The 9th annual Digital Forensics and Incident Response Summit will once again be held in the live musical capital of the world, Austin, Texas. The Summit brings together DFIR practitioners who share their experiences, case studies and stories from the field. Summit attendees will explore real-world applications of technologies and solutions from all aspects of … Continue reading DFIR Summit 2016 - Call for Papers Now Open
In recent years, malware has become very personal. Crypto-ransomware threats, including CryptoLocker, CryptoWall and TorrentLocker (pdf), have infected home users, businesses and even police departments, all of whom have had their personal data and hard work held hostage. When we think of precious family photos or an academic thesis being wiped by pure greed, it … Continue reading Identifying and Disrupting Crypto-Ransomware (and Destructive Malware)
Adding to our ever growing number of Posters and Cheat Sheets for DFIR, we are proud to announce the availability of a brand new SANS DFIR Poster "Finding Evil" created by SANS Instructors Mike Pilkington and Rob Lee. This poster was released with the SANSFIRE 2014 Catalog you might already have one. If you did … Continue reading Finding Evil on Windows Systems - SANS DFIR Poster Release
Alissa Torres and Jake Williams recently updated the material in FOR526 just in time for DFIRCON. Previously, FOR526 focused largely on malware investigations. However, this new revision places new emphasis on misuse/criminal investigations and those investigations where malware may not have been used. We see a lot of those cases now, where by the time … Continue reading FOR526 (Memory Forensics) Course Updates - Live at DFIRCON!
With Memoryze 3.0, the folks at Mandiant hit their mid-summer goal to roll out memory analysis support for Windows 8 (x86 and x64) and Server 2012 (x64). While support has not yet been rolled into Redline collector scripts, data collected by Memoryze can be loaded and analyzed in the Redline interface. This is no real … Continue reading Windows 8 / Server 2012 Memory Forensics