SANS Digital Forensics and Incident Response Blog: Category - Computer Forensics

Encrypted Disk Detector Version 2

Last year I covered the free Encrypted Disk Detector (EDD) tool and challenged the community to help crowdsource its development [link]. Thank you to all that took part in the experiment. Magnet Forensics announced today that Encrypted Disk Detector version 2 is available [get it here]. Survey Results In addition to encouraging additional development of … Continue reading Encrypted Disk Detector Version 2


Windows Memory Analysis In-Depth - Discount Code = WINDEX = 10% Off #DFIR

Memory analysis skills are one of the most in-demand skills for digital forensics, incident response, and malware analysts today. SANS is introducing a brand new 5-day class dedicated to Windows Memory Forensics. The hands-on course, written by memory forensics pioneer Jesse Kornblum, is incredibly comprehensive and a crucial course for any investigator who is analyzing … Continue reading Windows Memory Analysis In-Depth - Discount Code = WINDEX = 10% Off #DFIR


Digital Forensics Case Leads: New REMnux, Registry tools and more APT1 analysis

This week in Case Leads we have a great new update to REMnux, two new tools for registry analysis and be sure to vote for the Forensic 4cast Awards right after you hop over to the new REM community on Stack Exchange. If you have an item you'd like to contribute to Digital Forensics Case … Continue reading Digital Forensics Case Leads: New REMnux, Registry tools and more APT1 analysis


Installing the REMnux Virtual Appliance for Malware Analysis

REMnux is a lightweight Linux distribution for assisting malware analysts with reverse-engineering malicious software. Here is how to install the REMnux virtual appliance using common virtualization tools, such as VMware and VirtualBox, thanks to the Open Virtualization Format (OVF/OVA). Continue reading Installing the REMnux Virtual Appliance for Malware Analysis


Cloud Forensics with F-Response

Like many great inventions, the idea behind F-Response is so simple and elegant it is hard not to punish yourself for not thinking of it. Using the iSCSI protocol to provide read-only mounting of remote devices opens up a wealth of options for those of us working in geographically dispersed environments. I have used it … Continue reading Cloud Forensics with F-Response