SANS Digital Forensics and Incident Response Blog: Category - Evidence Acquisition

Digital Forensics Case Leads: PFIC 2011 Report, DNS forensics, Massive Flaws in Amazon EC2?

The Paraben Forensics Innovator's Conference was held last week in Park City, Utah. Your SANS Digital Forensic blogger attended the event, along with over 300 fellow, forensicators and lawyers. With information security events like BlackHat, and DefCon drawing thousands, this is yet another small event that has many advantages over the larger conferences. At these … Continue reading Digital Forensics Case Leads: PFIC 2011 Report, DNS forensics, Massive Flaws in Amazon EC2?


Undercover Agents Record Social Media Evidence

How should investigators record fast-changing online evidence, such as social media? Case in point: The Mercer County (New Jersey) Prosecutor's office followed hundreds of street gang affiliates on Myspace. How did it do that economically? Instead of using seasoned, highly-trained police investigators, it commissioned a team of mere interns. The interns, acting as undercover agents, … Continue reading Undercover Agents Record Social Media Evidence


High Tech Crime Investigators Conference 2011 Report, Anonymous Promises Retaliation, DigiNotar Dies

The 25th High Technology Investigators Conference was held last week near Palm Springs California last week. Your SANS Forensic blogger attended the event, along with over 500 fellow lethal, and aspiring lethal, forensicators. Information security events like BlackHat, DefCon and RSA drawing thousands. It's more difficult to really get to know one's colleagues at those … Continue reading High Tech Crime Investigators Conference 2011 Report, Anonymous Promises Retaliation, DigiNotar Dies


Digital Forensics Case Leads: Registry and Malware Analysis Tools, Preparing to Testify, and Virtual Machine Technology on Mobile Devices

This week's edition of Case Leads features a number of new tools and updates for a few of the old standbys. We have a collection of tools designed for studying malware found on Windows or Android platforms and a couple of new applications for registry analysis. Virtual machine technology is heading for Android based devices … Continue reading Digital Forensics Case Leads: Registry and Malware Analysis Tools, Preparing to Testify, and Virtual Machine Technology on Mobile Devices


Hostile Forensics

Hostile Forensics Hello everybody to my first Blog post both here at SANS. I've released a whitepaper that may be of interest to people in the forensic community, and wanted to both share it with you and get feedback and criticism on it. Seeing a few great presentations today here at DefCon, namely by … Continue reading Hostile Forensics