SANS Digital Forensics and Incident Response Blog: Category - Memory Analysis

New Advanced Persistent Threat Based - FOR508 Released in On-Demand

It begins on Day 0: A 3-4 letter government agency contacts your organization about some data that was found at another location. Don't ask us how we know, but you should probably check out several of your systems. You are compromised by the APT. Most organizations are left speechless as 90% of all intrusions are … Continue reading New Advanced Persistent Threat Based - FOR508 Released in On-Demand


Four Focus Areas of Malware Analysis

Malware analysis and the forensic artifacts involved are made up of four areas of focus. The four areas of focus are behavior, code, memory, and intelligence analysis. Each has its own techniques which will be covered briefly. An analyst is in the middle of a case and finds an executable artifact. In searching the hash … Continue reading Four Focus Areas of Malware Analysis


Digital Forensics Case Leads: Skype acting weird, Mircosoft backdooring Skype! Volatility with x64 support... Facebook censoring chats for criminal activities!? A Russian hacker challenge Apple by bypassing Apple Store authentication mechanism and get apps for free!!! All that and more, this week on Case Leadsâ¦

In this week of Case Leads, we hear lot of Skype problems, claims that Microsoft is backdooring Skype and Facebook censoring chats for illegal activities'' Moreover, Apple seems to fail on fixing a bug found by a Russian hacker that enable an attacker to bypass authentication mechanism and let him get paid apps for free. … Continue reading Digital Forensics Case Leads: Skype acting weird, Mircosoft backdooring Skype! Volatility with x64 support... Facebook censoring chats for criminal activities!? A Russian hacker challenge Apple by bypassing Apple Store authentication mechanism and get apps for free!!! All that and more, this week on Case Leads''


BRAND NEW #DFIR COURSE - Windows Memory Forensics In-Depth

Memory analysis skills are one of the most in-demand skills for digital forensics, incident response, and malware analysts today. This August, SANS is introducing a brand new 5-day class dedicated to Windows Memory Forensics. The hands-on course, written by memory forensics pioneer Jesse Kornblum, is incredibly comprehensive and SANS is proud to offer it in … Continue reading BRAND NEW #DFIR COURSE - Windows Memory Forensics In-Depth


New version of Nmap, 60TB hard drives on the way, attacker trends, & a dissected web attack

This week's edition of Case Leads features updates to a popular network scanning tool and another application which may be useful in gaining access to encrypted documents. We also have an article detailing a recent attack against a website and a couple of papers that look at attack trends. There's news that hard drives could … Continue reading New version of Nmap, 60TB hard drives on the way, attacker trends, & a dissected web attack