SANS Digital Forensics and Incident Response Blog: Category - Computer Forensics

New version of Nmap, 60TB hard drives on the way, attacker trends, & a dissected web attack

This week's edition of Case Leads features updates to a popular network scanning tool and another application which may be useful in gaining access to encrypted documents. We also have an article detailing a recent attack against a website and a couple of papers that look at attack trends. There's news that hard drives could … Continue reading New version of Nmap, 60TB hard drives on the way, attacker trends, & a dissected web attack


Digital Forensic Case Leads: A Volume Shadow Copies Toolset Updated, Malware Binary Files Analysis Became Easier, Media and Mobile Forensics Analysis, And A Man Stabs His Computer!

Welcome to the Digital Forensic Case Leads. A Volume Shadow Copies toolset updated with a new great ability, Malware binary files analysis became easier, Media and Mobile forensics analysis,is your cloud data secure? Data killers, a man stab his computer!? Mobile phones cyberthieves, i-robot film in reality? All that and more, this week on Case … Continue reading Digital Forensic Case Leads: A Volume Shadow Copies Toolset Updated, Malware Binary Files Analysis Became Easier, Media and Mobile Forensics Analysis, And A Man Stabs His Computer!


Digital Forensic Case Leads: Report from the Forensic Expert Witness Conference, Judge: Viewing CP might NOT be possession, Mac crypto bug helps forensicators

Welcome to Digital Forensics Case Leads. Another a busy week in digital forensics, incident response and the law. In this edition: The SANS Computer Forensics Blog was at the Forensic Expert Witness Annual Conference, and your humble reporter asked a seasoned member of the bench: What is it like for a Judge to sit on … Continue reading Digital Forensic Case Leads: Report from the Forensic Expert Witness Conference, Judge: Viewing CP might NOT be possession, Mac crypto bug helps forensicators


Writing Malware Reports

One of the more common questions that people ask in the FOR610 (reversing) class is about writing malware reports. Specifically what should go into a malware report? The Guiding Principle When I get asked this question my first response is usually "well why did you do the exam?" Besides potentially being a bit cheeky, the … Continue reading Writing Malware Reports


Digital Forensic Case Leads Getting caught via metadata, A Forensic Guide to Windows 8 and the New DFIR Wall Poster.

This week in Case Leads Apples security questions, Hacker gets caught via metadata, A DFIR wall poster will be available, a guide to Windows 8 forensics, a few tools have been updated and watching 182 superhero movies in under 5 minutes. If you have an item you'd like to contribute to Digital Forensics CaseLeads, please … Continue reading Digital Forensic Case Leads Getting caught via metadata, A Forensic Guide to Windows 8 and the New DFIR Wall Poster.