SANS Digital Forensics and Incident Response Blog: Category - Computer Forensics

Digital Forensics Case Leads: Capturing Mac Memory, the Shifting Threat Landscape, Forensics Tool Updates, and Zero Day: A Novel

This week's edition of Case Leads features new and updated forensics tools, a report on changes in attack patterns, a novel from what may seem like an unlikely source and thoughts on timestamp manipulations. The ability to create a memory image on OS X has been lacking until now. A recently released report suggests that … Continue reading Digital Forensics Case Leads: Capturing Mac Memory, the Shifting Threat Landscape, Forensics Tool Updates, and Zero Day: A Novel


How to Preserve Cyber Investigation Evidence | Screencast Tool

Witness Signature Commonly, a cyber investigation examines how a digital resource - like an app, a hyperlink or a web search box — works. Example: Investigator observes that when mouse clicks on hyperlink X, browser goes to web page containing content Y. As an investigator observes how a resource works, he wants to record … Continue reading How to Preserve Cyber Investigation Evidence | Screencast Tool


Erasing drives should be quick and easy

In the past years, I have seen many many false and misleading statements about what is needed to securely erase or wipe a hard drive. The FUD surrounding this topic with many still purporting to have a means of recovering data using SEMs and AFM (electron microscopy will do) is incredible. The problem is that … Continue reading Erasing drives should be quick and easy


Digital Forensics: PS3 Linux file system analysis and network forensics

Let me start by noting how much fun I had while investigating and analyzing everything for this forensics challenge, I was able to apply many different techniques, from analyzing logs to file carving and network forensics. It's the 2009 forensics challenge from DFRWS and you can find the description, system images and pcap files at … Continue reading Digital Forensics: PS3 Linux file system analysis and network forensics


Digital Forensics Case Leads: REMnux, Stuxnet, Facebook and more

This week we have Lenny Zeltser releasing his awesome tool REMnux V2 along with some good blog posts by Brad Garnett, Andrew Hay and Harlan Carvey and the Yahoo group Win4n6. In the news we have more Stuxnet and privacy issues with Facebook. Don't forget to check out the upcoming training events comingto a city … Continue reading Digital Forensics Case Leads: REMnux, Stuxnet, Facebook and more