SANS Digital Forensics and Incident Response Blog: Category - Computer Forensics

Digital Forensics Case Leads: File Systems, Memory Forensics, and a Pedophile Ring Dismantled

This week, we have a wealth of File System information, new and old, updates to the popular and versatile RegRipper program, and some very promising research in the area of memory forensics. But the best news, by far, is the success of Operation Rescue in taking down a substantial world-wild child exploitation ring. We applaud … Continue reading Digital Forensics Case Leads: File Systems, Memory Forensics, and a Pedophile Ring Dismantled


Understanding EXT4 (Part 2): Timestamps

Hal Pomeranz, Deer Run Associates Well I certainly didn't plan on three months elapsing between my last post on EXT4 and this follow-up, but time marches on. That was supposed to be a clever segue into the topic for this installment- the new timestamp format in the EXT4 inode. OK, I know what you all … Continue reading Understanding EXT4 (Part 2): Timestamps


Digital Forensics Case Leads: Pwn2Own 2011 underway

Last week I was in Boston teaching SANS FOR 408: Computer Forensic Essentials, now renamed to Windows Forensics In-Depth. Thank you to all those in my class, it was fun. Huge thanks to my facilitator, Mike. I mention the course here, because I had a mix of students from experienced veterans to those brand new … Continue reading Digital Forensics Case Leads: Pwn2Own 2011 underway


Digital Forensics Case Leads: Do SSD Drives Auto Destroy Forensic Evidence? Industrial Espionage, and Cloud Computing Forensics

Solid State Drives (SSD) Forensics continue as the top story this week. Two University researchers published shocking research that indicates that the firmware in SSDs can destroy forensic evidence as part of it's everyday functionality. Details in MUST Reads (upgrading this week from "Good Reads"). Apple made big news with the launch of new tablet … Continue reading Digital Forensics Case Leads: Do SSD Drives Auto Destroy Forensic Evidence? Industrial Espionage, and Cloud Computing Forensics


Digital Forensics Case Leads: Hacking, Lawsuits and Bricking Phones

This week we have a new tool for malware analysis from the Honeynet Project. A informative story on the HBGary hack, Google getting hit with an antitrust suit as well as Microsoft bricking phones. Don't forget to check out the upcoming training events comingto a city near you. If you have an article, news story … Continue reading Digital Forensics Case Leads: Hacking, Lawsuits and Bricking Phones