SANS Digital Forensics and Incident Response Blog: Tag - anti-virus

Is Anti-Virus Really Dead? A Real-World Simulation Created for Forensic Data Yields Surprising Results

One of the biggest complaints that many have in the DFIR community is the lack of realistic data to learn from. Starting a year ago, I planned to change that through creating a realistic scenario based on experiences from the entire cadre of instructors at SANS and additional experts who reviewed and advised the attack … Continue reading Is Anti-Virus Really Dead? A Real-World Simulation Created for Forensic Data Yields Surprising Results


NCS vs DRN - Educating the Client

As forensic analysis, our product is only as good as our input. And unfortunately, many times our input is not what we would hope for.

If you have worked many unauthorized access cases in the past, you know what I am talking about. These cases are my favorite to work honestly. Seeing the new methods used to compromise systems and the challenge of trying to find every way the system was affected is great. However, much of the evidence from these cases has issues that are common from one case to the next.

First response

For years now users have been taught that on the first sign of problems with their system, the best thing to do is run a full anti-virus check of the entire system. And for good measure, follow that up with an anti-malware scan or two. And for the most part users have got this message.

It is not just users that do this. How many times do you see companies with very informal incident response plans which leaves the process of what to do

... Continue reading NCS vs DRN - Educating the Client