SANS Digital Forensics and Incident Response Blog: Category - Computer Forensics

Digital Forensics Case Leads: Python Puts Snakes on the Case

This week, we feature a number of tools and articles that leverage Python to do the heavy lifting. So, if you're looking for scripts and applications to put the squeeze on some of that work load, this may be the article for you. In other news, Brian Krebs alerts us to new malware tricks, Jennifer … Continue reading Digital Forensics Case Leads: Python Puts Snakes on the Case


Digital Forensics Case Leads: RAM Capture Tool DumpIt, Monitoring Applications with Carbon Black, a Brief History of Malware, and the Impact of Technology in Trials

This week's edition of Case Leads features a couple of tools for Windows including a memory capture application, a kernel driver that monitors and reports on interesting processes, and a tool for exporting data from "the Cloud." We've also included a TED talk on the history of malware and we have an article on the … Continue reading Digital Forensics Case Leads: RAM Capture Tool DumpIt, Monitoring Applications with Carbon Black, a Brief History of Malware, and the Impact of Technology in Trials


Live Memory Forensic Analysis

As memory forensics has become better understood and more widely accomplished, tools have proliferated. More importantly, the capabilities of the tools have greatly improved. Traditionally, memory analysis has been the sole domain of Windows internals experts, but recent tools now make analysis feasible for the rank and file forensic examiner. Better interfaces, documentation, and built-in … Continue reading Live Memory Forensic Analysis


Digital Forensics Case Leads: Google+, LinkedIn and Hacking Vodafone's network

With LinkedIn scoring the number two spot in social networking and Google+ trying to get up to speed it will make it an interesting time for social networks. There are some good reads by Little Mac, Harlan Carvey and Chris Pogue. See what Dilbert and BOFH are up to as well as checking out the … Continue reading Digital Forensics Case Leads: Google+, LinkedIn and Hacking Vodafone's network


What makes an expert?

I have recently been involved in a case where the argument came to one of who is an expert. This is not an uncommon attack when the issues at hand are not really in dispute and the opposing team wants to focus the case on other things. It may seem strange that a person with … Continue reading What makes an expert?