SANS Digital Forensics and Incident Response Blog: Category - SIFT Workstation

Java IDX Sample Files from Java Spearphishing Attack from SANS FOR508

Earlier this year, SANS created the most in-depth incident response training scenario that spans multiple systems in FOR508: Advanced Forensic Analysis and Incident Response. We discussed the entire scenario in a blog titled: "Is Anti-Virus Really Dead? A Real-World Simulation Created for Forensic Data Yields Surprising Results" One of the biggest complaints that many have … Continue reading Java IDX Sample Files from Java Spearphishing Attack from SANS FOR508


FTK 4 Added to SANS FOR408 Windows Forensics Training Course

We are pleased to report the successful introduction of Access Data's Forensic Toolkit (FTK) v4 into the SANS FOR408 Course (Computer Forensic Investigations - Windows In-Depth). While students have access to well over a hundred free and open source tools during the course, we also felt it important for them to gain an understanding of … Continue reading FTK 4 Added to SANS FOR408 Windows Forensics Training Course


New Advanced Persistent Threat Based - FOR508 Released in On-Demand

It begins on Day 0: A 3-4 letter government agency contacts your organization about some data that was found at another location. Don't ask us how we know, but you should probably check out several of your systems. You are compromised by the APT. Most organizations are left speechless as 90% of all intrusions are … Continue reading New Advanced Persistent Threat Based - FOR508 Released in On-Demand


BRAND NEW #DFIR COURSE - Windows Memory Forensics In-Depth

Memory analysis skills are one of the most in-demand skills for digital forensics, incident response, and malware analysts today. This August, SANS is introducing a brand new 5-day class dedicated to Windows Memory Forensics. The hands-on course, written by memory forensics pioneer Jesse Kornblum, is incredibly comprehensive and SANS is proud to offer it in … Continue reading BRAND NEW #DFIR COURSE - Windows Memory Forensics In-Depth


The APT is already in your network. Time to go hunting — Learn how in new training course SANS FOR508

The Advanced Persistent Threat is already in your network. Time to go hunting. It begins on Day 0: A 3-4 letter government agency contacts your organization about some data that was found at another location. Don't ask us how we know, but you should probably check out several of your systems including 10.3.58.7. You are … Continue reading The APT is already in your network. Time to go hunting — Learn how in new training course SANS FOR508