SANS Digital Forensics and Incident Response Blog: Category - Windows Memory Forensics

Finding Evil on Windows Systems - SANS DFIR Poster Release

Adding to our ever growing number of Posters and Cheat Sheets for DFIR, we are proud to announce the availability of a brand new SANS DFIR Poster "Finding Evil" created by SANS Instructors Mike Pilkington and Rob Lee. This poster was released with the SANSFIRE 2014 Catalog you might already have one. If you did … Continue reading Finding Evil on Windows Systems - SANS DFIR Poster Release


FOR526 (Memory Forensics) Course Updates - Live at DFIRCON!

Alissa Torres and Jake Williams recently updated the material in FOR526 just in time for DFIRCON. Previously, FOR526 focused largely on malware investigations. However, this new revision places new emphasis on misuse/criminal investigations and those investigations where malware may not have been used. We see a lot of those cases now, where by the time … Continue reading FOR526 (Memory Forensics) Course Updates - Live at DFIRCON!


Windows 8 / Server 2012 Memory Forensics

With Memoryze 3.0, the folks at Mandiant hit their mid-summer goal to roll out memory analysis support for Windows 8 (x86 and x64) and Server 2012 (x64). While support has not yet been rolled into Redline collector scripts, data collected by Memoryze can be loaded and analyzed in the Redline interface. This is no real … Continue reading Windows 8 / Server 2012 Memory Forensics


Caseleads: South Korea Attack Forensics; Google Glass Brings Discoverable Evidence To Litigation; The Post Data Breach Boom; Fighting Insider Fraudsters

Mark this date: On March 20th 2013, the non-technical managers may finally start to understand what a digital forensics professional actually does. With the massive cyber attacks on South Korean banks, media outlets, and ISPs, the role of forensicators is put front and center. The attack(s) resulted in widespread ATM outages, online banking and mobile … Continue reading Caseleads: South Korea Attack Forensics; Google Glass Brings Discoverable Evidence To Litigation; The Post Data Breach Boom; Fighting Insider Fraudsters


Brand New - Windows Memory Analysis In-Depth - Course Launch

Memory analysis skills are one of the most in-demand skills for digital forensics, incident response, and malware analysts today. In 2013, SANS is introducing a brand new 5-day class dedicated to Windows Memory Forensics. The hands-on course, written by memory forensics pioneer and developerJesse Kornblum, is incredibly comprehensive and SANS is proud to offer it … Continue reading Brand New - Windows Memory Analysis In-Depth - Course Launch