SANS Digital Forensics and Incident Response Blog: Category - Computer Forensics

Receive MacBook Air with SANS #DFIR Online Training

Through May 14, 2012 you will receive a 11" 64GB MacBook Air when you register and pay for a qualifying vLive course. To get your MacBook Air: Register for a qualifying vLive long course. Enter discount code 0424_MBAIR when you check out. Would you rather save some money than receive a MacBook Air? Take $850 … Continue reading Receive MacBook Air with SANS #DFIR Online Training


Finding (unknown) malware with DensityScout ...

Introduction The latest REMnux version has a new tool on board that's an completely unknown to you: "DensityScout". This article reveals all that you need to know to understand where and how this tool can save you hours of your precious time. NOTE: This article addresses build 42 of this tool. At the time of … Continue reading Finding (unknown) malware with DensityScout ...


Memory Forensics Cheat Sheet

I recently wrote on my personal blog about some of the new updates to the SANS Forensics 508 course and included a link to a new memory forensics cheat sheet. By popular request, I am posting a PDF versionof the cheat sheet here on the SANS blog. Feedback is appreciated! Chad Tilbury, GCFA, has … Continue reading Memory Forensics Cheat Sheet


Digital Forensic Case Leads: Medical Records Get Hacked, #DFIR Index, New and Updated Tools and More....

In this edition of SANS Case Leads we have petabytes of #DFIR tools, reads, news, and levity to stimulate your analytical juices and warm up your processors. Get your dongles out cause' AccessData has updates and we got more breaches to investigate! Dongleless? I got you covered with a brew of Python, Perl and EXE … Continue reading Digital Forensic Case Leads: Medical Records Get Hacked, #DFIR Index, New and Updated Tools and More....


Digital Forensics Case Leads: log2timeline, DFIR dogs, and cybersemantics

This week brings us a new version of log2timeline, Cindy Murphy explaining how we're all like dogs (it's not a bad thing, I swear), and Kyle Maxwell wading into the murky semantic waters of APT, cyberwar, and hackers. Just to tweak Kyle, I'll dub that part cybersemantics. You can also learn what Facebook turns over … Continue reading Digital Forensics Case Leads: log2timeline, DFIR dogs, and cybersemantics