SANS Digital Forensics and Incident Response Blog: Category - Incident Response

Threat Hunting & Incident Response Summit Social Media Ambassadors

The SANS Summit team is looking for #ThreatHuntingSummit social media ambassadors! What is a social media ambassador? Someone who is a social media influencer in the DFIR and Threat Hunting space. We are looking for those rock stars who take this upcoming training very seriously but at the same time we want to show why … Continue reading Threat Hunting & Incident Response Summit Social Media Ambassadors


DFIR Summit 2016 - Call for Papers Now Open

The 9th annual Digital Forensics and Incident Response Summit will once again be held in the live musical capital of the world, Austin, Texas. The Summit brings together DFIR practitioners who share their experiences, case studies and stories from the field. Summit attendees will explore real-world applications of technologies and solutions from all aspects of … Continue reading DFIR Summit 2016 - Call for Papers Now Open


Cloak Your Incident Investigation with Confidentiality

Summary: When an enterprise investigates a data security incident, it is often wise to involve legal counsel early. Counsel may be able to ensure the details of the investigation are kept confidential by law. Infosec Law and Politics Are Dangerous. The law and politics surrounding data security are highly adversarial. Legal and political adversaries have … Continue reading Cloak Your Incident Investigation with Confidentiality


A Threat Intelligence Script for Qualitative Analysis of Passwords Artifacts

The Verizon Data Breach Report has consistently said, over the years, passwords are a big part of breach compromises. Dr. Lori Cranor, and her team, at CMU has done extensive research on how to choose the best password policies verses usability. In addition, Alison Nixon's research describes techniques to determine valid password of an organization … Continue reading A Threat Intelligence Script for Qualitative Analysis of Passwords Artifacts


Detecting Shellcode Hidden in Malicious Files

A challenge both reverse engineers and automated sandboxes have in common is identifying whether a particular file is malicious or not. This is especially true if the malicious aspects are obfuscated and only triggered under very specific circumstances. There are a number of techniques available to try and identify embedded shellcode, for example searching for … Continue reading Detecting Shellcode Hidden in Malicious Files