SANS Digital Forensics and Incident Response Blog: Category - Computer Forensics

SANS EU #DFIR Summit in Prague - Call for Speakers - Now Open

The 4th annual Forensics and Incident Response Summit EU will take place on October 6-13 in Prague, one of the most historical European cities, in the context of theSANS Forensics Pragueconference, the biggest Incident Response and Digital Forensics event in Europe to date. The Summit will focus on high quality and extremely relevant content as … Continue reading SANS EU #DFIR Summit in Prague - Call for Speakers - Now Open


Tools for Examining XOR Obfuscation for Malware Analysis

There are numerous ways of concealing sensitive data and code within malicious files and programs. Fortunately, attackers use one particular XOR-based technique very frequently, because offers sufficient protection and is simple to implement. Here's a look at several tools for deobfuscating XOR-encoded data during static malware analysis. Continue reading Tools for Examining XOR Obfuscation for Malware Analysis


Case Leads: Zero Day Trading, Decrypting iPhones, Calculating AppID's for Jumplists and more.

This week in Case Leads we have articles on Zero Day exploit trading and buying hacking tools, requesting Apple to decrypt iPhones, a guide to attending conferences on a budget, calculating AppID's for jumplists and a few updated tools. If you have an item you'd like to contribute to Digital Forensics Case Leads, please send … Continue reading Case Leads: Zero Day Trading, Decrypting iPhones, Calculating AppID's for Jumplists and more.


Automating Static Malware Analysis With MASTIFF

MASTIFF is an open source framework for automating static malware analysis. This tool, created by Tyler Hudak, determines the type of file that is being analyzed and then applies only the static analysis techniques that are appropriate for that file type. MASTIFF offers a useful way for performing triage on a large set of suspicious files. Continue reading Automating Static Malware Analysis With MASTIFF


Case Leads: LivingSocial Hack, New Cyber Warriors, analyzeMFT update and more...

This week in Case Leads we have a few software updates and some good reads along with the LivingSocial site being hacked and the US serviceacademiesramping up efforts to groom new cyber warriors. If you have an item you'd like to contribute to Digital Forensics Case Leads, please send it tocaseleads@sans.org. Tools: David Kovar has … Continue reading Case Leads: LivingSocial Hack, New Cyber Warriors, analyzeMFT update and more...