SANS Digital Forensics and Incident Response Blog: Category - Getting Started

Digital Forensics Case Leads: MBR Parser, VSC Toolset GUI, Memory Forensics Cheat Sheet & other goodness......

In this week's SANS Case Leads, we have a python script for parsing the Master Boot Record, a question of USB drive serial number uniqueness, some VSC goodness and some other stuff ;-) If you have an item you'd like to contribute to Digital Forensics Case Leads, please send it to caseleads@sans.org Tools: Jamie Levy … Continue reading Digital Forensics Case Leads: MBR Parser, VSC Toolset GUI, Memory Forensics Cheat Sheet & other goodness......


Digital Forensics SIFT'ing: Cheating Timelines with log2timeline

Hopefully at one point in time everyone has experienced the enjoyment of a teacher that allowed them to use a "cheat sheet" on a test. For the unfamiliar, the concept is simple; take an 8.5 x 11" piece of paper, cram as much information as you can on both sides, and use it as an … Continue reading Digital Forensics SIFT'ing: Cheating Timelines with log2timeline


Digital Forensics Case Leads: Registry and Malware Analysis Tools, Preparing to Testify, and Virtual Machine Technology on Mobile Devices

This week's edition of Case Leads features a number of new tools and updates for a few of the old standbys. We have a collection of tools designed for studying malware found on Windows or Android platforms and a couple of new applications for registry analysis. Virtual machine technology is heading for Android based devices … Continue reading Digital Forensics Case Leads: Registry and Malware Analysis Tools, Preparing to Testify, and Virtual Machine Technology on Mobile Devices


Malware Analysis Challenge to Strengthen Your Skills

One of the best ways to learn how to analyze malicious software is to practice. Here's a set of challenge questions, building upon an earlier network forensics puzzle, so you can strengthen your malware analysis skills. Continue reading Malware Analysis Challenge to Strengthen Your Skills


Professional Development in Digital Forensics and Incident Response

Professionals looking to enter and grow in the field of digital forensics and incident response (DFIR) face many challenges. Organizations often focus their recruitment efforts on experienced forensicators, rather than investing into personnel who could mature as part of the group. Individuals who found a way to enter this field often struggle to identify mentors … Continue reading Professional Development in Digital Forensics and Incident Response