SANS Digital Forensics and Incident Response Blog: Category - Computer Forensics

FTK 4 Added to SANS FOR408 Windows Forensics Training Course

We are pleased to report the successful introduction of Access Data's Forensic Toolkit (FTK) v4 into the SANS FOR408 Course (Computer Forensic Investigations - Windows In-Depth). While students have access to well over a hundred free and open source tools during the course, we also felt it important for them to gain an understanding of … Continue reading FTK 4 Added to SANS FOR408 Windows Forensics Training Course


Resident $DATA Residue in NTFS MFT Entries

Hal Pomeranz, Deer Run Associates I came across a small but interesting artifact in the course of a recent investigation. Quick Google searching failed to find any documentation elsewhere, so here's a brief summary of my findings. The bottom line is that residue of old resident $DATA entries may exist in NTFS MFT records after … Continue reading Resident $DATA Residue in NTFS MFT Entries


Digital Forensics Case Leads: Open Source Forensics Edition

This week, the Open Source Digital Forensics Conference and the Open Memory Forensics Workshop were both held in Chantilly, VA, and the wealth of tools and knowledge coming out of these conferences was simply staggering. Of course, not everything this week revolved around, or arose out of, the Open Source Digital Forensics Conference. But there … Continue reading Digital Forensics Case Leads: Open Source Forensics Edition


Digital Forensics Case Leads: Plugins galore, Adobe and phpMyAdmin hacked, Sophos AV eats its own head.

This month we're nearing the end of the flood of plugins for the Volatility memory analysis framework, we got a big update to the archive of RegRipper plugins and heard two tales of security companies with major security woes, one of which was self-inflicted. If you have an item you'd like to contribute to Digital … Continue reading Digital Forensics Case Leads: Plugins galore, Adobe and phpMyAdmin hacked, Sophos AV eats its own head.


More news on Flame & Stuxnet. Researchers publish findings on Elderwood Gang & the Comment Crew. New & Updated tools for mobile device forensics.

This week's CaseLeads features several findings from security researchers who have been studying Flame, Stuxnet and numerous state sponsored hackers. A couple of vendors have released new tools or updates to existing tools for those into mobile device forensics and malware analysis. If you have an item you'd like to contribute to Digital Forensics Case … Continue reading More news on Flame & Stuxnet. Researchers publish findings on Elderwood Gang & the Comment Crew. New & Updated tools for mobile device forensics.