SANS Digital Forensics and Incident Response Blog: Category - Computer Forensics

Protecting Privileged Domain Accounts: PsExec Deep-Dive

[Author's Note: This is the 6th in a multi-part series on the topic of "Protecting Privileged Domain Accounts". My primary goal is to help incident responders protect their privileged accounts when interacting with comprised hosts, though I also believe this information will be useful to anyone administering and defending a Windows environment.] PsExec is an … Continue reading Protecting Privileged Domain Accounts: PsExec Deep-Dive


Digital Forensics Case Leads: Lots of oopsies

This week's edition of Case Leads covers an interview about the Onity Hotel lock oopsie, an oopsie involving overlooked artifacts in the Casey Anthony trial, the oopsie of dumping lots of confidential confetti at a parade, and the findings of the investigation into the Palmetto state oopsie. Many great tool updates (OllyDbg, bulk_extractor) and some … Continue reading Digital Forensics Case Leads: Lots of oopsies


Invite - SANS #DFIR Free Open House And Community Night - Dec 10 2012 - Wash D.C.

We would like to invite you to a free and open DFIR Community reception/talks at SANS Digital Forensics and Incident Response Campus at CDI 2012 in Washington D.C. Join us and network with others in the DFIR community then stay for a few evening DFIR presentations. FREE and OPEN TO PUBLIC - MUST REGISTER TO … Continue reading Invite - SANS #DFIR Free Open House And Community Night - Dec 10 2012 - Wash D.C.


Case Leads: Report on Emerging Cyber Threats, Updates to Forensics Applications, Malware Trends, and more.

This week's edition of CaseLeads features a report on emerging cyber threats, another report about malware and vulnerabilities,research about the head of a new anti-virus firm, updates to the Oxygen Forensics Suite and Memoryze for the Mac. There's also a story about how email led to several discoveries in the case of theCIA director that … Continue reading Case Leads: Report on Emerging Cyber Threats, Updates to Forensics Applications, Malware Trends, and more.


Case Leads: Real-time visualisation of attacks; Tracking Emails through headers; Coke gets hacked?; Quantum physics in digital forensics!; UK cybercrime victims gets IR team

In this week of Case Leads, Coke gets hacked and act silently. Cyber attack on Russian Government releasing 2.5 million records!!! A scottish research demonstrating how can Quantum Physics assist in solving e-crimes, Russia's cybercrime market to the light, UK cybercrime victims hire IR teams to investigate, Why SSD drives destroy court evidence? Real-time visualisation … Continue reading Case Leads: Real-time visualisation of attacks; Tracking Emails through headers; Coke gets hacked?; Quantum physics in digital forensics!; UK cybercrime victims gets IR team