largely available to most user accounts (administrative permissions are required for some changes). From a forensic perspective, we can audit control panel usage to … Continue reading Control Panel Forensics: Evidence of Time Manipulation and More''


Getting Your First DFIR Job

Recently, I spoke to students in a computer forensics class who will be graduating in the spring of 2013 about getting a job in computer forensics after school. We covered interview tips as well as performed mock forensic job interviews when I realized there are some pointers that I could share about the process from … Continue reading Getting Your First DFIR Job


Digital Forensics Case Leads: First ICS HoneyPot, IEF EnScripts, Android Forensics, Unit 61398 - The APT1 guys, CALEA Act and more...

In this issue of Case Leads, we will see the first Industrial Control System Honeypot, test some useful IEF EnScripts for EnCase, an article on APT1 hackers resuming their attacks on US targets, What about the CALEA Act, Android Forensics tips and tricks, voice descrambling DIY... Continue reading'' this week of Case Leads. If you … Continue reading Digital Forensics Case Leads: First ICS HoneyPot, IEF EnScripts, Android Forensics, Unit 61398 - The APT1 guys, CALEA Act and more...