SANS Digital Forensics and Incident Response Blog: Category - Evidence Acquisition

Digital Forensics Case Leads: Registry and Malware Analysis Tools, Preparing to Testify, and Virtual Machine Technology on Mobile Devices

This week's edition of Case Leads features a number of new tools and updates for a few of the old standbys. We have a collection of tools designed for studying malware found on Windows or Android platforms and a couple of new applications for registry analysis. Virtual machine technology is heading for Android based devices … Continue reading Digital Forensics Case Leads: Registry and Malware Analysis Tools, Preparing to Testify, and Virtual Machine Technology on Mobile Devices


Hostile Forensics

Hostile Forensics Hello everybody to my first Blog post both here at SANS. I've released a whitepaper that may be of interest to people in the forensic community, and wanted to both share it with you and get feedback and criticism on it. Seeing a few great presentations today here at DefCon, namely by … Continue reading Hostile Forensics


Cloud Investigation

Narrated Screencast Assures Investigator's Personal Accountability The collection of cloud evidence vexes investigators, whether they be police, auditors or consumer watchdogs. As more and more social and commercial interactions occur in the Internet cloud, new methods are needed for proving what happened. Traditional digital forensics emphasizes an investigator gaining access to data stored on a … Continue reading Cloud Investigation


Michigan TrackerGate: ACLU Speaks

The row continutes between the Michigan ACLU and the Michigan law enforcement. The Michigan ACLU leveled the charge earlier this week that Michigan law enforement was asking for hundreds of thousands of dollars for records related to the possible forensic imaging of mobile devices using the well-known Cellebrite UFED. Michigan law enforcement has responded. In … Continue reading Michigan TrackerGate: ACLU Speaks


Digital Forensics Case Leads: ACLU, Michigan State Police, and Cellebrite

This week, the dispute between the ACLU of Michigan and the Michigan State Police engages most of my attention here. But there are a lot of other interesting items this week, including Verizon's 2011 Data Breach Investigations Report, one person's stab at what to do about Chinese espionage, and new information about the location data … Continue reading Digital Forensics Case Leads: ACLU, Michigan State Police, and Cellebrite