SANS Digital Forensics and Incident Response Blog: Category - Computer Forensics

Digital Forensics Case Leads: REMnux, Stuxnet, Facebook and more

This week we have Lenny Zeltser releasing his awesome tool REMnux V2 along with some good blog posts by Brad Garnett, Andrew Hay and Harlan Carvey and the Yahoo group Win4n6. In the news we have more Stuxnet and privacy issues with Facebook. Don't forget to check out the upcoming training events comingto a city … Continue reading Digital Forensics Case Leads: REMnux, Stuxnet, Facebook and more


Digital Forensics: In-depth analysis of SRM and BCWipe (for unix)

Secure wiping tools are nothing new, we've all seen and used them for a long time now. It's no mystery that these tools are used by intruders to cover their tracks by securely deleting files such as logs, or other files they downloaded onto compromised systems. Organizations also use these tools to securely delete confidential … Continue reading Digital Forensics: In-depth analysis of SRM and BCWipe (for unix)


Digital Forensics on a (less than) shoestring budget - Part 2

In my last post, I talked about the various ways one can find training resources to assist in getting started in the field of digital forensics. In this post, I will go over some of the free and low cost software you can use and related information. A few years ago when I was first … Continue reading Digital Forensics on a (less than) shoestring budget - Part 2


Digital Forensics Case Leads: New Year brings DEFT and DFF updates, interesting reads and upcoming events

This week we have updates to two great tools, a variety of interesting reads, including one to come soon, and some events to fill your calendar for the 1st quarter of the new year. Tools: Arxsys has released V0.9 of the open source Digital Forensics Framework (DFF), which has some cool new features. You can … Continue reading Digital Forensics Case Leads: New Year brings DEFT and DFF updates, interesting reads and upcoming events


A Quick Look at Volatility 1.4 RC1 - What's New?

Volatility is a popular framework for memory forensics. The upcoming 1.4 release introduces a number of changes, including support for Windows 7 and enhanced plugins for malware analysis. Continue reading A Quick Look at Volatility 1.4 RC1 - What's New?