SANS Digital Forensics and Incident Response Blog: Category - Memory Analysis

Digital Forensics Case Leads: News from CES Las Vegas Might Open Doors for Automotive Forensics, Landmark Legal Rulings Impact DFIR Investigators, and Tackling Insider Fraud

In this issue of Case Leads we go around the globe to cover telematics app development from Ford at CES Las Vegas; to Russia for new tools that allow investigators to access files users try to keep encrypted; an anti-forensic tool that tries to hide details from memory forensic tools; the insider fraud threat; and … Continue reading Digital Forensics Case Leads: News from CES Las Vegas Might Open Doors for Automotive Forensics, Landmark Legal Rulings Impact DFIR Investigators, and Tackling Insider Fraud


Brand New - Windows Memory Analysis In-Depth - Course Launch

Memory analysis skills are one of the most in-demand skills for digital forensics, incident response, and malware analysts today. In 2013, SANS is introducing a brand new 5-day class dedicated to Windows Memory Forensics. The hands-on course, written by memory forensics pioneer and developerJesse Kornblum, is incredibly comprehensive and SANS is proud to offer it … Continue reading Brand New - Windows Memory Analysis In-Depth - Course Launch


Case Leads: Report on Emerging Cyber Threats, Updates to Forensics Applications, Malware Trends, and more.

This week's edition of CaseLeads features a report on emerging cyber threats, another report about malware and vulnerabilities,research about the head of a new anti-virus firm, updates to the Oxygen Forensics Suite and Memoryze for the Mac. There's also a story about how email led to several discoveries in the case of theCIA director that … Continue reading Case Leads: Report on Emerging Cyber Threats, Updates to Forensics Applications, Malware Trends, and more.


New Advanced Persistent Threat Based - FOR508 Released in On-Demand

It begins on Day 0: A 3-4 letter government agency contacts your organization about some data that was found at another location. Don't ask us how we know, but you should probably check out several of your systems. You are compromised by the APT. Most organizations are left speechless as 90% of all intrusions are … Continue reading New Advanced Persistent Threat Based - FOR508 Released in On-Demand


Four Focus Areas of Malware Analysis

Malware analysis and the forensic artifacts involved are made up of four areas of focus. The four areas of focus are behavior, code, memory, and intelligence analysis. Each has its own techniques which will be covered briefly. An analyst is in the middle of a case and finds an executable artifact. In searching the hash … Continue reading Four Focus Areas of Malware Analysis