SANS Digital Forensics and Incident Response Blog: Category - Computer Forensics

Understanding EXT4 (Part 5): Large Extents

Hal Pomeranz, Deer Run Associates I've received a lot of positive feedback from the forensics community about this series of articles, but what's really rewarding is when other forensics researchers teach me something I didn't know. I recently received an email from a colleague in Europe who was looking at the extent trees for a … Continue reading Understanding EXT4 (Part 5): Large Extents


Free iPad2 or iPhone5 Promotion: FOR408 Windows Forensics in Toronto, CA

Join the following Community SANS Events and receive a $500 Apple gift card to be used towards the iPad of your choice (or perhaps towards a new iPhone 5!). Offer is eligible on regular priced tuition purchase only and you will receive the card during your class. Offer is valid on the following events. To … Continue reading Free iPad2 or iPhone5 Promotion: FOR408 Windows Forensics in Toronto, CA


Digital Forensics Case Leads: Viva Las Vegas Forensics at BlackHat, SecurityBSidesLV, and DefCon

The 103 degree heat hits you in the face like a baseball bat. Some people say that 103 degrees (in the shade) is "no big deal", because, as they continue, "it's a dry heat." Yea, well, my oven is a dry heat, and I don't stick my head in it. But that is exactly the … Continue reading Digital Forensics Case Leads: Viva Las Vegas Forensics at BlackHat, SecurityBSidesLV, and DefCon


Malware Analysis Challenge to Strengthen Your Skills

One of the best ways to learn how to analyze malicious software is to practice. Here's a set of challenge questions, building upon an earlier network forensics puzzle, so you can strengthen your malware analysis skills. Continue reading Malware Analysis Challenge to Strengthen Your Skills


Hostile Forensics

Hostile Forensics Hello everybody to my first Blog post both here at SANS. I've released a whitepaper that may be of interest to people in the forensic community, and wanted to both share it with you and get feedback and criticism on it. Seeing a few great presentations today here at DefCon, namely by … Continue reading Hostile Forensics