SANS Digital Forensics and Incident Response Blog: Category - Computer Forensics

Digital Forensics Case Leads: Incident Response Hits The Mainstream; Powerful Tech Fighting CP; Acquisition Errors Can Cost Case

Incident Response Lead Story: Why it pays to have incident response in a Wikileaks world. The Wikileaks story is having a ripple effect that shows no sign of abating. As of this writing, according to a spokesperson for PandaSecurity: the following web sites have been attacked in the name of defending the actions of Wikileaks: … Continue reading Digital Forensics Case Leads: Incident Response Hits The Mainstream; Powerful Tech Fighting CP; Acquisition Errors Can Cost Case


Digital Forensics: A Quick Note About Shred

Hal Pomeranz, Deer Run Associates In the Linux/Unix realm we have tools like shred for securely overwriting files before deleting them in order to prevent recovery of the deleted file. If your adversary is sufficiently advanced (or just not lazy), they can obviously use these tools to frustrate your forensic investigation. Previously, I had thought … Continue reading Digital Forensics: A Quick Note About Shred


Digital Forensics Case Leads: Failure and Frustration — Real Learning

This week I've got a short rant about education and a link to an interesting video on the subject. One of the best ways to really learn something is to teach it and if you think you haven't got any knowledge worth sharing, well you're probably wrong, but there's a list of research projects in … Continue reading Digital Forensics Case Leads: Failure and Frustration — Real Learning


Digital Forensics Case Leads: Cyberthieves and the Federal Reserve

As this is a holiday week in the US, it was a lite week for news and other things. Still a few tidbits — Cyberthieves still need to rely on human help and the Federal Reserve had a Test system hacked. Ken Pryor has a new blog coming out and Lee Whitfield has some interesting … Continue reading Digital Forensics Case Leads: Cyberthieves and the Federal Reserve


Digital Forensics Case Leads: No Shmoose, No Junk; Just Forensics

In this week's entry, nothing ShmooCon related, no TSA junk, and no royal engagements. Just the usual variety of tool and news pointers, in case you missed them elsewhere.

Tools:

  • On his excellent blog, Lance Mueller has published an Encase script, written by OIiver Hpli, which uses an MSSQL database for storing hashes and gives faster filtering results. Find it here.
  • Brian Carrier announced the availability of a new Open Source Forensics site. This is a great resource for those of us who may not be able to afford the more expensive tools, but continue to work with The Sleuthkit and a hex editor.
  • National Institute of Justice's Electronic Crime Program supports development of tools to assist in collecting digital evidence. Unfortunately

...