SANS Digital Forensics and Incident Response Blog: Category - Incident Response

Caseleads: South Korea Attack Forensics; Google Glass Brings Discoverable Evidence To Litigation; The Post Data Breach Boom; Fighting Insider Fraudsters

Mark this date: On March 20th 2013, the non-technical managers may finally start to understand what a digital forensics professional actually does. With the massive cyber attacks on South Korean banks, media outlets, and ISPs, the role of forensicators is put front and center. The attack(s) resulted in widespread ATM outages, online banking and mobile … Continue reading Caseleads: South Korea Attack Forensics; Google Glass Brings Discoverable Evidence To Litigation; The Post Data Breach Boom; Fighting Insider Fraudsters


ProcDOT - Visual Malware Analysis

Dear like-minded people, I'm very proud to announce that our (CERT.at - CERT Austria) latest contribution to the malware analysis community is finally available as open beta. It's called ProcDOT - I already gave a preview of the alpha version some months ago at SANS Forensics Summit in Prague - and it is an absolute … Continue reading ProcDOT - Visual Malware Analysis


CaseLeads: China Cyber Espionage Exposed, Account Issues with Twitter and Plenty of Great How-To's

This week on Case Leads, we learn the truth of China's cyber espionage unit, Twitter verified accounts were hacked and there have been some updates to some of your favorite tools. If you have an item you'd like to contribute to Digital Forensics Case Leads, please send it to''caseleads@sans.org. Tools: HMFTwas given a small update. … Continue reading CaseLeads: China Cyber Espionage Exposed, Account Issues with Twitter and Plenty of Great How-To's


Jake Williams' Tips on Malware Analysis and Reverse-Engineering - Part 3

In this interview, Jake Williams discusses his perspective on the various approaches to reverse-engineering malware, including behavioral, dynamic and static analysis as well as memory forensics. Jake is an incident responder extraordinaire, who teaches SANS' FOR610: Reverse-Engineering Malware course. Continue reading Jake Williams' Tips on Malware Analysis and Reverse-Engineering - Part 3


Jake Williams' Tips on Malware Analysis and Reverse-Engineering - Part 2

In this interview, Jake Williams shares advice on acting upon the findings produced by the malware analyst. He also clarifies the role of indicators of compromise (IOCs) in the incident response effort. Jake is an incident responder extraordinaire, who teaches SANS' FOR610: Reverse-Engineering Malware course. Continue reading Jake Williams' Tips on Malware Analysis and Reverse-Engineering - Part 2