SANS Digital Forensics and Incident Response Blog: Category - Computer Forensics

Digital Forensics: Dropbox

Update: Thanks to everyone for the feedback. I'm glad the info is useful and interesting - mission complete here. For everyone who asked about the full article, it's now available on Forensic Focus: http://www.forensicfocus.com/dropbox-forensics Dropbox is a web-based file synchronization and sharing service. While it can be a backup of sorts, it's really geared toward … Continue reading Digital Forensics: Dropbox


Digital Forensics Case Leads: Androids, Breaches, & Clouds All Around

Welcome to this week's edition of Case Leads! Data breaches continue this week and Apple announces the iCloud while others speculate on the impact of the Cloud to Digital Forensics. We have a data recovery USB "stick" for Android phones, a book on Android forensics, and a fragmented photo carving utility. As this week's edition … Continue reading Digital Forensics Case Leads: Androids, Breaches, & Clouds All Around


Professional Development in Digital Forensics and Incident Response

Professionals looking to enter and grow in the field of digital forensics and incident response (DFIR) face many challenges. Organizations often focus their recruitment efforts on experienced forensicators, rather than investing into personnel who could mature as part of the group. Individuals who found a way to enter this field often struggle to identify mentors … Continue reading Professional Development in Digital Forensics and Incident Response


How to Mount Dirty EXT4 File Systems

Hal Pomeranz, Deer Run Associates As some of you may remember, I've previously written about a technique for mounting EXT3 file system images with the read-only option, even when power was abruptly removed from the system- as is typical during forensic seizure- and the file system is still "dirty". In these cases, my technique involves … Continue reading How to Mount Dirty EXT4 File Systems


Digital Forensics Case Leads: Apple v Weiner on Tweeter, SANs DFIR Summit videos available and a new version of Log2Timeline

There were several data breaches announced and/or confirmed this week. Log2timeline and Windows Event log parser were released and Weiner admits to wrongful tweeting. The SANs Digital Forensic and Incident Response summit videos can now be viewed and a new section labeled Call for Papers has been added. If you have an item you'd like … Continue reading Digital Forensics Case Leads: Apple v Weiner on Tweeter, SANs DFIR Summit videos available and a new version of Log2Timeline