SANS Digital Forensics and Incident Response Blog: Category - Computer Forensics

Big Brother Forensics: Device Tracking Using Browser-Based Artifacts (Part 3)

Application Specific Geo-location Web applications can often leave their own geo-location clues similar to those found via the mapping services. While mapping artifacts are largely consistent, geo-artifacts created by applications are more haphazard. Thus the number of available artifacts can be as numerous as the applications using geo-location services. To illustrate this, we will analyze … Continue reading Big Brother Forensics: Device Tracking Using Browser-Based Artifacts (Part 3)


April 19th: Community Night at SANS NoVA!

Mike Wilkinson's DFIROnline Meetups continue to provide huge value to the community. The next one happens to fall on April 19th, during the SANS Northern Virginia event. We thought it would be fun to provide a space for people to gather and mingle while watching the presentations. If you happen to be in the area, … Continue reading April 19th: Community Night at SANS NoVA!


Big Brother Forensics: Device Tracking Using Browser-Based Artifacts (Part 2)

Understanding Browser Artifacts Geo-location artifacts demonstrate an interesting concept with regard to browser-based evidence. Among the various browser artifacts, Internet history is a fan favorite because it provides such rich information. There is no easier place to look to identify sites visited by a specific user at a specific time.Browser history is so useful, a … Continue reading Big Brother Forensics: Device Tracking Using Browser-Based Artifacts (Part 2)


Is Anti-Virus Really Dead? A Real-World Simulation Created for Forensic Data Yields Surprising Results

One of the biggest complaints that many have in the DFIR community is the lack of realistic data to learn from. Starting a year ago, I planned to change that through creating a realistic scenario based on experiences from the entire cadre of instructors at SANS and additional experts who reviewed and advised the attack … Continue reading Is Anti-Virus Really Dead? A Real-World Simulation Created for Forensic Data Yields Surprising Results


Big Brother Forensics: Device Tracking Using Browser-Based Artifacts (Part 1)

[Author's Note: Geo-location artifacts have been a frequent focus of my research, and I am amazed at how quickly they are permeating operating systems, applications and file formats.In the fall of 2011 I had the pleasure of writing an article for Digital Forensics Magazine focused on browser-based geo artifacts, where much of this series was … Continue reading Big Brother Forensics: Device Tracking Using Browser-Based Artifacts (Part 1)