SANS Digital Forensics and Incident Response Blog: Category - Computer Forensics

Digital Forensic SIFTing: SUPER Timeline Creation using log2timeline

This is a series of blog articles that utilize the SIFT Workstation. The free SIFT workstation, can match any modern forensic tool suite, is also directly featured and taught in SANS' Advanced Computer Forensic Analysis and Incident Response course (FOR 508). SIFT demonstrates that advanced investigations and responding to intrusions can be accomplished using cutting-edge … Continue reading Digital Forensic SIFTing: SUPER Timeline Creation using log2timeline


How to Make a Difference in the Digital Forensics and Incident Response Community

Over the years of teaching, I have found that there is no shortage of talent in our DFIR community. There are so many individuals that are incredibly sharp, truly skilled, and solving critical cases for their organizations. Sometimes we find that we become so focused on solving cases that we forget that we could figure … Continue reading How to Make a Difference in the Digital Forensics and Incident Response Community


Winter 2012 Digital Forensic and Incident Response Community Events

UPCOMING CLASS LOCATIONS IN COMMUNITY SANS FOR508 - ADVANCED FORENSICS AND IR- SAN ANTONIO - Mon, Jan 30, 2012 - Sat, Feb 4, 2012 FOR408 WINDOWS FORENSICS - MIAMI - Mon, Feb 6, 2012 - Sat, Feb 11, 2012 FOR408 - WINDOWS FORENSICS - LOS ANGELES - Mon, Feb 6, 2012 - Sat, Feb 11, … Continue reading Winter 2012 Digital Forensic and Incident Response Community Events


Digital Forensics Case Leads: Evolving Malware Market, Feint Attacks, and Malicious Hacker Psychology

This week's edition of Case Leads features tools to discover MD5 hashes and extract Flash files from PDFs. We also have recommendations on network defense from researchers who have been studying the psychology of cyber attackers. There's evidence of service consolidation in the malware market and the FBI cautions that denial of service attacks are … Continue reading Digital Forensics Case Leads: Evolving Malware Market, Feint Attacks, and Malicious Hacker Psychology


SIFT Workstation 2.12 Release and ChangeLog

Due to several issues with libewf and minor bugs found in log2timeline and log2timline-sift, we have released a new version of the SIFT Workstation. This is not a major release, but I did have time to go and refresh many packages built in it. The next release will update the ubuntu backend and be a … Continue reading SIFT Workstation 2.12 Release and ChangeLog