SANS Digital Forensics and Incident Response Blog: Category - Computer Forensics

Using Investigator Video as Evidence in Court

On this blog I previously published ideas for capturing cyber investigation evidence, such as evidence showing what a hyperlink on the web does at a particular point in time or evidence showing what a dynamic web page displayed at a given moment. I demonstrated a split-screen video, where the investigator records his words and … Continue reading Using Investigator Video as Evidence in Court


Case Leads: The Digital Forensics Case of the Decade? Digital Forensics at US Border Crossings; Serious Flaw in Enterprise Firewalls? The Feds Re-examine DFIR As Data Shifts To The Cloud

The digital forensic and ediscovery case of the decade could describe the litigation between Facebook and a man that claims he has a contract and emails from Harvard Student Mark Zukerberg for 50% ownership of "The Face Book" as an early-stage investor. There are more questions than answers in this case right now, among them: … Continue reading Case Leads: The Digital Forensics Case of the Decade? Digital Forensics at US Border Crossings; Serious Flaw in Enterprise Firewalls? The Feds Re-examine DFIR As Data Shifts To The Cloud


Context-Specific Signatures for Computer Security Incident Response

Despite the limitations of signatures in generic situations, context-specific signatures can help when responding to a computer security incident. The process starts with the identification of the attributes that act as signs of the incident. The next step involves codifying these signs as custom signatures to help the organization assess the scope of the incident and later contain it. Continue reading Context-Specific Signatures for Computer Security Incident Response


Understanding EXT4 (Part 4): Demolition Derby

Hal Pomeranz, Deer Run Associates In Part 3 of this series we looked at the EXT4 extent tree structure for dealing with very large or very fragmented files- basically any situation where you need more than the four extent structures available in the inode. Go back and read that part now if you haven't already, … Continue reading Understanding EXT4 (Part 4): Demolition Derby


Digital Forensics Case Leads: Visualization Tools, Information Security in Law Firms, Hack Attacks, another Stuxnet Analysis and more

This week's edition of Case Leads features two Twitter visualization tools, a new RegRipper plug-in, a podcast with Rob Lee and details on attacks against Oracle and EMC. We also have another Stuxnet analysis, news on the acquisition of NetWitness, and a study on a new Black Market currency. As always, if you have an … Continue reading Digital Forensics Case Leads: Visualization Tools, Information Security in Law Firms, Hack Attacks, another Stuxnet Analysis and more