SANS Digital Forensics and Incident Response Blog

SANS Digital Forensics and Incident Response Blog

SANS ThreatConnect DFIR Threat Intelligence Sharing Community Announced

ARLINGTON, Va.-(BUSINESS WIRE)-ThreatConnect Inc., creator of the most widely adopted Threat Intelligence Platform (TIP), today announceda partnership with SANS Digital Forensics and Incident Response (DFIR). The partnership will bring together the two organizations' strengths - ThreatConnect's Cyber Threat Intelligence (CTI) aggregation, analytics and community collaboration with SANS' cutting-edge Incident Response training courses. "We are seeing … Continue reading SANS ThreatConnect DFIR Threat Intelligence Sharing Community Announced

Using ProcDOT Plugins to Examine PCAP Files When Analyzing Malware

ProcDOT is a free tool for analyzing the actions taken by malware when infecting a laboratory system. ProcDOT supports plugins, which could extend the tool's built-in capabilities. This article looks at two plugins that help examine contents of the network capture file loaded into ProcDOT.

Threat Hunting and Incident Response Summit - CFP - Closing 12 Oct

The inaugural Threat Hunting and Incident Response Summit will be held in New Orleans, LA on April 12- 13, 2016. The Threat Hunting & Incident Response Summit 2016 focuses on specific hunting and incident response techniques and capabilities that can be used to identify, contain, and eliminate adversaries targeting your networks. Attend this summit … Continue reading Threat Hunting and Incident Response Summit - CFP - Closing 12 Oct

Update for DensityScout

There's a new build of DensityScout available (https://cert.at/downloads/software/densityscout_en.html). For the new build a scenario has been addressed where DensityScout could start to hang/loop during file computation. Happy DensityScout-ing ... Christian

Timeline analysis with Apache Spark and Python

This blog post introduces a technique for timeline analysis that mixes a bit of data science and domain-specific knowledge (file-systems, DFIR). Analyzing CSV formatted timelines by loading them with Excel or any other spreadsheet application can be inefficient, even impossible at times. It all depends on the size of the timelines and how many different … Continue reading Timeline analysis with Apache Spark and Python