SANS Digital Forensics and Incident Response Blog: Category - Computer Forensics

Hostile Forensics

Hostile Forensics Hello everybody to my first Blog post both here at SANS. I've released a whitepaper that may be of interest to people in the forensic community, and wanted to both share it with you and get feedback and criticism on it. Seeing a few great presentations today here at DefCon, namely by … Continue reading Hostile Forensics


More is less: why the mobile forensics race to support the most phones is the wrong race

Before I co-founded viaForensics, I was the Chief Information Officer for a large international packaging company. We had a fair number of smart phones and we occasionally needed to examine a phone. I knew little about digital forensics at the time and as I researched the various offerings, I was overwhelmed. My initial reaction was … Continue reading More is less: why the mobile forensics race to support the most phones is the wrong race


Digital Forensics Case Leads: SIFT 2.1, Volatility 2.0

Looks like I picked a great week to do my first Digital Forensics Case Leads post. With excellent new tools, great blog posts to tell you about and more, my job was easy. Tools: The one stop shop for digital forensic investigations has just arrived with lots of new forensic goodness in addition to the … Continue reading Digital Forensics Case Leads: SIFT 2.1, Volatility 2.0


Consortium of Digital Forensic Specialists Is Launched; Will Focus on Standards and Advocacy

Wakefield, Mass. - Aug. 4, 2011 - The Consortium of Digital Forensic Specialists (CDFS), a global non-profit industry group that aims to improve the digital forensic profession through unity, advocacy and standardization, announced today that it is now accepting membership applications from interested organizations and individuals. CDFS plans to develop and influence standards for … Continue reading Consortium of Digital Forensic Specialists Is Launched; Will Focus on Standards and Advocacy


Ultimate Windows Timelining

Recently, I was considering material for an internal knowledge transfer session on timelining, when it occurred to me that the subject matter was likely of broader interest, and so, without further ado... First, a note about the way I personally use timelines. I find them a great way to identify dated tidbits which one might … Continue reading Ultimate Windows Timelining