SANS Digital Forensics and Incident Response Blog: Category - Computer Forensics

Top 7 reasons why Boston's SANS Digital Forensics is going to rock

Computer Forensic Investigations and Incident Response (FOR508)

7. Dave has more than 15 years of experience in IT and info sec, including 12 years working in a large research university network at a time when firewalls were frowned upon and compromise was commonplace. In addition to corporate and public sector work, Dave has been consulting on digital forensics cases for five years and teaches from that experience. Follow Dave on Twitter:

6. Regardless of experience level, students will take away a deeper understanding of digital forensics. This class will make you a better analyst.

5. Community SANS courses have a smaller class size. Smaller classes mean more time one-on-one with the instructor. It is like having your personal Digital Forensics Sensei


Digital Forensics - Careers Tips from Rob Lee of the SANS Institute

Digital Forensics - Careers Tips from Rob Lee of SANS Institute

February 5, 2010

Increasingly, digital forensics is an important element of an information security program for organizations of all types and sizes.But where can security leaders find qualified forensics professionals? How can these professionals obtain the skills and expertise they need to be successful?

Rob Lee of Mandiant and SANS Institute discusses forensics careers, focusing on:

  • Hot trends of


Internet Evidence Finder (IEF): interview with Jad Saliba of

Editor's note: Brad Garnett recently had an opportunity to interview Jad Saliba, of JADSoftware about how he got started in computer forensics and about some of his company's products. Please note that JADSoftware has offered a discount to readers, see the details below.

Q: Jad, Take a minute to introduce yourself and give us some insight into your background. How did you get involved in computer forensics and software development?

I've been involved in software programming on and off for a long time, going back to my teenage years. I've always had an interest in system tools and figuring out what's going on behind the scenes in a computer. I went to college and studied computer networking and programming, and worked in the industry for a short while before getting into law enforcement, which is another passion of mine. I didn't want anyone to know about my computer skills when I first got hired!


Uncident Response

Awhile ago, I was asked to assist in responding to a security problem on a client's network. A major vulnerability was reported on a website that involved failure of the primary authentication and access control mechanism. So severe was the vulnerability that not only could one user view another's PII, but complete authentication circumvention was itself trivial! I was tasked with assessing what, if any, impact had resulted from this exposure. This probably sounds familiar to many security analysts: a vulnerability was discovered, what compromise resulted from it?

These cases turn classic incident response on its head. We are trained, and often work, on issues where a compromise is discovered, from which analysis reveals a vulnerability. Here, we have the opposite. One immediate difference is clear: when there is a compromise, some vulnerability was necessarily exploited. However, the result of a vulnerability investigation is not so clear. Our normal incident

... Continue reading Uncident Response

Twitter Weekly Updates for 2010-02-06