SANS Digital Forensics and Incident Response Blog: Category - Computer Forensics

Digital Forensics Case Leads: RAM Capture Tool DumpIt, Monitoring Applications with Carbon Black, a Brief History of Malware, and the Impact of Technology in Trials

This week's edition of Case Leads features a couple of tools for Windows including a memory capture application, a kernel driver that monitors and reports on interesting processes, and a tool for exporting data from "the Cloud." We've also included a TED talk on the history of malware and we have an article on the … Continue reading Digital Forensics Case Leads: RAM Capture Tool DumpIt, Monitoring Applications with Carbon Black, a Brief History of Malware, and the Impact of Technology in Trials


Live Memory Forensic Analysis

As memory forensics has become better understood and more widely accomplished, tools have proliferated. More importantly, the capabilities of the tools have greatly improved. Traditionally, memory analysis has been the sole domain of Windows internals experts, but recent tools now make analysis feasible for the rank and file forensic examiner. Better interfaces, documentation, and built-in … Continue reading Live Memory Forensic Analysis


Digital Forensics Case Leads: Google+, LinkedIn and Hacking Vodafone's network

With LinkedIn scoring the number two spot in social networking and Google+ trying to get up to speed it will make it an interesting time for social networks. There are some good reads by Little Mac, Harlan Carvey and Chris Pogue. See what Dilbert and BOFH are up to as well as checking out the … Continue reading Digital Forensics Case Leads: Google+, LinkedIn and Hacking Vodafone's network


What makes an expert?

I have recently been involved in a case where the argument came to one of who is an expert. This is not an uncommon attack when the issues at hand are not really in dispute and the opposing team wants to focus the case on other things. It may seem strange that a person with … Continue reading What makes an expert?


Windows Forensics In Depth — Ottawa, ON

SANS is coming to Ottawa, Ontario - August 28 - September 2, 2011. Among the courses offered will be Forensics 408: Computer Forensic Investigations - Windows In-Depth taught by Dave Hull who has nearly two decades of experience in IT and Information Security. In 2007 he founded Trusted Signal, an information security consultancy focused on … Continue reading Windows Forensics In Depth — Ottawa, ON