SANS Digital Forensics and Incident Response Blog: Category - Incident Response

SANS third annual incident response survey is now online

The third annual SANS survey on incident response is now online. This survey will help us look at the continuing evolution of incident response, how tactics and tools have changed in the last three years and how security professionals are dealing with increasing numbers and kinds of attacks. If you are a professional working with … Continue reading SANS third annual incident response survey is now online


Threat Hunting & Incident Response Summit Social Media Ambassadors

The SANS Summit team is looking for #ThreatHuntingSummit social media ambassadors! What is a social media ambassador? Someone who is a social media influencer in the DFIR and Threat Hunting space. We are looking for those rock stars who take this upcoming training very seriously but at the same time we want to show why … Continue reading Threat Hunting & Incident Response Summit Social Media Ambassadors


DFIR Summit 2016 - Call for Papers Now Open

The 9th annual Digital Forensics and Incident Response Summit will once again be held in the live musical capital of the world, Austin, Texas. The Summit brings together DFIR practitioners who share their experiences, case studies and stories from the field. Summit attendees will explore real-world applications of technologies and solutions from all aspects of … Continue reading DFIR Summit 2016 - Call for Papers Now Open


Cloak Your Incident Investigation with Confidentiality

Summary: When an enterprise investigates a data security incident, it is often wise to involve legal counsel early. Counsel may be able to ensure the details of the investigation are kept confidential by law. Infosec Law and Politics Are Dangerous. The law and politics surrounding data security are highly adversarial. Legal and political adversaries have … Continue reading Cloak Your Incident Investigation with Confidentiality


A Threat Intelligence Script for Qualitative Analysis of Passwords Artifacts

The Verizon Data Breach Report has consistently said, over the years, passwords are a big part of breach compromises. Dr. Lori Cranor, and her team, at CMU has done extensive research on how to choose the best password policies verses usability. In addition, Alison Nixon's research describes techniques to determine valid password of an organization … Continue reading A Threat Intelligence Script for Qualitative Analysis of Passwords Artifacts