SANS Digital Forensics and Incident Response Blog: Category - Evidence Acquisition

Digital Forensics Case Leads: New version of REMnux, tools for imaging iPhone and Android devices, and a list of "Best Reads" from 2011

This week's edition of Case Leads features a new version of REMnux for malware analysis and we have two tools for collecting forensic images from iPhone and Android devices. We also have a couple of articles on Android memory analysis and the use of Open Source digital forensics tools to validate commercial tools. As always, … Continue reading Digital Forensics Case Leads: New version of REMnux, tools for imaging iPhone and Android devices, and a list of "Best Reads" from 2011


Digital Forensics Case Leads: PFIC 2011 Report, DNS forensics, Massive Flaws in Amazon EC2?

The Paraben Forensics Innovator's Conference was held last week in Park City, Utah. Your SANS Digital Forensic blogger attended the event, along with over 300 fellow, forensicators and lawyers. With information security events like BlackHat, and DefCon drawing thousands, this is yet another small event that has many advantages over the larger conferences. At these … Continue reading Digital Forensics Case Leads: PFIC 2011 Report, DNS forensics, Massive Flaws in Amazon EC2?


Undercover Agents Record Social Media Evidence

How should investigators record fast-changing online evidence, such as social media? Case in point: The Mercer County (New Jersey) Prosecutor's office followed hundreds of street gang affiliates on Myspace. How did it do that economically? Instead of using seasoned, highly-trained police investigators, it commissioned a team of mere interns. The interns, acting as undercover agents, … Continue reading Undercover Agents Record Social Media Evidence


High Tech Crime Investigators Conference 2011 Report, Anonymous Promises Retaliation, DigiNotar Dies

The 25th High Technology Investigators Conference was held last week near Palm Springs California last week. Your SANS Forensic blogger attended the event, along with over 500 fellow lethal, and aspiring lethal, forensicators. Information security events like BlackHat, DefCon and RSA drawing thousands. It's more difficult to really get to know one's colleagues at those … Continue reading High Tech Crime Investigators Conference 2011 Report, Anonymous Promises Retaliation, DigiNotar Dies


Digital Forensics Case Leads: Registry and Malware Analysis Tools, Preparing to Testify, and Virtual Machine Technology on Mobile Devices

This week's edition of Case Leads features a number of new tools and updates for a few of the old standbys. We have a collection of tools designed for studying malware found on Windows or Android platforms and a couple of new applications for registry analysis. Virtual machine technology is heading for Android based devices … Continue reading Digital Forensics Case Leads: Registry and Malware Analysis Tools, Preparing to Testify, and Virtual Machine Technology on Mobile Devices