SANS Digital Forensics and Incident Response Blog: Category - Computer Forensics

RSA 2010 - Digital Forensic Analyst Notebook

The RSA Security Conference was held this week in San Francisco. The conference is jammed packed with sessions, whiteboarding events, demonstrations, and more. Here are my observations and interview sound bites. I was covering RSA San Francisco 2010 as a forensic analyst and co-host of The CyberJungle, a weekly live news and talk program on security, privacy, and the law.

Digital forensics is still the non-sexy topic at RSA Security. There were no dedicated forensics tracks for this conference. But computer forensics were mentioned now and then in session talks, although many times by the audience more than the speakers.

Smart Grid Forensics
For example, there was an industry panel on electric smart grid security standards. The panelists in this session did not have forensics on their agenda, but a member of the audience did. Gerry Brown is an independent forensics consultant.


The Chain of Custody for 2010-03-07 - Weekly Tweets

  • The Chain of Custody for 2010-02-28 - Weekly Tweets #
  • Organiser of Darkmarket fraud website jailed- A man who created a website trading in stolen financial information l... #
  • EviGator Digital Forensics release iPhorensic- EviGator Digital Forensics have released Version 1.0.0 of iPhorensic... #
  • Open Source Android Digital Forensics Application

Computer Forensics Tool Testing (CFTT) Survey

The Computer Forensics Tool Testing (CFTT) team at NIST and NW3C want to know what digital forensics tools you are using and what digital forensics tools you want NIST to test. Please take a few minutes to complete the below linked survey and share with us your valuable feedback.

To learn more about CFTT and the NW3C visit and

This survey is very important to state and local law enforcement as it is your voice and input, directly to NIST, for testing of the forensic hardware and software you use every day. A NIST evaluation of the tools you use has many benefits to you, your agency, and the cases you work. The survey itself is all multiple choice with an


Digital Forensics Case Leads: Herding botnet herders

It's been a busy week, with RSA and BSides conferences both taking place in San Francisco. Ira Victor will have a wrap up of news from RSA tomorrow so look for that. Be sure to check out Robert Shullich's paper on exFAT (see below) as we're sure to encounter this more and more in our digital forensics work.



Cryptome Spying guides as a Digital Forensic Resource

Since December 2009, has been publishing the legal spying guides from a variety of services and Service Providers. Therewas publicitythis past week when the Microsoft Legal Spying Guide was posted and a DMCA takedown notice was placed againstCryptome domain and its owner John Young. The DMCA restraint has since been lifted. This blog entry is not intended to defend or decry the DMCA notice. It is intended to provide Digital Forensic investigators a resource for appropriate contact and process logic contained in the Legal Spy guides published.

These documents were created to assist Law enforcement and appropriate investigators of what can be provided and the methodology for request. The guideswere generally considered confidential in nature when distributed. It is not my intent to break confidentiality of the source or creator. It is intended to assist in digital forensic discovery. Many of these documents are strictly intended for Law Enforcement and not

... Continue reading Cryptome Spying guides as a Digital Forensic Resource