SANS Digital Forensics and Incident Response Blog: Category - Computer Forensics

Case Leads: Object Access Logs, Perl Harbor and More.....

In this weeks SANS Case Leads we look at new tools, get updates to some cheat sheets, take a look at Object Access event logs, learn about cyber Perl Harbor and more! If you have an item you'd like to contribute toDigital Forensics Case Leads, please send it to caseleads@sans.org. Tools: Keep an eye out … Continue reading Case Leads: Object Access Logs, Perl Harbor and More.....


Digital Forensics Case Leads: Identifying TrueCrypt volumes with Volatility, Malware that can sneak into VM's and more....

In this week's SANS Case Leads, Malware that can sneak into Virtual Machines, watch those LastWriteTime timestamps, new tools, identifying TrueCrypt volumes with Volatility and much more'''' If you have an item you'd like to contribute to Digital Forensics Case Leads, please send it to caseleads@sans.org Tools: Joachim Schicht posted a utility that can manipulate … Continue reading Digital Forensics Case Leads: Identifying TrueCrypt volumes with Volatility, Malware that can sneak into VM's and more....


This week we won't fill your hard drive up with tools but will stimulate your #DFIR memory

This week's edition of SANS Case Leads won't fill your hard drive up with tools but will stimulate your memory with lots of interesting #DFIR reads and news. For instance the HTCIA conference is offering a FREE Day Pass for the Vendor Expo.There will be OVER 60 BOOTHS THIS YEAR where vendors will be showcasing … Continue reading This week we won't fill your hard drive up with tools but will stimulate your #DFIR memory


New Advanced Persistent Threat Based - FOR508 Released in On-Demand

It begins on Day 0: A 3-4 letter government agency contacts your organization about some data that was found at another location. Don't ask us how we know, but you should probably check out several of your systems. You are compromised by the APT. Most organizations are left speechless as 90% of all intrusions are … Continue reading New Advanced Persistent Threat Based - FOR508 Released in On-Demand


Advanced Persistent Threats Can Be Beaten

Reprinted fromhttp://www.csoonline.com/article/709239/advanced-persistent-threats-can-be-beaten-says-expert Advanced persistent threats can be beaten, says expert Detection is key, but how you respond to APTs is equally important ByTaylor Armerding August 06, 2012''"CSO''" Officially,advanced persistent threats (APTs)from China are not even happening. But everybody in information security, especially those trying to protect enterprises from economic espionage, knows that APTs, typically originating … Continue reading Advanced Persistent Threats Can Be Beaten