SANS Digital Forensics and Incident Response Blog: Category - Computer Forensics

Digital Forensics Practitioners Take Note: MS DLL Hijacking

DLL Hijacking Issue Gets Out Of Band Fix / Work Around From Microsoft

Though not as simple to pull-off for the bad guys as today's drive-by hacking exploits; successful exploitation requires a user first be tricked into visiting an untrusted WebDAV server in the Internet Zone and then double-click on any type of file, this enables attackers to cause a malicious file to be executed on the user's PC.

Because this is not an enabler of traditional drive-by hacking, many dismissed the severity of this vulnerability. However, given the recent publication of a Microsoft Advisory, Insecure Library Loading Could Allow Remote Code Execution, an initial work around published last week and a new tool released

...


Digital Forensics Case Leads: Reverse Engineer Malware, Analyze Timelines and Report Findings

This week, we have a wealth of information about REMnux, Lenny Zeltser's Linux distribution for analyzing malware, Kristinn Gudjonsson's paper on Super Timeline Analysis, and some interesting report-writing posts that I wanted to recall attention to. There's a lot of interesting reading ahead, so without further ado...

If you have an interesting item you think should be included in the Digital Forensics Case Leads posts, you can send it to caseleads@sans.org.

Reverse Engineering Malware:

Since he released his REMnux distribution for analyzing malware, our friend Lenny Zeltser has gotten quite a bit of attention for his distribution and for his SANS class, Reverse Engineering Malware.

...


Toronto - Network Forensics 558

SANS is pleased to announce Community SANS Toronto 2010, running
November 22 - 27. We will offer two of our most popular courses,
in our signature bootcamp style with plenty of hands-on exercises. For
complete course details and to register, please visit
(http://www.sans.org/toronto-2010-cs).

Register by October 13 and save $400 on tuition fees. Please note that
SANS Forensics 558, Network Forensics, has sold out in every location we
have offered it in 2010, so register early to avoid disappointment.

WHEN: November 22 - 27, 2010

COURSES:
Forensics 558: SANS Network Forensics
http://www.sans.org/toronto-2010-cs/description.php?tid=4562
Instructor: Guy Bruneau, Ottawa
30 CPEs

TUITION:
$3,160 through October 13, 2010
(


New York-Reverse-Engineering Malware - Forensics 610

SANS is pleased to announce the Community SANS New York City 2010. Presenting our one of our most popular courses, New York will be getting one of our top SANS Instructors Lenny Zeltser.

Please note that Forensics 610, has sold out at several SANS events since June. Now is your opportunity to take this essential SANS Forensics course now.

- October 25 - 29, 2010
SANS Forensics New York City
Forensics 610: Reverse-Engineering Malware: Malware Analysis Tools
and Techniques
(https://www.sans.org/new-york-2010-cs3/description.php?tid=4317)
Tuition fee: Save $400 when you register by September 8
Instructor: LENNY ZELTSER, Course author and SANS Certified Instructor

Please note that there is a special 10% discount available to all
InfraGard members for this course and 50 other SANS courses
available at (


New York-Computer Forensic Essentials 408

SANS is pleased to announce the Community SANS New York City September 2010. One of our most popular courses will be presented with a top SANS Instructor, Ovie Carroll.

Please note that Forensics 408 has sold out at several SANS events since June. Now is your opportunity to take this essential SANS Forensics course.

- September 13 - 15 (Part A ) and Sept 20-22 (Part B), 2010
SANS Forensics New York City
FORENSICS 408: COMPUTER FORENSICS ESSENTIALS
(https://www.sans.org/new-york-forensics-2010-cs)
Tuition fee: $3,395
Instructor: OVIE CARROLL, Director for the Cybercrime Lab at the
Department of Justice, Computer Crime and Intellectual Property Section

Please note that there is a special 10% discount available to all
InfraGard members for all these courses and 50 other SANS courses
available at (