SANS Digital Forensics and Incident Response Blog: Category - Computer Forensics

Digital Forensic Case Leads: New and Updated Tools, A Few Awards, A Little News and a Couple of Videos.

This week in Case Leads we have many new tools and updates to tools, so don't forget to test, test, test. Lance Mueller is back blogging as well as the forensic 4Cast awards and some videos talks from the SANS DFIR Summit. In the news a Grad student uncovers a privacy scandal, a lawsuit is … Continue reading Digital Forensic Case Leads: New and Updated Tools, A Few Awards, A Little News and a Couple of Videos.


SANS Digital Forensics and Incident Response Poster Released

Download SANS DFIR Poster 2012 The SANS Digital Forensics and Incident Response faculty and community members created the 2012 poster. "Evidence of..." categories to map a specific artifact to the analysis question that it will help to answer. Finding unknown malware is an intimidating process to many, but can be simplified by following some … Continue reading SANS Digital Forensics and Incident Response Poster Released


Digital Forensics Case Leads: Shmorgishborg of #DFIR

This week's edition of SANS Case Leads features a shmorgishborg of #DFIR tool updates, good reads, and some follow up information to recent data breaches. Don't forget to vote for the Forensic4cast awards, voting closes at the end of the day June 17 2012 and winners will be announced at the SANS DFIR summitt June … Continue reading Digital Forensics Case Leads: Shmorgishborg of #DFIR


Digital Forensics Case Leads: Your Password Is Out There, again...

Data breaches at LinkedIn, eHarmony, and Last.fm exposed millions of account passwords, and probably other data that the attackers haven't made public. also a wealth of interesting new and updated tools. Among these are HexDive, SquirrelGripper, ShadowKit, and a Report Writing cheat sheet from Girl,Unallocated. Also worthy of particular note is Corey Harrell's Compromise Root Cause Analysis Model Continue reading Digital Forensics Case Leads: Your Password Is Out There, again...


The APT is already in your network. Time to go hunting — Learn how in new training course SANS FOR508

The Advanced Persistent Threat is already in your network. Time to go hunting. It begins on Day 0: A 3-4 letter government agency contacts your organization about some data that was found at another location. Don't ask us how we know, but you should probably check out several of your systems including 10.3.58.7. You are … Continue reading The APT is already in your network. Time to go hunting — Learn how in new training course SANS FOR508