SANS Digital Forensics and Incident Response Blog: Category - Incident Response

Case Leads: The Digital Forensics Case of the Decade? Digital Forensics at US Border Crossings; Serious Flaw in Enterprise Firewalls? The Feds Re-examine DFIR As Data Shifts To The Cloud

The digital forensic and ediscovery case of the decade could describe the litigation between Facebook and a man that claims he has a contract and emails from Harvard Student Mark Zukerberg for 50% ownership of "The Face Book" as an early-stage investor. There are more questions than answers in this case right now, among them: … Continue reading Case Leads: The Digital Forensics Case of the Decade? Digital Forensics at US Border Crossings; Serious Flaw in Enterprise Firewalls? The Feds Re-examine DFIR As Data Shifts To The Cloud


Context-Specific Signatures for Computer Security Incident Response

Despite the limitations of signatures in generic situations, context-specific signatures can help when responding to a computer security incident. The process starts with the identification of the attributes that act as signs of the incident. The next step involves codifying these signs as custom signatures to help the organization assess the scope of the incident and later contain it. Continue reading Context-Specific Signatures for Computer Security Incident Response


Why Stuxnet Isn't APT

Stuxnet has become so buzz-worthy that I almost feel like an article relating it to "APT" is the epitome of anecdotal industry naval-gazing. Making a qualitative assessment of each can be a useful exercise in classifying and understanding the threat landscape, however. This in turn helps clarify risk, driving resource allocation, investment, and R&D. Even more important than the conclusions presented herein, I want to elucidate some of the analysis that goes into threat assessments so that others might be empowered to do the same. Continue reading Why Stuxnet Isn't APT


Digital Forensics Case Leads: Do SSD Drives Auto Destroy Forensic Evidence? Industrial Espionage, and Cloud Computing Forensics

Solid State Drives (SSD) Forensics continue as the top story this week. Two University researchers published shocking research that indicates that the firmware in SSDs can destroy forensic evidence as part of it's everyday functionality. Details in MUST Reads (upgrading this week from "Good Reads"). Apple made big news with the launch of new tablet … Continue reading Digital Forensics Case Leads: Do SSD Drives Auto Destroy Forensic Evidence? Industrial Espionage, and Cloud Computing Forensics


Digital Forensics Case Leads: Hacking, Lawsuits and Bricking Phones

This week we have a new tool for malware analysis from the Honeynet Project. A informative story on the HBGary hack, Google getting hit with an antitrust suit as well as Microsoft bricking phones. Don't forget to check out the upcoming training events comingto a city near you. If you have an article, news story … Continue reading Digital Forensics Case Leads: Hacking, Lawsuits and Bricking Phones