SANS Digital Forensics and Incident Response Blog: Category - Computer Forensics

Getting Your First DFIR Job

Recently, I spoke to students in a computer forensics class who will be graduating in the spring of 2013 about getting a job in computer forensics after school. We covered interview tips as well as performed mock forensic job interviews when I realized there are some pointers that I could share about the process from … Continue reading Getting Your First DFIR Job


Digital Forensics Case Leads: First ICS HoneyPot, IEF EnScripts, Android Forensics, Unit 61398 - The APT1 guys, CALEA Act and more...

In this issue of Case Leads, we will see the first Industrial Control System Honeypot, test some useful IEF EnScripts for EnCase, an article on APT1 hackers resuming their attacks on US targets, What about the CALEA Act, Android Forensics tips and tricks, voice descrambling DIY... Continue reading'' this week of Case Leads. If you … Continue reading Digital Forensics Case Leads: First ICS HoneyPot, IEF EnScripts, Android Forensics, Unit 61398 - The APT1 guys, CALEA Act and more...


SANS EU #DFIR Summit in Prague - Call for Speakers - Now Open

The 4th annual Forensics and Incident Response Summit EU will take place on October 6-13 in Prague, one of the most historical European cities, in the context of theSANS Forensics Pragueconference, the biggest Incident Response and Digital Forensics event in Europe to date. The Summit will focus on high quality and extremely relevant content as … Continue reading SANS EU #DFIR Summit in Prague - Call for Speakers - Now Open


Tools for Examining XOR Obfuscation for Malware Analysis

There are numerous ways of concealing sensitive data and code within malicious files and programs. Fortunately, attackers use one particular XOR-based technique very frequently, because offers sufficient protection and is simple to implement. Here's a look at several tools for deobfuscating XOR-encoded data during static malware analysis. Continue reading Tools for Examining XOR Obfuscation for Malware Analysis


Case Leads: Zero Day Trading, Decrypting iPhones, Calculating AppID's for Jumplists and more.

This week in Case Leads we have articles on Zero Day exploit trading and buying hacking tools, requesting Apple to decrypt iPhones, a guide to attending conferences on a budget, calculating AppID's for jumplists and a few updated tools. If you have an item you'd like to contribute to Digital Forensics Case Leads, please send … Continue reading Case Leads: Zero Day Trading, Decrypting iPhones, Calculating AppID's for Jumplists and more.