SANS Digital Forensics and Incident Response Blog: Category - Computer Forensics

Undercover Agents Record Social Media Evidence

How should investigators record fast-changing online evidence, such as social media? Case in point: The Mercer County (New Jersey) Prosecutor's office followed hundreds of street gang affiliates on Myspace. How did it do that economically? Instead of using seasoned, highly-trained police investigators, it commissioned a team of mere interns. The interns, acting as undercover agents, … Continue reading Undercover Agents Record Social Media Evidence


Digital Forensics Case Leads: Data Extraction, Cyber Threat Reports, APTs and Duqu, a Stuxnet Variant

This week's edition of Case Leads features updates to applications for bulk data extraction and processing mobile devices. We also have a couple of reports from the researchers at Georgia Tech and Microsoft that address emerging and current cyber threats. We close out this week's Case Leads with a few suggestions on how to address … Continue reading Digital Forensics Case Leads: Data Extraction, Cyber Threat Reports, APTs and Duqu, a Stuxnet Variant


Digital Forensics Case Leads: Passwords in Wills, Google Chrome a Virus, Cybercrime Unit Saving Money and Updates for Sleuthkit and SSDeep.

In this version we have Microsoft classifying Google Chrome as a virus, passwords being added to wills and the Metropolitan Police Cybercrime unit saving money for the citizens of the UK. Several tools have been updated and some good reads along with a little levity and training/conferences as well as call for papers. If you … Continue reading Digital Forensics Case Leads: Passwords in Wills, Google Chrome a Virus, Cybercrime Unit Saving Money and Updates for Sleuthkit and SSDeep.


Free laptop with SANS FOR508 Advanced Forensics and IR vLive!

Just in time for Christmas, get a quad core Dell 15" laptop when you sign up for SANS vLive. If you have end of year funds left, vLive is a fantastic way to take a SANS class. Chad Tilbury will be teaching SANS Forensics 508: Advanced Forensics and Incident Response for 6 weeks starting … Continue reading Free laptop with SANS FOR508 Advanced Forensics and IR vLive!


OSX Lion User Interface Preservation Analysis

Recently I've updated to OS X Lion (10.7) and started testing my incident response scripts on the system. I started looking through new default folders created for users and ran across a folder called "Saved Application State." I began researching this folder and determined that it's used to store settings for a new feature called … Continue reading OSX Lion User Interface Preservation Analysis