SANS Digital Forensics and Incident Response Blog: Category - Evidence Acquisition

Hostile Forensics

Hostile Forensics Hello everybody to my first Blog post both here at SANS. I've released a whitepaper that may be of interest to people in the forensic community, and wanted to both share it with you and get feedback and criticism on it. Seeing a few great presentations today here at DefCon, namely by … Continue reading Hostile Forensics


Cloud Investigation

Narrated Screencast Assures Investigator's Personal Accountability The collection of cloud evidence vexes investigators, whether they be police, auditors or consumer watchdogs. As more and more social and commercial interactions occur in the Internet cloud, new methods are needed for proving what happened. Traditional digital forensics emphasizes an investigator gaining access to data stored on a … Continue reading Cloud Investigation


Michigan TrackerGate: ACLU Speaks

The row continutes between the Michigan ACLU and the Michigan law enforcement. The Michigan ACLU leveled the charge earlier this week that Michigan law enforement was asking for hundreds of thousands of dollars for records related to the possible forensic imaging of mobile devices using the well-known Cellebrite UFED. Michigan law enforcement has responded. In … Continue reading Michigan TrackerGate: ACLU Speaks


Digital Forensics Case Leads: ACLU, Michigan State Police, and Cellebrite

This week, the dispute between the ACLU of Michigan and the Michigan State Police engages most of my attention here. But there are a lot of other interesting items this week, including Verizon's 2011 Data Breach Investigations Report, one person's stab at what to do about Chinese espionage, and new information about the location data … Continue reading Digital Forensics Case Leads: ACLU, Michigan State Police, and Cellebrite


Case Leads: The Digital Forensics Case of the Decade? Digital Forensics at US Border Crossings; Serious Flaw in Enterprise Firewalls? The Feds Re-examine DFIR As Data Shifts To The Cloud

The digital forensic and ediscovery case of the decade could describe the litigation between Facebook and a man that claims he has a contract and emails from Harvard Student Mark Zukerberg for 50% ownership of "The Face Book" as an early-stage investor. There are more questions than answers in this case right now, among them: … Continue reading Case Leads: The Digital Forensics Case of the Decade? Digital Forensics at US Border Crossings; Serious Flaw in Enterprise Firewalls? The Feds Re-examine DFIR As Data Shifts To The Cloud