SANS Digital Forensics and Incident Response Blog: Category - Computer Forensics

Consortium of Digital Forensic Specialists Is Launched; Will Focus on Standards and Advocacy

Wakefield, Mass. - Aug. 4, 2011 - The Consortium of Digital Forensic Specialists (CDFS), a global non-profit industry group that aims to improve the digital forensic profession through unity, advocacy and standardization, announced today that it is now accepting membership applications from interested organizations and individuals. CDFS plans to develop and influence standards for … Continue reading Consortium of Digital Forensic Specialists Is Launched; Will Focus on Standards and Advocacy


Ultimate Windows Timelining

Recently, I was considering material for an internal knowledge transfer session on timelining, when it occurred to me that the subject matter was likely of broader interest, and so, without further ado... First, a note about the way I personally use timelines. I find them a great way to identify dated tidbits which one might … Continue reading Ultimate Windows Timelining


Digital Forensics Case Leads: Python Puts Snakes on the Case

This week, we feature a number of tools and articles that leverage Python to do the heavy lifting. So, if you're looking for scripts and applications to put the squeeze on some of that work load, this may be the article for you. In other news, Brian Krebs alerts us to new malware tricks, Jennifer … Continue reading Digital Forensics Case Leads: Python Puts Snakes on the Case


Digital Forensics Case Leads: RAM Capture Tool DumpIt, Monitoring Applications with Carbon Black, a Brief History of Malware, and the Impact of Technology in Trials

This week's edition of Case Leads features a couple of tools for Windows including a memory capture application, a kernel driver that monitors and reports on interesting processes, and a tool for exporting data from "the Cloud." We've also included a TED talk on the history of malware and we have an article on the … Continue reading Digital Forensics Case Leads: RAM Capture Tool DumpIt, Monitoring Applications with Carbon Black, a Brief History of Malware, and the Impact of Technology in Trials


Live Memory Forensic Analysis

As memory forensics has become better understood and more widely accomplished, tools have proliferated. More importantly, the capabilities of the tools have greatly improved. Traditionally, memory analysis has been the sole domain of Windows internals experts, but recent tools now make analysis feasible for the rank and file forensic examiner. Better interfaces, documentation, and built-in … Continue reading Live Memory Forensic Analysis