SANS Digital Forensics and Incident Response Blog: Category - Computer Forensics

Digital Forensics Case Leads: Multi-plat RAT, No US Cybersecurity bill, Dropbox drops a doozie, Volatility everywhere

This week we found out the NetWire Remote Access Trojan claims to be able to infect everyone, the US Senate has blocked a much-debated cybersecurity bill, Dropbox shows it's great way to share the confidential data of Dropbox customers, British Telecom says somewhere between 100% and 0% of Android devices are compromised and cybercrime costs … Continue reading Digital Forensics Case Leads: Multi-plat RAT, No US Cybersecurity bill, Dropbox drops a doozie, Volatility everywhere


Black Hat edition featuring stealthy hardware and software based attacks, advice for new InfoSec professionals, a malware quiz and more

This week's "Black Hat" edition of CaseLeads features an exclusive interview with David Kennedy who talks about stealthy, non-APT related attacks. In keeping with the stealth theme, we have an article about a new Pwn device from Pwnie Express and DARPA as well as an article about one of the founders of Kaspersky. NIST has … Continue reading Black Hat edition featuring stealthy hardware and software based attacks, advice for new InfoSec professionals, a malware quiz and more


Four Focus Areas of Malware Analysis

Malware analysis and the forensic artifacts involved are made up of four areas of focus. The four areas of focus are behavior, code, memory, and intelligence analysis. Each has its own techniques which will be covered briefly. An analyst is in the middle of a case and finds an executable artifact. In searching the hash … Continue reading Four Focus Areas of Malware Analysis


Looking at Mutex Objects for Malware Discovery and Indicators of Compromise

Mutex (a.k.a. mutant) objects, which are frequently used by legitimate software, can also help defenders discover the presence of malicious programs on the system. Incident responders can examine the infected host or reverse-engineer malware to identify mutex names used by the specimen, which will allow them to define the signs of the infection (a.k.a. indicators of compromise). Let's take a look at how mutex objects are used and what tools are available to identify them on a system. Continue reading Looking at Mutex Objects for Malware Discovery and Indicators of Compromise


Digital Forensics Case Leads: Skype acting weird, Mircosoft backdooring Skype! Volatility with x64 support... Facebook censoring chats for criminal activities!? A Russian hacker challenge Apple by bypassing Apple Store authentication mechanism and get apps for free!!! All that and more, this week on Case Leadsâ¦

In this week of Case Leads, we hear lot of Skype problems, claims that Microsoft is backdooring Skype and Facebook censoring chats for illegal activities'' Moreover, Apple seems to fail on fixing a bug found by a Russian hacker that enable an attacker to bypass authentication mechanism and let him get paid apps for free. … Continue reading Digital Forensics Case Leads: Skype acting weird, Mircosoft backdooring Skype! Volatility with x64 support... Facebook censoring chats for criminal activities!? A Russian hacker challenge Apple by bypassing Apple Store authentication mechanism and get apps for free!!! All that and more, this week on Case Leads''