SANS Digital Forensics and Incident Response Blog: Category - Incident Response

Tools for Examining XOR Obfuscation for Malware Analysis

There are numerous ways of concealing sensitive data and code within malicious files and programs. Fortunately, attackers use one particular XOR-based technique very frequently, because offers sufficient protection and is simple to implement. Here's a look at several tools for deobfuscating XOR-encoded data during static malware analysis. Continue reading Tools for Examining XOR Obfuscation for Malware Analysis


Automating Static Malware Analysis With MASTIFF

MASTIFF is an open source framework for automating static malware analysis. This tool, created by Tyler Hudak, determines the type of file that is being analyzed and then applies only the static analysis techniques that are appropriate for that file type. MASTIFF offers a useful way for performing triage on a large set of suspicious files. Continue reading Automating Static Malware Analysis With MASTIFF


Windows Memory Analysis In-Depth - Discount Code = WINDEX = 10% Off #DFIR

Memory analysis skills are one of the most in-demand skills for digital forensics, incident response, and malware analysts today. SANS is introducing a brand new 5-day class dedicated to Windows Memory Forensics. The hands-on course, written by memory forensics pioneer Jesse Kornblum, is incredibly comprehensive and a crucial course for any investigator who is analyzing … Continue reading Windows Memory Analysis In-Depth - Discount Code = WINDEX = 10% Off #DFIR


SANS #DFIR Windows Memory Forensics Training (FOR526) - Malware can hide, but it must run.

SANS Windows Memory Forensics Training (FOR526) - Knocks it out of the park! Jesse Kornblum and Alissa Torres just finished up their first official course dedicated to Windows Memory Forensics at the SANS Institute at SANS2013 in Orlando. The course teaches key techniques used by actual practioners in the field who use it in their … Continue reading SANS #DFIR Windows Memory Forensics Training (FOR526) - Malware can hide, but it must run.


Caseleads: South Korea Attack Forensics; Google Glass Brings Discoverable Evidence To Litigation; The Post Data Breach Boom; Fighting Insider Fraudsters

Mark this date: On March 20th 2013, the non-technical managers may finally start to understand what a digital forensics professional actually does. With the massive cyber attacks on South Korean banks, media outlets, and ISPs, the role of forensicators is put front and center. The attack(s) resulted in widespread ATM outages, online banking and mobile … Continue reading Caseleads: South Korea Attack Forensics; Google Glass Brings Discoverable Evidence To Litigation; The Post Data Breach Boom; Fighting Insider Fraudsters