SANS Digital Forensics and Incident Response Blog: Category - SANS Institute

Top 11 Reasons Why You Should NOT Miss the SANS DFIR Summit and Training this Year

The SANSDFIR Summit and Training 2018is turning 11!The 2018 event marks 11 years since SANS started what is todaythedigital forensics and incident response event of the year, attended by forensicators time after time. Join us and enjoy the latest in-depth presentations from influential DFIR experts and the opportunity to take an array of hands-on SANS … Continue reading Top 11 Reasons Why You Should NOT Miss the SANS DFIR Summit and Training this Year


Meltdown and Spectre - Enterprise Action Plan

Meltdown and Spectre - Enterprise Action Plan by SANS Senior Instructor Jake Williams Blog originally posted January 4, 2018 by RenditionSec MELTDOWN SPECTRE VULNERABILITIES Unless you've been living under a rock for the last 24 hours, you've heard about the Meltdown and Spectre vulnerabilities. I did a webcast with SANS about these vulnerabilities, how they … Continue reading Meltdown and Spectre - Enterprise Action Plan


WannaCry Ransomware Threat : What we know so far - WEBCAST slides

The WannaCry ransomware worm is unprecedented for two reasons. First, it's a ransomware worm. Second, it appears to be using a recently patched exploit that was stolen from NSA to propagate. Jake Williams' firm, Rendition Infosec, has been tracking the use of this exploit since it was publicly released and completed another internet-wide scan of … Continue reading WannaCry Ransomware Threat : What we know so far - WEBCAST slides


FOR408: Windows Forensic Analysis has been renumbered to FOR500: Windows Forensics Analysis

The FOR408: Windows Forensic Analysis course was renumbered to FOR500: Windows Forensic Analysis. SANS renumbered the course to better reflect the course's intermediate-level material. The content of the course will remain basically the same, although it will be constantly updated to reflect changes in the field. FREQUENTLY ASKED QUESTIONS Why change the course … Continue reading FOR408: Windows Forensic Analysis has been renumbered to FOR500: Windows Forensics Analysis


A Technical Autopsy of the Apple - FBI Debate using iPhone forensics

The technical basics of the case is that FBI is trying to compel Apple Inc. to help create a new capability installed on the suspect's iPhone that would enable with the following degraded security mechanisms: Allow the FBI to submit passcode "electronically via the physical device port" Will not wipe underlying data after 10 incorrect … Continue reading A Technical Autopsy of the Apple - FBI Debate using iPhone forensics