SANS Digital Forensics and Incident Response Blog: Category - REMnux

Coin Check: Win the challenge, join the elite list of lethal forensicators & take home a brand new DFIR challenge coin!

Hundreds of SANS Institute digital forensics students have stepped up to the challenge and conquered. They've mastered the concepts and skills, beat out their classmates, and proven their prowess. These are the elite, the recipients of the SANS Lethal Forensicator Coin, an award given to a select portion of the thousands of students that … Continue reading Coin Check: Win the challenge, join the elite list of lethal forensicators & take home a brand new DFIR challenge coin!


4 Cheat Sheets for Malware Analysis

DFIR professionals have much to remember. Conveniently, 4 of Lenny Zeltser's cheat sheets summarize key tools and techniques for analyzing and reverse-engineering malicious software. Continue reading 4 Cheat Sheets for Malware Analysis


Using ProcDOT Plugins to Examine PCAP Files When Analyzing Malware

ProcDOT is a free tool for analyzing the actions taken by malware when infecting a laboratory system. ProcDOT supports plugins, which could extend the tool's built-in capabilities. This article looks at two plugins that help examine contents of the network capture file loaded into ProcDOT. Continue reading Using ProcDOT Plugins to Examine PCAP Files When Analyzing Malware


How to Install SIFT Workstation and REMnux on the Same Forensics System

Combine SIFT Workstation and REMnux on a single system to create a supercharged Linux toolkit for digital forensics and incident response tasks. Here's how. Continue reading How to Install SIFT Workstation and REMnux on the Same Forensics System


Installing the REMnux Virtual Appliance for Malware Analysis

REMnux is a lightweight Linux distribution for assisting malware analysts with reverse-engineering malicious software. Here is how to install the REMnux virtual appliance using common virtualization tools, such as VMware and VirtualBox, thanks to the Open Virtualization Format (OVF/OVA). Continue reading Installing the REMnux Virtual Appliance for Malware Analysis