SANS Digital Forensics and Incident Response Blog: Category - Evidence Analysis

Webcast Summary: New SANS Cheat Sheet: A Guide to Eric Zimmerman's Command Line Tools

Thank you for attending the SANS New Cheat Sheet: "A Guide to Eric Zimmerman's Command Line Tools" webcast. For webcast slides and recording visit:http://www.sans.org/u/raj To download the Cheat Sheet visit:http://digital-forensics.sans.org/u/rao To download Eric's Command line tools visit:https://ericzimmerman.github.io/ In this webinar, Eric covered several tools that can be used to show evidence of execution … Continue reading Webcast Summary: New SANS Cheat Sheet: A Guide to Eric Zimmerman's Command Line Tools


Malware Can Hide, But It Must Run

Article originally posted in forensicfocus.com Author: Alissa Torres It's October, haunting season. However, in the forensics world, the hunting of evil never ends. And with Windows 10 expected to be the new normal, digital forensics and incident response (DFIR) professionals who lack the necessary (memory) hunting skills will pay the price. Investigators who do not … Continue reading Malware Can Hide, But It Must Run


A Technical Autopsy of the Apple - FBI Debate using iPhone forensics

The technical basics of the case is that FBI is trying to compel Apple Inc. to help create a new capability installed on the suspect's iPhone that would enable with the following degraded security mechanisms: Allow the FBI to submit passcode "electronically via the physical device port" Will not wipe underlying data after 10 incorrect … Continue reading A Technical Autopsy of the Apple - FBI Debate using iPhone forensics


Timeline analysis with Apache Spark and Python

This blog post introduces a technique for timeline analysis that mixes a bit of data science and domain-specific knowledge (file-systems, DFIR). Analyzing CSV formatted timelines by loading them with Excel or any other spreadsheet application can be inefficient, even impossible at times. It all depends on the size of the timelines and how many different … Continue reading Timeline analysis with Apache Spark and Python


A Threat Intelligence Script for Qualitative Analysis of Passwords Artifacts

The Verizon Data Breach Report has consistently said, over the years, passwords are a big part of breach compromises. Dr. Lori Cranor, and her team, at CMU has done extensive research on how to choose the best password policies verses usability. In addition, Alison Nixon's research describes techniques to determine valid password of an organization … Continue reading A Threat Intelligence Script for Qualitative Analysis of Passwords Artifacts