SANS Digital Forensics and Incident Response Blog: Category - Computer Forensics

New York-Reverse-Engineering Malware - Forensics 610

SANS is pleased to announce the Community SANS New York City 2010. Presenting our one of our most popular courses, New York will be getting one of our top SANS Instructors Lenny Zeltser.

Please note that Forensics 610, has sold out at several SANS events since June. Now is your opportunity to take this essential SANS Forensics course now.

- October 25 - 29, 2010
SANS Forensics New York City
Forensics 610: Reverse-Engineering Malware: Malware Analysis Tools
and Techniques
(https://www.sans.org/new-york-2010-cs3/description.php?tid=4317)
Tuition fee: Save $400 when you register by September 8
Instructor: LENNY ZELTSER, Course author and SANS Certified Instructor

Please note that there is a special 10% discount available to all
InfraGard members for this course and 50 other SANS courses
available at (


New York-Computer Forensic Essentials 408

SANS is pleased to announce the Community SANS New York City September 2010. One of our most popular courses will be presented with a top SANS Instructor, Ovie Carroll.

Please note that Forensics 408 has sold out at several SANS events since June. Now is your opportunity to take this essential SANS Forensics course.

- September 13 - 15 (Part A ) and Sept 20-22 (Part B), 2010
SANS Forensics New York City
FORENSICS 408: COMPUTER FORENSICS ESSENTIALS
(https://www.sans.org/new-york-forensics-2010-cs)
Tuition fee: $3,395
Instructor: OVIE CARROLL, Director for the Cybercrime Lab at the
Department of Justice, Computer Crime and Intellectual Property Section

Please note that there is a special 10% discount available to all
InfraGard members for all these courses and 50 other SANS courses
available at (


Why Teaching Matters - A Letter About FORENSICS 508 - Computer Forensic Investigations and Incident Response

This is a really special letter that we thought we would share with the community. Thanks Bob and great work! Letter republished with permission from Bob Elder.

_______________________________________________________________________________________

Just wanted to pass along my accolades for the SANS 508 course. I have been taking this course via the on-demand method and had to stall the course due to a high profile case I was working on. The case involved online file sharing where the target was visited by police for items found in his publicly shared folder. When the search warrant took place, police members found out that the suspect had been discovered by his wife and had removed all the child pornography videos, including the ones that were documented in the investigation.

When I got the computer and imaged the drive, nothing was there except

...


Digital Forensics Case Leads: An OS X based Live CD, a Free Forensics App for Windows, Spying, and High Performance Password Cracking

This week's edition of Case Leads features an OS X based Live CD, a free tool for gathering evidence from HBGary, spying, and the threat video cards pose to passwords.

As always, if you have an interesting item you think should be included in the Digital Forensics Case Leads posts, you can send it to caseleads@sans.org.

Tools:

  • Creating an OS X Incident Response CD for Live Response -Tom Webb has a write up that discusses the process for building a basic OS X based CD for live analysis. The how-to addresses a few unique features of OS X and includes a method for dealing with OS X's non-static binaries. Suggestions for binaries to include on the CD and commands useful for IR on OS X are covered. Tom has also included a starter script that will help with information gathering during the IR

...


Intro to Report Writing for Digital Forensics

So you've just completed your forensic examination and found that forensic gem or smoking gun in your case, so how do you proceed? Depending on where you fall as a forensicator (e.g., law enforcement, intelligence, criminal defense work, incident response, e-discovery) you will have to report your findings. Foremost, find out what type of work product you are going to be required to produce to the client, attorney, etc. This will be your guide for completing your report. While the report writing part of the digital forensic examination process is not as fun as the forensic analysis, it is a very important link in the chain as Dave Hull summed it up here in a tweet.

As digital forensic examiners/analysts, we must report and present our findings on a very technical discipline in a simplistic manner. That may be to a supervisor, client, attorney, etc. or even to a judge and jury who will read and interpret your

...