SANS Digital Forensics and Incident Response Blog

Digital Forensics & Incident Response (DFIR) Summit Social Media Ambassadors

The SANSDFIR Summit team is looking for Social Media Ambassadors Are you a social media influencer in the DFIR space? We are looking for you! The SANS DFIR Summit Team is looking for two social media rock stars that can share their DFIR Summit experiences onsite and provide a post-summit event analysis. The ideal … Continue reading Digital Forensics & Incident Response (DFIR) Summit Social Media Ambassadors


The Problems with Seeking and Avoiding True Attribution to Cyber Attacks

By Robert M. Lee Attribution to cyber attacks means different things to different audiences. In some cases analysts only care about grouping multiple intrusions together to identify an adversary group or their campaign. This helps analysts identify and search for patterns. In this case analysts often use made up names such as "Sandworm" just to … Continue reading The Problems with Seeking and Avoiding True Attribution to Cyber Attacks


A Technical Autopsy of the Apple - FBI Debate using iPhone forensics

The technical basics of the case is that FBI is trying to compel Apple Inc. to help create a new capability installed on the suspect's iPhone that would enable with the following degraded security mechanisms: Allow the FBI to submit passcode "electronically via the physical device port" Will not wipe underlying data after 10 incorrect … Continue reading A Technical Autopsy of the Apple - FBI Debate using iPhone forensics


SANS #ThreatHuntingSummit Valentine Twitter Contest

Love is in the air and we at SANS DFIR want to celebrate February, the month of love and friendship. To show how much we care about our follower friends, we have created the #ThreatHuntingSummit Twitter contest. This contest comes with a fantastic prize, check it out! On April 12th through 19th, SANS along with … Continue reading SANS #ThreatHuntingSummit Valentine Twitter Contest


SANS third annual incident response survey is now online

The third annual SANS survey on incident response is now online. This survey will help us look at the continuing evolution of incident response, how tactics and tools have changed in the last three years and how security professionals are dealing with increasing numbers and kinds of attacks. If you are a professional working with … Continue reading SANS third annual incident response survey is now online