SANS Digital Forensics and Incident Response Blog: Category - Computer Forensics

Digital Forensics Case Leads: Hacking, Lawsuits and Bricking Phones

This week we have a new tool for malware analysis from the Honeynet Project. A informative story on the HBGary hack, Google getting hit with an antitrust suit as well as Microsoft bricking phones. Don't forget to check out the upcoming training events comingto a city near you. If you have an article, news story … Continue reading Digital Forensics Case Leads: Hacking, Lawsuits and Bricking Phones


Digital Forensics Case Leads: Intruder Alert! Intruder Alert!

Seven years ago, in the Preface to his TheTao of Network Security Monitoring, Richard Bejtlich wrote: Three words sum up my attitude toward stopping intruders:prevention eventually fails. Every single network can be compromised, either by an external attacker or by a rogue insider. Fast forward to 2011, and we find McAfee saying, in the executive … Continue reading Digital Forensics Case Leads: Intruder Alert! Intruder Alert!


Computer Forensics How-To: Microsoft Log Parser

As any incident responder will agree, you can never have too many logs. That is, of course, until you have to analyze them! I was recently on an engagement where our team had to review hundreds of gigabytes of logs looking for evidence of hacking activity. I was quickly reminded of how much I love … Continue reading Computer Forensics How-To: Microsoft Log Parser


Mac OS Forensics How-To: Simple RAM Acquisition and Analysis with Mac Memory Reader (Part 2)

In Part 1 of this post, I showed you how to acquire the contents of physical RAM of a Mac OS X computer using ATC-NY's Mac Memory Reader, and did some simple analysis using strings and grep searches. Today I'll provide a few more examples of what evidence can be found in a Mac OS X memory dump and how to extract it using file carving techniques. Continue reading Mac OS Forensics How-To: Simple RAM Acquisition and Analysis with Mac Memory Reader (Part 2)


Digital Forensics Case Leads: SMS botnet has ripples into mobile forensics; New iOS forensic tool; New USB encryption tool; Record a cop, go to jail? Free RSA Expo Pass and Free Beer!

This week's case leads features a new SMS botnet attack that has ripples into mobile forensics; Guidance Software releases an iOS forensics tool; an in-depth legal analysis of a recent ruling that could encourage lawyers to sue businesses due to downstream liability, and these lawsuits could involve considerable e-discovery; SIFT wins forensic award; PLUS get … Continue reading Digital Forensics Case Leads: SMS botnet has ripples into mobile forensics; New iOS forensic tool; New USB encryption tool; Record a cop, go to jail? Free RSA Expo Pass and Free Beer!