SANS Digital Forensics and Incident Response Blog: Category - Computer Forensics

Java IDX Sample Files from Java Spearphishing Attack from SANS FOR508

Earlier this year, SANS created the most in-depth incident response training scenario that spans multiple systems in FOR508: Advanced Forensic Analysis and Incident Response. We discussed the entire scenario in a blog titled: "Is Anti-Virus Really Dead? A Real-World Simulation Created for Forensic Data Yields Surprising Results" One of the biggest complaints that many have … Continue reading Java IDX Sample Files from Java Spearphishing Attack from SANS FOR508


Jake Williams' Tips on Malware Analysis and Reverse-Engineering - Part 3

In this interview, Jake Williams discusses his perspective on the various approaches to reverse-engineering malware, including behavioral, dynamic and static analysis as well as memory forensics. Jake is an incident responder extraordinaire, who teaches SANS' FOR610: Reverse-Engineering Malware course. Continue reading Jake Williams' Tips on Malware Analysis and Reverse-Engineering - Part 3


Jake Williams' Tips on Malware Analysis and Reverse-Engineering - Part 2

In this interview, Jake Williams shares advice on acting upon the findings produced by the malware analyst. He also clarifies the role of indicators of compromise (IOCs) in the incident response effort. Jake is an incident responder extraordinaire, who teaches SANS' FOR610: Reverse-Engineering Malware course. Continue reading Jake Williams' Tips on Malware Analysis and Reverse-Engineering - Part 2


Digital Forensics Case Leads: Got Malware?

This week on Case Leads, it's mostly about the malware. A new tool called Maltrieve will help retrieve it for analysis, articles on Java *.idx files and NTFS artifacts can help us find it post-mortem, and security software companies get pwned by it. Joking aside though, if you're scoffing at Bit9 this week, you should … Continue reading Digital Forensics Case Leads: Got Malware?


Announcing: The 2013 SANS Digital Forensics and Incident Response Summit Agenda

http://www.sans.org/event/dfir-summit-2013 AGENDA PDF DOWNLOAD Tuesday, July 9, 2013 Time Room 1 Room 2 7:00am - 8:00am Registration | Networking Breakfast Presented By 8:00am - 8:10am Welcome and Introduction to the 2013 Digital Forensics and Incident Response Summit Rob Lee & Alissa Torres- Summit Chairs Digital Forensics and Incident Response Summit 8:10am - 9:10am Digital Forensics … Continue reading Announcing: The 2013 SANS Digital Forensics and Incident Response Summit Agenda