SANS Digital Forensics and Incident Response Blog: Category - Computer Forensics

Digital Forensics Case Leads: ReFS, Ex01, and DFIROnline

This week's cornucopia of forensic goodness so thoroughly defies summary that I nearly gave up writing an introduction. But a few things do merit particular emphasis. First, the second DFIROnline meetup takes place tonightat 20:00 EST. Luminaries Harlan Carvey and Eric Huber will be presenting. Before then, however, you may want to take some time … Continue reading Digital Forensics Case Leads: ReFS, Ex01, and DFIROnline


Thoughts on Malware, Digital Forensics and Data Breaches by Hal Pomeranz

Hal Pomeranz shares his insights on malicious software in the context of data breaches, incident response and digital forensics. Hal's expertise spans several areas of information security, and most recently and most recently has focused on forensics. He teaches several courses at SANS Institute, including Reverse-Engineering Malware. Continue reading Thoughts on Malware, Digital Forensics and Data Breaches by Hal Pomeranz


The Color of a Forensicator's Parachute: Professional Development and Retainment

Next week is DoD Cybercrime and I put in to lead a panel that I feel is often overlooked by many in the community. Proper professional development of our DFIR staff. As a result, I submitted a talk to lead a panel discussion and as a result, On Thursday, 26 January I am leading a … Continue reading The Color of a Forensicator's Parachute: Professional Development and Retainment


Digital Forensics Case Leads: New version of REMnux, tools for imaging iPhone and Android devices, and a list of "Best Reads" from 2011

This week's edition of Case Leads features a new version of REMnux for malware analysis and we have two tools for collecting forensic images from iPhone and Android devices. We also have a couple of articles on Android memory analysis and the use of Open Source digital forensics tools to validate commercial tools. As always, … Continue reading Digital Forensics Case Leads: New version of REMnux, tools for imaging iPhone and Android devices, and a list of "Best Reads" from 2011


Metadata distributions in Computer Forensics

After my previous post, on using uid and gid distributions to spot malicious code on *nix file systems, I took to working on some code to convert *nix "modes" (The Sleuth Kit bodyfile refers to file type and permission information as mode) from fls bodyfiles to their octal representations and then to calculate averages and … Continue reading Metadata distributions in Computer Forensics