SANS Digital Forensics and Incident Response Blog: Category - Incident Response

Anti-virus is not enough to defeat APT groups

In last week's story about the New York Times breach, you read that thebest-selling anti-virus system failed entirely. Every organization thathas gone through a targeted attack learns that same lesson and - toolate - develops an in-house forensics and threat analysis capability. (The commercial incident handling companies charge as much as $1,000 an hour after … Continue reading Anti-virus is not enough to defeat APT groups


Jake Williams' Tips on Malware Analysis and Reverse-Engineering

In this interview, Jake Williams discusses his perspectives on getting into digital forensics, crafting a strong malware analysis reports and making use of the analyst's findings. Jake is an incident responder extraordinaire, who teaches SANS' FOR610: Reverse-Engineering Malware course. Continue reading Jake Williams' Tips on Malware Analysis and Reverse-Engineering


Course Review: Course Review: SANS FOR408 Computer Forensic Investigations - Windows In-Depth

There is a brand new course review posted over at The Ethical Hacker Network discussing FOR408Windows Forensics In-Depth authored by Ovie Carroll, Rob Lee, and Chad Tilbury. The reviewer, Jason Andress, discusses the course section by section. Jason took the course in the popular vLive format that SANS offers. Take a look. Continue reading Course Review: Course Review: SANS FOR408 Computer Forensic Investigations - Windows In-Depth


Digital Forensics Case Leads: News from CES Las Vegas Might Open Doors for Automotive Forensics, Landmark Legal Rulings Impact DFIR Investigators, and Tackling Insider Fraud

In this issue of Case Leads we go around the globe to cover telematics app development from Ford at CES Las Vegas; to Russia for new tools that allow investigators to access files users try to keep encrypted; an anti-forensic tool that tries to hide details from memory forensic tools; the insider fraud threat; and … Continue reading Digital Forensics Case Leads: News from CES Las Vegas Might Open Doors for Automotive Forensics, Landmark Legal Rulings Impact DFIR Investigators, and Tackling Insider Fraud


Brand New - Windows Memory Analysis In-Depth - Course Launch

Memory analysis skills are one of the most in-demand skills for digital forensics, incident response, and malware analysts today. In 2013, SANS is introducing a brand new 5-day class dedicated to Windows Memory Forensics. The hands-on course, written by memory forensics pioneer and developerJesse Kornblum, is incredibly comprehensive and SANS is proud to offer it … Continue reading Brand New - Windows Memory Analysis In-Depth - Course Launch