SANS Digital Forensics and Incident Response Blog: Category - Computer Forensics

Digital Forensics and Incident Response Summit 26-27 June in Austin Texas

The Digital Forensics & Incident Response Summit & Training, taking place in Austin, TX is fast approaching. Register now using the code DFIR10 to save an extra 10% off your registration price. Pre-Summit Training Courses: June 20 - 25, 2012 SANS top notch Digital Forensic training with courses on network forensics, reverse engineering malware, digital … Continue reading Digital Forensics and Incident Response Summit 26-27 June in Austin Texas


Digital Forensic Case Leads : Flame On! The most sophisticated malware since...the last one, Higher Ed data breach and PowerShell forensics.

The big story this week (along with plenty of hyperbole) is Flame/Flamer/sKyWIper malware which has been evading detection for years and targeting systems in the Middle East. We also got some detailed and useful information from Apple in the form of an iOS Security Guide and Scripting Guy offers up several useful techniqes for using … Continue reading Digital Forensic Case Leads : Flame On! The most sophisticated malware since...the last one, Higher Ed data breach and PowerShell forensics.


How to Extract Flash Objects From Malicious MS Office Documents

Authors of malicious Microsoft Office document can execute code on the victim's system using several techniques, including VB macros and exploits. Another approach, which has been growing in popularity, involves embedded Flash programs in the Office document. These Flash programs can download or directly incorporate additional malicious code without the victim's knowledge. This note demonstrates several steps for extracting malicious Flash objects from Microsoft Office document files, so you can analyze them. We take a brief look at using strings, Pyew, hachoir-subfile, xxxswf.py and extract_swf.py tools for this purpose. Continue reading How to Extract Flash Objects From Malicious MS Office Documents


New version of Nmap, 60TB hard drives on the way, attacker trends, & a dissected web attack

This week's edition of Case Leads features updates to a popular network scanning tool and another application which may be useful in gaining access to encrypted documents. We also have an article detailing a recent attack against a website and a couple of papers that look at attack trends. There's news that hard drives could … Continue reading New version of Nmap, 60TB hard drives on the way, attacker trends, & a dissected web attack


Digital Forensic Case Leads: A Volume Shadow Copies Toolset Updated, Malware Binary Files Analysis Became Easier, Media and Mobile Forensics Analysis, And A Man Stabs His Computer!

Welcome to the Digital Forensic Case Leads. A Volume Shadow Copies toolset updated with a new great ability, Malware binary files analysis became easier, Media and Mobile forensics analysis,is your cloud data secure? Data killers, a man stab his computer!? Mobile phones cyberthieves, i-robot film in reality? All that and more, this week on Case … Continue reading Digital Forensic Case Leads: A Volume Shadow Copies Toolset Updated, Malware Binary Files Analysis Became Easier, Media and Mobile Forensics Analysis, And A Man Stabs His Computer!