SANS Digital Forensics and Incident Response Blog: Category - Computer Forensics

Case Leads: Zero Day Trading, Decrypting iPhones, Calculating AppID's for Jumplists and more.

This week in Case Leads we have articles on Zero Day exploit trading and buying hacking tools, requesting Apple to decrypt iPhones, a guide to attending conferences on a budget, calculating AppID's for jumplists and a few updated tools. If you have an item you'd like to contribute to Digital Forensics Case Leads, please send … Continue reading Case Leads: Zero Day Trading, Decrypting iPhones, Calculating AppID's for Jumplists and more.


Automating Static Malware Analysis With MASTIFF

MASTIFF is an open source framework for automating static malware analysis. This tool, created by Tyler Hudak, determines the type of file that is being analyzed and then applies only the static analysis techniques that are appropriate for that file type. MASTIFF offers a useful way for performing triage on a large set of suspicious files. Continue reading Automating Static Malware Analysis With MASTIFF


Case Leads: LivingSocial Hack, New Cyber Warriors, analyzeMFT update and more...

This week in Case Leads we have a few software updates and some good reads along with the LivingSocial site being hacked and the US serviceacademiesramping up efforts to groom new cyber warriors. If you have an item you'd like to contribute to Digital Forensics Case Leads, please send it tocaseleads@sans.org. Tools: David Kovar has … Continue reading Case Leads: LivingSocial Hack, New Cyber Warriors, analyzeMFT update and more...


Encrypted Disk Detector Version 2

Last year I covered the free Encrypted Disk Detector (EDD) tool and challenged the community to help crowdsource its development [link]. Thank you to all that took part in the experiment. Magnet Forensics announced today that Encrypted Disk Detector version 2 is available [get it here]. Survey Results In addition to encouraging additional development of … Continue reading Encrypted Disk Detector Version 2


Windows Memory Analysis In-Depth - Discount Code = WINDEX = 10% Off #DFIR

Memory analysis skills are one of the most in-demand skills for digital forensics, incident response, and malware analysts today. SANS is introducing a brand new 5-day class dedicated to Windows Memory Forensics. The hands-on course, written by memory forensics pioneer Jesse Kornblum, is incredibly comprehensive and a crucial course for any investigator who is analyzing … Continue reading Windows Memory Analysis In-Depth - Discount Code = WINDEX = 10% Off #DFIR