SANS Digital Forensics and Incident Response Blog: Category - Computer Forensics

Digital Forensics Case Leads: New version of REMnux, tools for imaging iPhone and Android devices, and a list of "Best Reads" from 2011

This week's edition of Case Leads features a new version of REMnux for malware analysis and we have two tools for collecting forensic images from iPhone and Android devices. We also have a couple of articles on Android memory analysis and the use of Open Source digital forensics tools to validate commercial tools. As always, … Continue reading Digital Forensics Case Leads: New version of REMnux, tools for imaging iPhone and Android devices, and a list of "Best Reads" from 2011


Metadata distributions in Computer Forensics

After my previous post, on using uid and gid distributions to spot malicious code on *nix file systems, I took to working on some code to convert *nix "modes" (The Sleuth Kit bodyfile refers to file type and permission information as mode) from fls bodyfiles to their octal representations and then to calculate averages and … Continue reading Metadata distributions in Computer Forensics


Network Forensics (FOR558) in Arlington, VA

Now that the holidays are over, it's time to re-focus on challenges ahead. That includes training to help you to successfully tackle those tasks ahead in the new year. It's an ideal time to join Phil Hagen in Arlington, VA for FOR558: Network Forensics. This course has been in high demand, and now you'll be … Continue reading Network Forensics (FOR558) in Arlington, VA


Digital Forensics Case Leads: Hacking into the New Year, and a Virus Causes a Man to Get a New Trial

Happy New Year from the Case Leads team! In this first Case Leads of the year several organizations have been hacked, a man gets a new trial because of a computer virus and Windows 8 will have a reset button. Several tools have been updated and introduced and some good reads along with a little … Continue reading Digital Forensics Case Leads: Hacking into the New Year, and a Virus Causes a Man to Get a New Trial


Reverse Engineering Malware - FOR610 - in Phoenix, AZ

In February, Hal Pomeranz will be in Phoenix to teach FOR610: Reverse Engineering Malware. This advanced course at the SANS Institute has been incredibly valuable to investigators worldwide trying to fight the Advanced Persistent Threat (APT). The course runs from Monday, February 13, 2012 to Friday, February 17, 2012. "This was a great course that … Continue reading Reverse Engineering Malware - FOR610 - in Phoenix, AZ