SANS Digital Forensics and Incident Response Blog: Category - Incident Response

Offline Autoruns Revisited - Auditing Malware Persistence

I was digging through the archives recently and stumbled upon my old post, Autoruns and Dead Computer Forensics. Autoruns is an indispensable tool from Sysinternals that extracts data from hundreds of potential auto-start extensibility points (ASEPs), a fancy Microsoft term for locations that can grant persistence to malicious code. We leverage live Autoruns collection in … Continue reading Offline Autoruns Revisited - Auditing Malware Persistence


SANS Threat Hunting and Incident Response Summit 2019 Call for Speakers - Deadline 5/6

Summit Dates: September 30 & October 1, 2019 Call for Presentations Closes on Monday, May 6, 2019 at 5 p.m. CST Submit your presentation here The Threat Hunting & Incident Response Summit will focus on specific hunting and incident response technique and capabilities that can be used to identify, contain, and eliminate adversaries targeting your … Continue reading SANS Threat Hunting and Incident Response Summit 2019 Call for Speakers - Deadline 5/6


Investigating WMI Attacks

WMI as an attack vector is not new. It has been used to aid attacks within Microsoft networks since its invention. However, it has been increasingly weaponized in recent years, largely due to its small forensic footprint. In a world of greater enterprise visibility and advanced endpoint protection, blending in using native tools is … Continue reading Investigating WMI Attacks


Investigate and fight cyberattacks with SIFT Workstation

Digital forensics and incident response (DFIR) has hit a tipping point. No longer just for law enforcement solving cybercrimes, DFIR tools and practices are a necessary component of any organization's cybersecurity. After all, attacks are increasing daily and getting more sophisticated - exposing millions of people's personal data, hijacking systems around the world and … Continue reading Investigate and fight cyberattacks with SIFT Workstation


Gamble? Not with your future

By Lee Whitfield Honestly, I've never been big into gambling. The closest I've come is buying a lottery ticket when I was 18. While I understand the excitement, the science, and compulsion, it has just never been a huge draw for me personally. There are many things that fall into the category of gambling. You … Continue reading Gamble? Not with your future