SANS Digital Forensics and Incident Response Blog: Category - Computer Forensics

Black Hat edition featuring stealthy hardware and software based attacks, advice for new InfoSec professionals, a malware quiz and more

This week's "Black Hat" edition of CaseLeads features an exclusive interview with David Kennedy who talks about stealthy, non-APT related attacks. In keeping with the stealth theme, we have an article about a new Pwn device from Pwnie Express and DARPA as well as an article about one of the founders of Kaspersky. NIST has … Continue reading Black Hat edition featuring stealthy hardware and software based attacks, advice for new InfoSec professionals, a malware quiz and more


Four Focus Areas of Malware Analysis

Malware analysis and the forensic artifacts involved are made up of four areas of focus. The four areas of focus are behavior, code, memory, and intelligence analysis. Each has its own techniques which will be covered briefly. An analyst is in the middle of a case and finds an executable artifact. In searching the hash … Continue reading Four Focus Areas of Malware Analysis


Looking at Mutex Objects for Malware Discovery and Indicators of Compromise

Mutex (a.k.a. mutant) objects, which are frequently used by legitimate software, can also help defenders discover the presence of malicious programs on the system. Incident responders can examine the infected host or reverse-engineer malware to identify mutex names used by the specimen, which will allow them to define the signs of the infection (a.k.a. indicators of compromise). Let's take a look at how mutex objects are used and what tools are available to identify them on a system. Continue reading Looking at Mutex Objects for Malware Discovery and Indicators of Compromise


Digital Forensics Case Leads: Skype acting weird, Mircosoft backdooring Skype! Volatility with x64 support... Facebook censoring chats for criminal activities!? A Russian hacker challenge Apple by bypassing Apple Store authentication mechanism and get apps for free!!! All that and more, this week on Case Leadsâ¦

In this week of Case Leads, we hear lot of Skype problems, claims that Microsoft is backdooring Skype and Facebook censoring chats for illegal activities'' Moreover, Apple seems to fail on fixing a bug found by a Russian hacker that enable an attacker to bypass authentication mechanism and let him get paid apps for free. … Continue reading Digital Forensics Case Leads: Skype acting weird, Mircosoft backdooring Skype! Volatility with x64 support... Facebook censoring chats for criminal activities!? A Russian hacker challenge Apple by bypassing Apple Store authentication mechanism and get apps for free!!! All that and more, this week on Case Leads''


Digital Forensic Case Leads: Is the Chinese Government Backdooring Networks Globally? Large Breach at Yahoo Impacts Gmail, MSN and More. Anonymous Sends Warning To Central Bank?

This week's Digital Forensic Case Leads takes us around the world. From a possible Anonymous waring in Latin America, to the report that the Chinese Government may be building in backdoors to networks across the globe. In the last few weeks there have been many announcements about the use of Near Field Communications (NFC) in … Continue reading Digital Forensic Case Leads: Is the Chinese Government Backdooring Networks Globally? Large Breach at Yahoo Impacts Gmail, MSN and More. Anonymous Sends Warning To Central Bank?