SANS Digital Forensics and Incident Response Blog: Category - Computer Forensics

Digital SANS Forensics and IR Summit 2010: Network Forensics Panel Questions Released!

The 2010 Digital Forensics and Incident Response Summit's focus this year is examining and advancing the digital forensic professional to deal with advanced threats such as the APT and organized crime. Understanding how many of these crimes take place is crucial to creating lethal forensicators armed with the knowledge and skills to analyze complex cases. REGISTER NOW!!

Network Forensics Panel

Panelists will tell you the challenges faced by properly collecting and analyzing network based evidence. It is critical in investigations. Data collected from intrusion detection systems, firewalls, routers, proxies, and access points all end up telling unique stories that could be critical to solving your case. Learn the

...


SANS Digital Forensics Summit Challenge 2010 - FINAL CONTEST WEEK!!

FINAL WEEK - SUBMISSIONS Due 27 June 2010

The 2010 Digital Forensics and Incident Response Summit's focus this year is examining and advancing the digital forensic professional to deal with advanced threats such as the APT and organized crime. Understanding how many of these crimes take place is crucial to creating lethal forensicators armed with the knowledge and skills to analyze complex cases. I asked Jonathan Ham and Sherri Davidoff (who co-authored the sell-out Forensics 558: Network Forensics course and created many successful contests at - forensicscontest.com) to create a contest based partially on how the APT might try and trigger a

...


Computer Forensic Examiners: PI Licensing Requirement Revisited

Do computer forensic examiners have to be licensed as private investigators? Well, that varies by state. Benjamin Wright has discussed the PI requirementhere and Texas PI legislationhere.Scott Moulton provided some insight to Michigan and the CISSP requirementhere. I do not plan to regurgitate their research or viewpoints, but rather continue the discussion and provide some additional information in regards to another

...


Digital Forensic Case Leads: Forensic 4Cast Voting is Open

Short post this week, as yours truly is under the weather. I hate colds, but they are far more miserable in the summer when the weather is beautiful.

It's con season. Last week was SANSFire, and this week started off with the Pen Test Summit, and FIRST and in the coming weeks we'll see the Forensics Summit (details below), Black Hat and Defcon. I love this time of year and can't wait to see what great tools and discoveries will be released in the coming months.

Tools:

  • For anyone who has ever had to dig through the registry piecing together information about various USB devices that have been plugged into a system, here's a useful tool that will do the heavy lifting for you. That link will take you to a post that discusses the various registry artifacts in play and includes a link to the tool.
  • Mandiant has

...


Forensic 4cast Awards Voting Has Opened

The voting has opened for the Forensic 4cast awards. You can castyour votes here.

The voting will close on July 6th and the winners will be announced atthe SANS Forensics and Incident Response Summit which will be held onJuly 8th and 9th in Washington, DC.

The nominees are as follows:

Outstanding Contribution to Digital Forensics - Individual
Lee Whitfield
Rob Lee
Kristinn Gudjonsson
Matt Shannon

Outstanding Contribution to Digital Forensics - Company
Guidance Software
SANS
F-Response (Agile Risk Management)

Digital Forensics Blog
Windows Incident Response
SANS
Happy as a

...