SANS Digital Forensics and Incident Response Blog: Category - Evidence Analysis

Understanding EXT4 (Part 6): Directories

Hal Pomeranz, Deer Run Associates Many years ago, I started this series of blog posts documenting the internals of the EXT4 file system. One item I never got around to was documenting how directories were structured in EXT. Some recent research has caused me to dive back into this topic, and given me an excuse … Continue reading Understanding EXT4 (Part 6): Directories


Rapid Provisioning of a Malware Analysis Environment

The preparation of a malware analysis environment can often be a lengthy and repetitive process. I am not referring to setting up a virtual machine which contains all of your tools, but rather recognising that each sample you analyse may have very specific environmental requirements before it is willing to execute fully. For example, it … Continue reading Rapid Provisioning of a Malware Analysis Environment


Digital Forensics - Automotive Infotainment and Telematics Systems

Paul A. Henry - SeniorSans Instructor - phenry@sans.org MCP+I, MCSE, CCSA, CCSE, CISSP-ISSAP, CISM, CISA, CIFI, CCE, ACE, GCFE, GCFA, GSEC, GICSP, GCED, GPPA, VCP4/5, VCP-DCV (5.5), vExpert Powerful Features There is a huge range of features now controlled / enabled by current generation automotive infotainment and telematics systems (Figure 1 - Source), including … Continue reading Digital Forensics - Automotive Infotainment and Telematics Systems


Webcast Summary: New SANS Cheat Sheet: A Guide to Eric Zimmerman's Command Line Tools

Thank you for attending the SANS New Cheat Sheet: "A Guide to Eric Zimmerman's Command Line Tools" webcast. For webcast slides and recording visit:http://www.sans.org/u/raj To download the Cheat Sheet visit:http://digital-forensics.sans.org/u/rao To download Eric's Command line tools visit:https://ericzimmerman.github.io/ In this webinar, Eric covered several tools that can be used to show evidence of execution … Continue reading Webcast Summary: New SANS Cheat Sheet: A Guide to Eric Zimmerman's Command Line Tools


Malware Can Hide, But It Must Run

Article originally posted in forensicfocus.com Author: Alissa Torres It's October, haunting season. However, in the forensics world, the hunting of evil never ends. And with Windows 10 expected to be the new normal, digital forensics and incident response (DFIR) professionals who lack the necessary (memory) hunting skills will pay the price. Investigators who do not … Continue reading Malware Can Hide, But It Must Run