SANS Digital Forensics and Incident Response Blog: Category - Computer Forensics

How to Mount Dirty EXT4 File Systems

Hal Pomeranz, Deer Run Associates As some of you may remember, I've previously written about a technique for mounting EXT3 file system images with the read-only option, even when power was abruptly removed from the system- as is typical during forensic seizure- and the file system is still "dirty". In these cases, my technique involves … Continue reading How to Mount Dirty EXT4 File Systems


Digital Forensics Case Leads: Apple v Weiner on Tweeter, SANs DFIR Summit videos available and a new version of Log2Timeline

There were several data breaches announced and/or confirmed this week. Log2timeline and Windows Event log parser were released and Weiner admits to wrongful tweeting. The SANs Digital Forensic and Incident Response summit videos can now be viewed and a new section labeled Call for Papers has been added. If you have an item you'd like … Continue reading Digital Forensics Case Leads: Apple v Weiner on Tweeter, SANs DFIR Summit videos available and a new version of Log2Timeline


Volume Shadow Copies and LogParser

Volume Shadow Copies (VSCs) can contain a treasure trove of information - so much information that if not treated correctly, they can become too cumbersome for many investigators. (Note: if you are unfamiliar with VSCs, Rob Lee has a great write-up about the subject.) One way to make the examination of VSCs a little less … Continue reading Volume Shadow Copies and LogParser


8 Articles for Learning Android Mobile Malware Analysis

Online attackers are paying increased attention to mobile devices. At the moment, the biggest mobile threat vector seems to take the form of trojan applications designed to run on a mobile phone and containing unwanted "features." If you come across a malicious program of that nature, how can you analyze it? This quick post notes you to several articles and tools that focus on examining inner-workings of Android mobile applications. Continue reading 8 Articles for Learning Android Mobile Malware Analysis


Malicious Code Analysis: Michael Murr Explains How and Why

Michael Murr authored the malicious code analysis section of SANS' FOR610: Reverse-Engineering Malware course. In his brief interview, he shares his perspective on the role that code analysis plays in the reverse-engineering process, and how one might get better at this aspect of malware forensics. Continue reading Malicious Code Analysis: Michael Murr Explains How and Why