SANS Digital Forensics and Incident Response Blog: Category - SANS Institute

WannaCry Ransomware Threat : What we know so far - WEBCAST slides

The WannaCry ransomware worm is unprecedented for two reasons. First, it's a ransomware worm. Second, it appears to be using a recently patched exploit that was stolen from NSA to propagate. Jake Williams' firm, Rendition Infosec, has been tracking the use of this exploit since it was publicly released and completed another internet-wide scan of … Continue reading WannaCry Ransomware Threat : What we know so far - WEBCAST slides


FOR408: Windows Forensic Analysis has been renumbered to FOR500: Windows Forensics Analysis

The FOR408: Windows Forensic Analysis course was renumbered to FOR500: Windows Forensic Analysis. SANS renumbered the course to better reflect the course's intermediate-level material. The content of the course will remain basically the same, although it will be constantly updated to reflect changes in the field. FREQUENTLY ASKED QUESTIONS Why change the course … Continue reading FOR408: Windows Forensic Analysis has been renumbered to FOR500: Windows Forensics Analysis


A Technical Autopsy of the Apple - FBI Debate using iPhone forensics

The technical basics of the case is that FBI is trying to compel Apple Inc. to help create a new capability installed on the suspect's iPhone that would enable with the following degraded security mechanisms: Allow the FBI to submit passcode "electronically via the physical device port" Will not wipe underlying data after 10 incorrect … Continue reading A Technical Autopsy of the Apple - FBI Debate using iPhone forensics


DFIR Hero — David Cowen Interview

David Cowen is teaching our Windows Forensics Course in SANS Minneapolis in July 2015. Sign up now to take this course with David. We interviewed David so you can get to know him a bit better — he is one of the best in the industry. A leader. An astonishing analyst and visionary. He is … Continue reading DFIR Hero — David Cowen Interview


Call For Presenters — DFIR Prague 2015 #DFIRPrague

Submit your submissions to dfireuropecfp@sans.org by 5 pm BST on 1 June, 2015 with the subject "SANS DFIR Europe Summit." Dates: Summit Date: - 11 October, 2015 Pre-Summit Training Course Dates: 5-10 October, 2015 Post-Summit Training Course Dates: 12-17 October, 2015 Summit Venue: Angelo Hotel Prague Radlicka 1-G, Prague 5 Prague, CZ Phone: +420 234 … Continue reading Call For Presenters — DFIR Prague 2015 #DFIRPrague