SANS Digital Forensics and Incident Response Blog: Tag - f-response

F-Response Enterprise now in FOR508: Advanced #DFIR

Starting in August, 2014 - F-Response Enterprise is now part of the SANS 508 Training Course and students will receive it while attending the course. FOR508 has been updated with cutting edge Enterprise Incident Response capabilities. Starting in the Virginia Beach course attendees will receive a 3 month F-Response Enterprise license as part of the … Continue reading F-Response Enterprise now in FOR508: Advanced #DFIR

Windows Physical Memory: Finding the Right Tool for the Job

I'm a big proponent of live incident response and forensic analysis, and as such, I've been following the windows memory analysis field of research closely for the last 3 years. There have been leaps and bounds made over the last year with the release of many great acquisition and analysis tools; however, there are caveats that must be taken into consideration before simply inserting these tools into your investigations. You must know what you're doing, how the tools you're using will impact the system and be able to explain those things to others, whether they be peers or jurors.

I also believe in having more than one "right" tool for the job as it gives me choices as I conduct an investigation and it provides validation that each tool is doing what it should. Below is a comprehensive list of available tools accompanied by screenshots