SANS Digital Forensics and Incident Response Blog: Category - Incident Response

SANS #DFIR Windows Memory Forensics Training (FOR526) - Malware can hide, but it must run.

SANS Windows Memory Forensics Training (FOR526) - Knocks it out of the park! Jesse Kornblum and Alissa Torres just finished up their first official course dedicated to Windows Memory Forensics at the SANS Institute at SANS2013 in Orlando. The course teaches key techniques used by actual practioners in the field who use it in their … Continue reading SANS #DFIR Windows Memory Forensics Training (FOR526) - Malware can hide, but it must run.


Caseleads: South Korea Attack Forensics; Google Glass Brings Discoverable Evidence To Litigation; The Post Data Breach Boom; Fighting Insider Fraudsters

Mark this date: On March 20th 2013, the non-technical managers may finally start to understand what a digital forensics professional actually does. With the massive cyber attacks on South Korean banks, media outlets, and ISPs, the role of forensicators is put front and center. The attack(s) resulted in widespread ATM outages, online banking and mobile … Continue reading Caseleads: South Korea Attack Forensics; Google Glass Brings Discoverable Evidence To Litigation; The Post Data Breach Boom; Fighting Insider Fraudsters


ProcDOT - Visual Malware Analysis

Dear like-minded people, I'm very proud to announce that our (CERT.at - CERT Austria) latest contribution to the malware analysis community is finally available as open beta. It's called ProcDOT - I already gave a preview of the alpha version some months ago at SANS Forensics Summit in Prague - and it is an absolute … Continue reading ProcDOT - Visual Malware Analysis


CaseLeads: China Cyber Espionage Exposed, Account Issues with Twitter and Plenty of Great How-To's

This week on Case Leads, we learn the truth of China's cyber espionage unit, Twitter verified accounts were hacked and there have been some updates to some of your favorite tools. If you have an item you'd like to contribute to Digital Forensics Case Leads, please send it to''caseleads@sans.org. Tools: HMFTwas given a small update. … Continue reading CaseLeads: China Cyber Espionage Exposed, Account Issues with Twitter and Plenty of Great How-To's


Jake Williams' Tips on Malware Analysis and Reverse-Engineering - Part 3

In this interview, Jake Williams discusses his perspective on the various approaches to reverse-engineering malware, including behavioral, dynamic and static analysis as well as memory forensics. Jake is an incident responder extraordinaire, who teaches SANS' FOR610: Reverse-Engineering Malware course. Continue reading Jake Williams' Tips on Malware Analysis and Reverse-Engineering - Part 3