SANS Digital Forensics and Incident Response Blog: Category - SIFT Workstation

BRAND NEW #DFIR COURSE - Windows Memory Forensics In-Depth

Memory analysis skills are one of the most in-demand skills for digital forensics, incident response, and malware analysts today. This August, SANS is introducing a brand new 5-day class dedicated to Windows Memory Forensics. The hands-on course, written by memory forensics pioneer Jesse Kornblum, is incredibly comprehensive and SANS is proud to offer it in … Continue reading BRAND NEW #DFIR COURSE - Windows Memory Forensics In-Depth


The APT is already in your network. Time to go hunting — Learn how in new training course SANS FOR508

The Advanced Persistent Threat is already in your network. Time to go hunting. It begins on Day 0: A 3-4 letter government agency contacts your organization about some data that was found at another location. Don't ask us how we know, but you should probably check out several of your systems including 10.3.58.7. You are … Continue reading The APT is already in your network. Time to go hunting — Learn how in new training course SANS FOR508


Is Anti-Virus Really Dead? A Real-World Simulation Created for Forensic Data Yields Surprising Results

One of the biggest complaints that many have in the DFIR community is the lack of realistic data to learn from. Starting a year ago, I planned to change that through creating a realistic scenario based on experiences from the entire cadre of instructors at SANS and additional experts who reviewed and advised the attack … Continue reading Is Anti-Virus Really Dead? A Real-World Simulation Created for Forensic Data Yields Surprising Results


Advanced Computer Forensic Analysis and Incident Response (FOR508) Hanover MD

Stepping away from the trenches of the daily grind for a week of training can seem next to impossible, given today's tight training budgets and operational tempo. Yet, for information security professionals, keeping technical skills current and staying abreast of the latest security vulnerabilities and "best practices" is a matter of necessity. So, how can … Continue reading Advanced Computer Forensic Analysis and Incident Response (FOR508) Hanover MD


Digital Forensic SIFTing: String Searching and File Carving using srch_strings_wrap

The latest version of the SIFT 2.12contains a few scripts I wrote, and Rob asked me to write a post for the blog going over their functionality. The scripts add on to the functionality provided by The Sleuth Kit's srch_strings to provide additional information on string matches and automatically carve out matching files or blocks. … Continue reading Digital Forensic SIFTing: String Searching and File Carving using srch_strings_wrap