SANS Digital Forensics and Incident Response Blog: Category - Computer Forensics

Digital Forensic Case Leads Getting caught via metadata, A Forensic Guide to Windows 8 and the New DFIR Wall Poster.

This week in Case Leads Apples security questions, Hacker gets caught via metadata, A DFIR wall poster will be available, a guide to Windows 8 forensics, a few tools have been updated and watching 182 superhero movies in under 5 minutes. If you have an item you'd like to contribute to Digital Forensics CaseLeads, please … Continue reading Digital Forensic Case Leads Getting caught via metadata, A Forensic Guide to Windows 8 and the New DFIR Wall Poster.


SANS DFIR Wall Poster Preview

The SANS DFIR Wall Poster is complete. The poster is our first dedicated specifically for Digital Forensics and Incident Response analysts. The poster will be sent to your home as a part of the SANS NS2012 course catalog. How Do I Receive the Poster? To sign up to receive the poster automatically, you will need … Continue reading SANS DFIR Wall Poster Preview


Digital Forensics Case Leads: MBR Parser, VSC Toolset GUI, Memory Forensics Cheat Sheet & other goodness......

In this week's SANS Case Leads, we have a python script for parsing the Master Boot Record, a question of USB drive serial number uniqueness, some VSC goodness and some other stuff ;-) If you have an item you'd like to contribute to Digital Forensics Case Leads, please send it to caseleads@sans.org Tools: Jamie Levy … Continue reading Digital Forensics Case Leads: MBR Parser, VSC Toolset GUI, Memory Forensics Cheat Sheet & other goodness......


Receive MacBook Air with SANS #DFIR Online Training

Through May 14, 2012 you will receive a 11" 64GB MacBook Air when you register and pay for a qualifying vLive course. To get your MacBook Air: Register for a qualifying vLive long course. Enter discount code 0424_MBAIR when you check out. Would you rather save some money than receive a MacBook Air? Take $850 … Continue reading Receive MacBook Air with SANS #DFIR Online Training


Finding (unknown) malware with DensityScout ...

Introduction The latest REMnux version has a new tool on board that's an completely unknown to you: "DensityScout". This article reveals all that you need to know to understand where and how this tool can save you hours of your precious time. NOTE: This article addresses build 42 of this tool. At the time of … Continue reading Finding (unknown) malware with DensityScout ...