SANS Digital Forensics and Incident Response Blog: Category - Network Forensics

Case Leads: The Digital Forensics Case of the Decade? Digital Forensics at US Border Crossings; Serious Flaw in Enterprise Firewalls? The Feds Re-examine DFIR As Data Shifts To The Cloud

The digital forensic and ediscovery case of the decade could describe the litigation between Facebook and a man that claims he has a contract and emails from Harvard Student Mark Zukerberg for 50% ownership of "The Face Book" as an early-stage investor. There are more questions than answers in this case right now, among them: … Continue reading Case Leads: The Digital Forensics Case of the Decade? Digital Forensics at US Border Crossings; Serious Flaw in Enterprise Firewalls? The Feds Re-examine DFIR As Data Shifts To The Cloud


Digital Forensics Case Leads: New Year brings DEFT and DFF updates, interesting reads and upcoming events

This week we have updates to two great tools, a variety of interesting reads, including one to come soon, and some events to fill your calendar for the 1st quarter of the new year. Tools: Arxsys has released V0.9 of the open source Digital Forensics Framework (DFF), which has some cool new features. You can … Continue reading Digital Forensics Case Leads: New Year brings DEFT and DFF updates, interesting reads and upcoming events


Favoring Frameworks for Intrusion Detection and Prevention

Revealing, maturing, and utilizing indicators through their lifecycle is the analytical engine behind Security Intelligence (or, if you prefer, Intel-driven CND). Each of these actions can be enhanced with custom, FOSS, and COTS tools, but perhaps no aspect relies on tools more heavily than the act of leveraging intelligence. The data rates and sizes of today's computers and networks mean that only through the use of automation can intelligence be leveraged - manual searching and correlation by analysts is simply impossible. Thus, the ability to codify intelligence in network and host security tools defines the limits of an organization's effective use of that intelligence. Continue reading Favoring Frameworks for Intrusion Detection and Prevention


Digital Forensics Case Leads: Incident Response Hits The Mainstream; Powerful Tech Fighting CP; Acquisition Errors Can Cost Case

Incident Response Lead Story: Why it pays to have incident response in a Wikileaks world. The Wikileaks story is having a ripple effect that shows no sign of abating. As of this writing, according to a spokesperson for PandaSecurity: the following web sites have been attacked in the name of defending the actions of Wikileaks: … Continue reading Digital Forensics Case Leads: Incident Response Hits The Mainstream; Powerful Tech Fighting CP; Acquisition Errors Can Cost Case


Digital Forensics Case Leads: Industrial Controls Forensics, Cracking Crackberries, Mobile Forensics

While most technical and non-technical types focus on servers, desktop, and mobile phones/pads when thinking about security and forensics, an area of growing concern is industrial controls security. This was brought to light in the wake of the Stuxnet worm. The accusations continue to fly, via arm-chair forensics. Was it an attack on Iran? Or maybe an attack against India, since it seems Stuxnet may have knocked out a TV Satellite. Security honcho Bruce Schnier says we may never know.

What is certain is a growing concern over industrial controls security. According to a San Francisco Chronicle story that ran on this week: "... Liam O Murchu, a researcher with the computer security firm Symantec, used a

...