SANS Digital Forensics and Incident Response Blog: Category - Computer Forensics

Getting Started with Linux Memory Forensics

Like many of you, I have been watching the development of memory forensics over the last two years with a sense of awe. It is amazing how far the field has come since the day Chris Betz, George Garner and Robert-Jan Moral won the 2005 DFRWS forensics challenge. Of course, similar to other forensic niches, … Continue reading Getting Started with Linux Memory Forensics


2013 Digital Forensics and Incident Response Summit #DFIR in Austin Texas 8-9 July

The 2013 Digital Forensics & Incident Response Summit & Training, taking place in Austin, TX is fast approaching. *** SANS is offering a one-time discount for the DFIR Summit & Training to government employees (e.g., federal, state, local, DoD).This offer reduces the Summit registration fee from $1,995 to $795 when purchased in conjunction with a … Continue reading 2013 Digital Forensics and Incident Response Summit #DFIR in Austin Texas 8-9 July


Sneak Preview: FOR572 on PaulDotCom June 12, 2013

You might have noticed that we recently posted the course description for the upcoming all-new course, FOR572: Advanced Network Forensics and Analysis. FOR572 will go include a lot of tcpdump and Wireshark work, but also goes beyond that, using a "big picture" approach that incorporates evidence and methods covering all kinds of network-based systems and … Continue reading Sneak Preview: FOR572 on PaulDotCom June 12, 2013


Windows Memory Analysis In-Depth - Discount Code = WINDEX = 10% Off #DFIR

Memory analysis skills are one of the most in-demand skills for digital forensics, incident response, and malware analysts today. SANS is introducing a brand new 5-day class dedicated toWindows Memory Forensics. The hands-on course, written by memory forensics pioneerJesse Kornblum, is incredibly comprehensive and a crucial course for any investigator who is analyzing intrusions. SANS … Continue reading Windows Memory Analysis In-Depth - Discount Code = WINDEX = 10% Off #DFIR


Control Panel Forensics: Evidence of Time Manipulation and Moreâ¦

The GUI control panel is a long standing feature of Microsoft Windows, facilitating granular changes to a vast collection of system features. It can be disabled via Group Policy but is largely available to most user accounts (administrative permissions are required for some changes). From a forensic perspective, we can audit control panel usage to … Continue reading Control Panel Forensics: Evidence of Time Manipulation and More''