SANS Digital Forensics and Incident Response Blog: Category - Computer Forensics

Digital Forensics Case Leads: Failure and Frustration — Real Learning

This week I've got a short rant about education and a link to an interesting video on the subject. One of the best ways to really learn something is to teach it and if you think you haven't got any knowledge worth sharing, well you're probably wrong, but there's a list of research projects in … Continue reading Digital Forensics Case Leads: Failure and Frustration — Real Learning

Digital Forensics Case Leads: Cyberthieves and the Federal Reserve

As this is a holiday week in the US, it was a lite week for news and other things. Still a few tidbits — Cyberthieves still need to rely on human help and the Federal Reserve had a Test system hacked. Ken Pryor has a new blog coming out and Lee Whitfield has some interesting … Continue reading Digital Forensics Case Leads: Cyberthieves and the Federal Reserve

Digital Forensics Case Leads: No Shmoose, No Junk; Just Forensics

In this week's entry, nothing ShmooCon related, no TSA junk, and no royal engagements. Just the usual variety of tool and news pointers, in case you missed them elsewhere.


  • On his excellent blog, Lance Mueller has published an Encase script, written by OIiver Hpli, which uses an MSSQL database for storing hashes and gives faster filtering results. Find it here.
  • Brian Carrier announced the availability of a new Open Source Forensics site. This is a great resource for those of us who may not be able to afford the more expensive tools, but continue to work with The Sleuthkit and a hex editor.
  • National Institute of Justice's Electronic Crime Program supports development of tools to assist in collecting digital evidence. Unfortunately


iPhone Forensics white paper

We (viaForensics) have released an updated version of our free white paper on iPhone Forensics. The paper reviews specific software and techniques that analysts and investigators can use to recover the vast amount of information stored on Apple's iPhones. Ok, that's from our press release but this audience doesn't need that. So here is some additional background on the white paper!

First, it is a huge endeavor to generate this white paper but the interest is quite high so we saw it through. We reviewed 13 different tools and provide our thoughts on each as forensic analysts who regularly analyze smart phones. There are plently of screen shots, descriptions and the like. We'd love any feedback so if you can check it out and let us know, it would be most apprecaited.

This time around the tools were noticeably more


Digital Forensics Case Leads: The Community Needs You

I don't know. I don't know. I don't know.

That little phrase, more than most others in the English language, has an amazing potential to be either mindbogglingly empowering or cripplingly demoralizing. A great deal of the difference depends on emphasis. Do you dwell on the fact that you don't have the knowledge and don't have "the time" to find the answer? Or do you focus on the opportunity to gain knowledge and make new discoveries? Do you hesitate or hold back because there are things you don't know? Or do you have a good grip on the fact that none of us know everything (or even most things)?

The answers to those questions have a lot to do with how and whether you decide to contribute to the digital forensics community (or any community). So I've focussed this week on using the various links I've compiled to illustrate how people can begin contributing to the community in ways that don't

... Continue reading Digital Forensics Case Leads: The Community Needs You