SANS Digital Forensics and Incident Response Blog

A Sneak Peek at Pokemon Go Application Forensics

This post was originally posted on Murphy's Law Blog authored by SANS Certified Instructor Cindy Murphy Listen to the webcast here UPDATED 7/22/16 - Thanks to Warren Raquel (@warquel) a Senior Security Engineer at the National Center for Supercomputing Applications, Android location information has been SOLVED! See the Android Location Information section below. "Some trainers … Continue reading A Sneak Peek at Pokemon Go Application Forensics


CALL FOR PAPERS - SANS Cyber Threat Intelligence Summit 2017

Summit Dates: January 31, 2017 and February 1, 2017 Training Course Dates: January 25-30, 2017Summit Venue: Renaissance Arlington Capital View Hotel — Arlington, VA Deadline to Submit is July 29, 2016. To submit click here This year the CTI Summit is going old school. CTI is a relatively new field, however … Continue reading CALL FOR PAPERS - SANS Cyber Threat Intelligence Summit 2017


Let's Talk About Data Recovery

A recent spate of messages on a list serve triggered this rather verbose article, so my apologies for its length. Even thus, it barely scratches the surface of the technology. Obviously I can't get into every facet of data recovery, but my goal is to hit the main points, explain some of the things that … Continue reading Let's Talk About Data Recovery


Digital Forensics & Incident Response (DFIR) Summit Social Media Ambassadors

The SANSDFIR Summit team is looking for Social Media Ambassadors Are you a social media influencer in the DFIR space? We are looking for you! The SANS DFIR Summit Team is looking for two social media rock stars that can share their DFIR Summit experiences onsite and provide a post-summit event analysis. The ideal … Continue reading Digital Forensics & Incident Response (DFIR) Summit Social Media Ambassadors


The Problems with Seeking and Avoiding True Attribution to Cyber Attacks

By Robert M. Lee Attribution to cyber attacks means different things to different audiences. In some cases analysts only care about grouping multiple intrusions together to identify an adversary group or their campaign. This helps analysts identify and search for patterns. In this case analysts often use made up names such as "Sandworm" just to … Continue reading The Problems with Seeking and Avoiding True Attribution to Cyber Attacks