SANS Digital Forensics and Incident Response Blog: Category - Evidence Analysis

Finding (unknown) malware with DensityScout ...

Introduction The latest REMnux version has a new tool on board that's an completely unknown to you: "DensityScout". This article reveals all that you need to know to understand where and how this tool can save you hours of your precious time. NOTE: This article addresses build 42 of this tool. At the time of … Continue reading Finding (unknown) malware with DensityScout ...


Digital Forensics Case Leads: Bulk_extractor how-to, Verizon Report, FTK review, China prime suspect in RSA and other incidents

In this week's edition of Case Leads we have a how-to for Bulk_extractor's find feature, first impressions on the new database options in FTK, an extension for log2timeline for parsing the cache in Firefox, the Verizon data breach report, and statements by current and former US government officials about Stuxnet and China. If you have … Continue reading Digital Forensics Case Leads: Bulk_extractor how-to, Verizon Report, FTK review, China prime suspect in RSA and other incidents


Forensically mining new nuggets of Google Chrome

I was recently creating some slides on Chrome forensics for a class I'm teaching, when I really discovered for the first time just how popular it's actually become. As of last month, according to http://www.w3schools.com/browsers/browsers_stats.asp, Chrome is not only 50% more popular than internet Explorer, but is actually neck and neck with Firefox (36.6% vs. … Continue reading Forensically mining new nuggets of Google Chrome


Digital Forensics Case Leads: SSD Forensics; WebCams, Privacy and The Law; Anit-Forensics Goes Mainstream; Forensics Comes To The US Elections

Welcome to Digital Forensics Case Leads. It's a busy week in digital forensics, incident response and the law. In this edition: How the standards for obtaining a warrant for digital information might change. Do users really care about tracking and privacy online? Are anti-forensics and spoliation becoming more popular with the general public? Why Solid … Continue reading Digital Forensics Case Leads: SSD Forensics; WebCams, Privacy and The Law; Anit-Forensics Goes Mainstream; Forensics Comes To The US Elections


Digital Forensics Case Leads: New versions of Bulk_extractor and FTK, new blogs on malware and forensics, and lost flash drives

In this week's edition of Case Leads we have updates to a couple of tools, Bulk_extractor and FTK as well as two new blogs featuring malware analysis and digital forensics tutorials. If you have an item you'd like to contribute toDigital Forensics CaseLeads, please send it to caseleads@sans.org. Tools: A new version of Bulk_extractor has … Continue reading Digital Forensics Case Leads: New versions of Bulk_extractor and FTK, new blogs on malware and forensics, and lost flash drives