SANS Digital Forensics and Incident Response Blog: Category - Computer Forensics

Cloud Investigation

Narrated Screencast Assures Investigator's Personal Accountability The collection of cloud evidence vexes investigators, whether they be police, auditors or consumer watchdogs. As more and more social and commercial interactions occur in the Internet cloud, new methods are needed for proving what happened. Traditional digital forensics emphasizes an investigator gaining access to data stored on a … Continue reading Cloud Investigation


Digital Forensics Case Leads: Oracle is on the Warpath, Anonymous accused of PlayStation hack.

Oracle is on the warpath with a subpoena for Apache, Anonymous is accused of hacking the PlayStation network. The Forensic 4Cast nominees are out, interviews with several SANS Instructors, FireFox browser forensics and what skeletons are in your ESI closet. If you have an item you'd like to contribute to Digital Forensics Case Leads, please … Continue reading Digital Forensics Case Leads: Oracle is on the Warpath, Anonymous accused of PlayStation hack.


How to Extract Flash Objects from Malicious PDF Files

Authors of malicious PDF documents have often relied on JavaScript embedded in the PDF file to produce more reliable Adobe Reader exploits. The attackers now also embed Flash programs, which incorporate ActionScript, in a similar manner. This note demonstrates several steps for extracting malicious Flash from PDF files, so you can analyze it for malware artifacts. We will take a brief look at using pdf-parser, PDF Stream Dumper and SWFDump for this purpose. Continue reading How to Extract Flash Objects from Malicious PDF Files


Digital Forensics Case Leads: Tons o' tools, a new challenge, and hard drive steganography

This week we have a number of new and updated tools, a new forensics contest, and a new steganographic technique. If you have an item you'd like to contribute to Digital Forensics Case Leads, please send it to caseleads@sans.org. Tools: Sebastian Porst has posted a collection of tools for analysis of malicious SWF files. The … Continue reading Digital Forensics Case Leads: Tons o' tools, a new challenge, and hard drive steganography


Data reduction redux and map-reduce

A few days ago I wrote a post about applying the principle of least frequent occurrence to string searches in forensics. This post will discuss how long that process may take and at the end, will show some significant ways to speed up the process. In the previous post I used the following compound command … Continue reading Data reduction redux and map-reduce