SANS Digital Forensics and Incident Response Blog: Category - Malware Analysis

22 May 2017

Three Steps to Communicate Threat Intelligence to Executives.

0 comments Posted by John Franolich
Filed under Advanced Persistent Threat, apt, Cyber Kill Chain, Cyber Threat Intelligence, Malware Analysis, Reporting, Threat Hunting, Threat Hunting & Incident Response Summit

As the community of security professionals matures there is a merging of the intel community, the incident response professionals, and security operations. One struggle folks have is how to make the threat intelligence actionable for the business. You have the large data from Recorded Future, yet, how do you apply the data in a practical … Continue reading Three Steps to Communicate Threat Intelligence to Executives.


Tags: Business Risk, Cyber threat intelligence, Malware Analysis
13 May 2017

WannaCry Ransomware Threat : What we know so far - WEBCAST slides

0 comments Posted by sansdfir
Filed under Advanced Persistent Threat, apt, Computer Forensics, Computer Forensics and IR Summit, Cyber Threat Intelligence, Incident Response, Malware Analysis, SANS Institute, Threat Hunting, Threat Hunting & Incident Response Summit, WannaCry Ransomware

The WannaCry ransomware worm is unprecedented for two reasons. First, it's a ransomware worm. Second, it appears to be using a recently patched exploit that was stolen from NSA to propagate. Jake Williams' firm, Rendition Infosec, has been tracking the use of this exploit since it was publicly released and completed another internet-wide scan of … Continue reading WannaCry Ransomware Threat : What we know so far - WEBCAST slides


Tags: WannaCry Ransomware
11 May 2017

Turning a Snapshot into a Story: Simple Method to Enhance Live Analysis

0 comments Posted by Adam Kramer
Filed under Computer Forensics, Incident Response, Linux IR, Malware Analysis, Memory Analysis, Windows IR

System snapshots are a core component when conducting forensic analysis on a live machine. They provide critical insight intowhat was going on at the time they were taken, but this is also their limitation: your view is limited to a precise moment in time, without context and the opportunity to observe changes as they … Continue reading Turning a Snapshot into a Story: Simple Method to Enhance Live Analysis

05 May 2017

Rapid Provisioning of a Malware Analysis Environment

1 comments Posted by Adam Kramer
Filed under Computer Forensics, Evidence Acquisition, Evidence Analysis, Incident Response, Malware Analysis

The preparation of a malware analysis environment can often be a lengthy and repetitive process. I am not referring to setting up a virtual machine which contains all of your tools, but rather recognising that each sample you analyse may have very specific environmental requirements before it is willing to execute fully. For example, it … Continue reading Rapid Provisioning of a Malware Analysis Environment

20 Dec 2016

DFIR Summit 2017 - CALL FOR PRESENTATIONS

1 comments Posted by sansdfir
Filed under Advanced Persistent Threat, Browser Forensics, Computer Forensics, Computer Forensics and IR Summit, DFIR Summit, Drive Encryption, Evidence Acquisition, Incident Response, Malware Analysis, Memory Analysis, Mobile Device Forensics, Network Forensics, Network Forensics, Registry Analysis, Reverse Engineering, USB Device Analysis, Windows Memory Forensics

Call for Presentations Now Open! Submit your proposal here: http://dfir.to/DFIR-CFP-2017 Deadline: January 16th at 5pm CT The 10th Annual Digital Forensics and Incident Response Summit Call for Presentations is open through 5 pm EST on Monday, January 16, 2017. If you are interested in presenting or participating on a panel, we'd be … Continue reading DFIR Summit 2017 - CALL FOR PRESENTATIONS

Categories
Recent Posts
Archives
Links
Latest Blog Posts

SANS Cyber Threat Intelligence Summit 2018 - CALL FOR SPEAKERS NOW OPEN
July 11, 2017 - 5:05 PM

Understanding EXT4 (Part 6): Directories
June 07, 2017 - 6:31 PM

Beats and Bytes – Striking the Right Chord in Digital Forensics
May 22, 2017 - 8:10 PM

Latest Tweets @sansforensics

Blog by @cindymurph: Apple Continuity and iCloud Data Leakag [...]
July 28, 2017 - 12:18 AM

Gain cutting-edge skills to defend your organization at #SAN [...]
July 27, 2017 - 9:00 PM

Blown away again! #FOR610 is intense challenging relevant .. [...]
July 27, 2017 - 5:30 PM

Latest Papers

Loki-Bot: Information Stealer, Keylogger, & More!
By Rob Pantazopoulos

The Importance of Business Information in Cyber Threat Intelligence (CTI), the information required and how to collect it
By Deepak Bellani

Detection of Backdating the System Clock in Windows
By Xiaoxi Fan

"This course is valuable to Law Enforcement professionals that conduct computer crime investigations."
- Reggie Harris, Federal Agent - DPE, OIG

"For my line of work, basic & extensive understanding of the file system is extremely important. The literature and books on file systems for me are very critical & thanks you for them, great reference material"
- Vince Ramirez, Las Vegas Metro P.D.

"This course is filling in the blanks in my knowledge of how some things work. It is nice to know what the tools are doing."
- Douglas Couch, Purdue University