SANS Digital Forensics and Incident Response Blog: Category - Email Investigations

Case Leads: A Forensicator's take on BlackHat/DefCon/BSides

It's been a busy time in digital forensics and incident response (DFIR). Every summer, for over 20 years, infosec and forensicators and old school hackers have gathered in Las Vegas. A mixture of very deep tech talks, trainings, and technology oriented distractions "flood the zone" in Las Vegas. Close to 15-20,000 people were in Las … Continue reading Case Leads: A Forensicator's take on BlackHat/DefCon/BSides


Case Leads: Report on Emerging Cyber Threats, Updates to Forensics Applications, Malware Trends, and more.

This week's edition of CaseLeads features a report on emerging cyber threats, another report about malware and vulnerabilities,research about the head of a new anti-virus firm, updates to the Oxygen Forensics Suite and Memoryze for the Mac. There's also a story about how email led to several discoveries in the case of theCIA director that … Continue reading Case Leads: Report on Emerging Cyber Threats, Updates to Forensics Applications, Malware Trends, and more.


Digital Forensic Case Leads: Anon Strikes Again, and Again. Groupon Litigation Threats. DarkMarket Motivations Revealed. The Tutu Has Been Donned

This week's Digital Forensic Case Leads is chock full of forensics nuggets. Links to great forensics tools for encryption detection and memory extraction, plus a how-to for breaking/auditing the OS X Keychain. You will also find an analysis of the Samsung v. Apple patent case from a digital forensics perspective, with IP Attorney Ben Langlotz. … Continue reading Digital Forensic Case Leads: Anon Strikes Again, and Again. Groupon Litigation Threats. DarkMarket Motivations Revealed. The Tutu Has Been Donned


Digital Forensics Case Leads: PFIC 2011 Report, DNS forensics, Massive Flaws in Amazon EC2?

The Paraben Forensics Innovator's Conference was held last week in Park City, Utah. Your SANS Digital Forensic blogger attended the event, along with over 300 fellow, forensicators and lawyers. With information security events like BlackHat, and DefCon drawing thousands, this is yet another small event that has many advantages over the larger conferences. At these … Continue reading Digital Forensics Case Leads: PFIC 2011 Report, DNS forensics, Massive Flaws in Amazon EC2?


Digital Forensics Case Leads: ATT/Apple Rushes in The Forensics and Incident Response Team

A web application flaw was announced late Wednesday that appears to impact users of the 3G Apple iPad. According to press reports, AT&T is rushing in a forensic team in an attempt to determine the damage the flaw may have inflicted.

Gadget blog Gizmodo reports that a flaw in web application used to sign onto to an Apple/AT&T 3G iPad account allows an attacker to get into the account by incrementing the serial numbers on the SIM card on 3G iPads. It is not unusual for a web development team to not focus on using secure methods like using random numbers in generating web sessions. If there is no web application security team in place, these flaws can live on for years in web applications and sites.

AT&T claims that the team that discovered the flaw did not use responsible disclosure to alert AT&T and Apple about the flaw before going public. AT&T said that they closed this

...