SANS Digital Forensics and Incident Response Blog: Category - Computer Forensics

8 Articles for Learning Android Mobile Malware Analysis

Online attackers are paying increased attention to mobile devices. At the moment, the biggest mobile threat vector seems to take the form of trojan applications designed to run on a mobile phone and containing unwanted "features." If you come across a malicious program of that nature, how can you analyze it? This quick post notes you to several articles and tools that focus on examining inner-workings of Android mobile applications. Continue reading 8 Articles for Learning Android Mobile Malware Analysis


Malicious Code Analysis: Michael Murr Explains How and Why

Michael Murr authored the malicious code analysis section of SANS' FOR610: Reverse-Engineering Malware course. In his brief interview, he shares his perspective on the role that code analysis plays in the reverse-engineering process, and how one might get better at this aspect of malware forensics. Continue reading Malicious Code Analysis: Michael Murr Explains How and Why


Digital Forensics Case Leads: Triage, Live Incident Response, and Memory Forensics

Our focus this week is on live response, memory forensics, and triage. New tools from Mandiant (Redline) and HBGary (Responder Community Edition) jump into the live response and memory forensics arena and appear to hold some promise for those who need to delegate first response activities to IT support staff who don't have prior Incident … Continue reading Digital Forensics Case Leads: Triage, Live Incident Response, and Memory Forensics


Digital Forensics Case Leads: Tracking Takes Center Stage - Photos, Vehicles, and Phones

Photo forensics tops the news in this edition of Digital Case Leads. Valdimir Katalov, CEO of ElcomSoft is interviewed about his team's discovery that the implementation of many of the digital signature systems used by Canon and Nikon are faulty. His team demonstrated that they could forge "authentic" digital photos. How many courts rely upon … Continue reading Digital Forensics Case Leads: Tracking Takes Center Stage - Photos, Vehicles, and Phones


Cloud Investigation

Narrated Screencast Assures Investigator's Personal Accountability The collection of cloud evidence vexes investigators, whether they be police, auditors or consumer watchdogs. As more and more social and commercial interactions occur in the Internet cloud, new methods are needed for proving what happened. Traditional digital forensics emphasizes an investigator gaining access to data stored on a … Continue reading Cloud Investigation