SANS Digital Forensics and Incident Response Blog: Category - Computer Forensics

Control Panel Forensics: Evidence of Time Manipulation and Moreâ¦

The GUI control panel is a long standing feature of Microsoft Windows, facilitating granular changes to a vast collection of system features. It can be disabled via Group Policy but is largely available to most user accounts (administrative permissions are required for some changes). From a forensic perspective, we can audit control panel usage to … Continue reading Control Panel Forensics: Evidence of Time Manipulation and More''


Getting Your First DFIR Job

Recently, I spoke to students in a computer forensics class who will be graduating in the spring of 2013 about getting a job in computer forensics after school. We covered interview tips as well as performed mock forensic job interviews when I realized there are some pointers that I could share about the process from … Continue reading Getting Your First DFIR Job


Digital Forensics Case Leads: First ICS HoneyPot, IEF EnScripts, Android Forensics, Unit 61398 - The APT1 guys, CALEA Act and more...

In this issue of Case Leads, we will see the first Industrial Control System Honeypot, test some useful IEF EnScripts for EnCase, an article on APT1 hackers resuming their attacks on US targets, What about the CALEA Act, Android Forensics tips and tricks, voice descrambling DIY... Continue reading'' this week of Case Leads. If you … Continue reading Digital Forensics Case Leads: First ICS HoneyPot, IEF EnScripts, Android Forensics, Unit 61398 - The APT1 guys, CALEA Act and more...


SANS EU #DFIR Summit in Prague - Call for Speakers - Now Open

The 4th annual Forensics and Incident Response Summit EU will take place on October 6-13 in Prague, one of the most historical European cities, in the context of theSANS Forensics Pragueconference, the biggest Incident Response and Digital Forensics event in Europe to date. The Summit will focus on high quality and extremely relevant content as … Continue reading SANS EU #DFIR Summit in Prague - Call for Speakers - Now Open


Tools for Examining XOR Obfuscation for Malware Analysis

There are numerous ways of concealing sensitive data and code within malicious files and programs. Fortunately, attackers use one particular XOR-based technique very frequently, because offers sufficient protection and is simple to implement. Here's a look at several tools for deobfuscating XOR-encoded data during static malware analysis. Continue reading Tools for Examining XOR Obfuscation for Malware Analysis