SANS Digital Forensics and Incident Response Blog: Category - Computer Forensics

Boston, MA hosts Community SANS Forensics Essentials, February 28 - March 4, 2011

SANS is pleased to announce Community SANS Forensics Boston, MA where we will teach Forensics 408: SANS Computer Forensics Essentials, February 28 - March4, 2011. For complete course description, event details, and to register, please visit (https://www.sans.org/boston-2011-cs). Attendees will earn 36 CPEs at the completion of this five day training event. Save $400 on tuition … Continue reading Boston, MA hosts Community SANS Forensics Essentials, February 28 - March 4, 2011


Understanding EXT4 (Part 1): Extents

Hal Pomeranz, Deer Run Associates EXT4 is a next generation file system replacement for the EXT2/EXT3 family of Linux file systems. It was accepted as "stable" in the Linux 2.6.28 kernel in October 2008[1]. As of this writing, it's starting to appear as the default file system in newer versions of several Linux distros. While … Continue reading Understanding EXT4 (Part 1): Extents


Digital Forensics: How to configure Windows Investigative Workstations

I like Windows. There... I said it. I understand that this statement will probably come with the requisite beatings, but I honestly enjoy using Windows on a day to day basis more than other operating systems and am willing to take whatever flack comes my way over it (and yes, my team at work loves … Continue reading Digital Forensics: How to configure Windows Investigative Workstations


Digital Forensics Case Leads: Incident Response Hits The Mainstream; Powerful Tech Fighting CP; Acquisition Errors Can Cost Case

Incident Response Lead Story: Why it pays to have incident response in a Wikileaks world. The Wikileaks story is having a ripple effect that shows no sign of abating. As of this writing, according to a spokesperson for PandaSecurity: the following web sites have been attacked in the name of defending the actions of Wikileaks: … Continue reading Digital Forensics Case Leads: Incident Response Hits The Mainstream; Powerful Tech Fighting CP; Acquisition Errors Can Cost Case


Digital Forensics: A Quick Note About Shred

Hal Pomeranz, Deer Run Associates In the Linux/Unix realm we have tools like shred for securely overwriting files before deleting them in order to prevent recovery of the deleted file. If your adversary is sufficiently advanced (or just not lazy), they can obviously use these tools to frustrate your forensic investigation. Previously, I had thought … Continue reading Digital Forensics: A Quick Note About Shred