SANS Digital Forensics and Incident Response Blog: Category - Computer Forensics

Digital Forensics Case Leads: Tons o' tools, a new challenge, and hard drive steganography

This week we have a number of new and updated tools, a new forensics contest, and a new steganographic technique. If you have an item you'd like to contribute to Digital Forensics Case Leads, please send it to caseleads@sans.org. Tools: Sebastian Porst has posted a collection of tools for analysis of malicious SWF files. The … Continue reading Digital Forensics Case Leads: Tons o' tools, a new challenge, and hard drive steganography


Data reduction redux and map-reduce

A few days ago I wrote a post about applying the principle of least frequent occurrence to string searches in forensics. This post will discuss how long that process may take and at the end, will show some significant ways to speed up the process. In the previous post I used the following compound command … Continue reading Data reduction redux and map-reduce


Michigan TrackerGate: ACLU Speaks

The row continutes between the Michigan ACLU and the Michigan law enforcement. The Michigan ACLU leveled the charge earlier this week that Michigan law enforement was asking for hundreds of thousands of dollars for records related to the possible forensic imaging of mobile devices using the well-known Cellebrite UFED. Michigan law enforcement has responded. In … Continue reading Michigan TrackerGate: ACLU Speaks


Least frequently occurring strings?

My phone rang. It was a small business owner looking for some help. He had a system he wanted me to take a look at, but was light on specifics. I asked to speak to his IT person. He laughed and said he was the IT person and that he knew next to nothing about … Continue reading Least frequently occurring strings?


Digital Forensics Case Leads: ACLU, Michigan State Police, and Cellebrite

This week, the dispute between the ACLU of Michigan and the Michigan State Police engages most of my attention here. But there are a lot of other interesting items this week, including Verizon's 2011 Data Breach Investigations Report, one person's stab at what to do about Chinese espionage, and new information about the location data … Continue reading Digital Forensics Case Leads: ACLU, Michigan State Police, and Cellebrite