SANS Digital Forensics and Incident Response Blog: Category - Computer Forensics

Digital Forensic SIFTing: String Searching and File Carving using srch_strings_wrap

The latest version of the SANS Investigative Forensic Toolkit (SIFT 2.12) contains a few scripts I wrote, and Rob asked me to write a post for the blog going over their functionality. The scripts add on to the functionality provided by The Sleuth Kit's srch_strings to provide additional information on string matches and automatically carve … Continue reading Digital Forensic SIFTing: String Searching and File Carving using srch_strings_wrap


Digital Forensics Case Leads: Forensicsball, Forensic security analysis of Google Wallet, Sprint Disables CIQ

Innovations in timeline forensics, a forensic security analysis of the Google Wallet, and Sprint disables the CarrierIQ "root kit" top this edition of Digital Case Leads. In the 2011 Hollywood blockbuster Moneyball, Brad Pitt plays the part of the real-life Billy Bean, the manager of the Oakland A's baseball team. In the film, Brad Pitt's … Continue reading Digital Forensics Case Leads: Forensicsball, Forensic security analysis of Google Wallet, Sprint Disables CIQ


Digital Forensics SIFT'ing: Cheating Timelines with log2timeline

Hopefully at one point in time everyone has experienced the enjoyment of a teacher that allowed them to use a "cheat sheet" on a test. For the unfamiliar, the concept is simple; take an 8.5 x 11" piece of paper, cram as much information as you can on both sides, and use it as an … Continue reading Digital Forensics SIFT'ing: Cheating Timelines with log2timeline


DFIR SANS360 Event is Today!

SANS360 is finally here! Looking forward to seeing everyone tonight. If you are not in the DC Area, you can sign on and listen live tonight at 630 PM EST where the entire event will be streamed live. If you are in the area, please join us at the hotel for a good night for … Continue reading DFIR SANS360 Event is Today!


Digital Forensics Case Leads: SANS Goes Social, Fyodor Gets Mad and C|Net Apologizes

This week's Case Leads is chock full of forensic goodness. SANS Forensics goes social on both Facebook and Google+. Also, C|Net's Download.com ticks off Fyodor, If you have an item you'd like to contribute to Digital Forensics Case Leads, please send it to caseleads@sans.org. Tools: The Giant Persistent Friend, Rob Lee, announced that SIFT 2.12 … Continue reading Digital Forensics Case Leads: SANS Goes Social, Fyodor Gets Mad and C|Net Apologizes