BuzzSec

  SANS has a smorgasbord of DFIR training , and we also offer a free Linux distribution for DFIR work. Our SANS Investigative Forensic Toolkit (SIFT) Workstation is a powerful collection of tools for examining forensic artifacts related to file system, registry, memory, and network investigations. It is also available bundled as a virtual machine (VM) and includes everything one needs to conduct any in-depth forensic investigation or response investigation. The SIFT Workstation was developed by an international team of forensics experts, including entrepreneur, consultant and SANS Fellow Rob Lee , and is available to the digital forensics and incident response community as a public service. Just because it’s freely available and originally designed for training, though, doesn’t mean it can’t stand up to field investigations. The SIFT Workstation incorporates powerful, cutting-edge open-source tools that are frequently updated, vetted by the open source community and able to matc...

  By Lee Whitfield Honestly, I’ve never been big into gambling. The closest I’ve come is buying a lottery ticket when I was 18. While I understand the excitement, the science, and compulsion, it has just never been a huge draw for me personally. There are many things that fall into the category of gambling. You can choose to back your favorite sports team by putting your money where your mouth is. You may not have a lot of faith in your team and bet against them, and still call yourself a fan? You may attend a regular gathering of friends and play cards together. Gambling presents an inherent risk, hence the excitement. You run the odds in your head and determine if there’s a chance you’ll win. If the right combination of probability and odds come up, you pony up and hope for the best. However, there’s always a chance that something goes wrong and you walk away with a loss instead of a win. You may not be familiar with Steve Richards. Why would you? He’s a roofer from the UK....

Sometimes, to tackle tough challenges or overcome particularly obstinate obstacles, you’ve got to go big. No run-of-the-mill efforts or ordinary endeavors will do. It’s time for determined, extraordinary work. It’s time for bootcamp. And that’s exactly what SANS is offering with its relaunch of  FOR526 Advanced Memory Forensics and Threat Detection . Malware is more sophisticated, and its ability to evade detection growing. Cryptojacking – software programs and malware that hijack another’s computer without their knowledge to mine cryptocurrency – is one such example. Recently, researchers discovered a new cryptocurrency mining malware that employs multiple evasion techniques, including one that poses as an installer file for the Windows operating system so it seems less suspicious. And illicit cryptocurrency mining operations have increased dramatically over the past year, according to a recent Cyber Threat Alliance report , rising by as much as 459 percent in 2018. The more com...

    The 2019 DFIR Summit CFP is now open through 5 pm CST on Monday, March 4. The 12th annual SANS Digital Forensics & Incident Response (DFIR) Summit is the most comprehensive DFIR event of the year, bringing together an influential group of experts, immersion-style training, and industry networking opportunities in one place. Summit talks will explore real-world applications of technologies and solutions from all aspects of the fields of digital forensics and incident response. All talks should be technical and specific and provide actionable takeaways. The DFIR Summit offers speakers the opportunity to present their latest tools, findings, and methodologies to their DFIR industry peers. If you have something substantive, challenging, and original to offer, you are encouraged to submit a proposal. We are looking for proposed presentations on topics including, but not limited to: Case studies in Digital Forensics, Incident Response, or Media Exploitation that solv...

    Learning doesn’t stop when you leave the SANS classroom. Instructors Domenica “Lee” Crognale, Heather Mahalik and Terrance Maguire answer some of the most common questions from FOR585 Smartphone Forensics course students in these short videos:   2) An Overview of Third Party App Examination: There are millions of applications (Apps) that can be used on a smartphone. This mini webcast outlines an approach to examining these applications.             3) Why Every Examiner Needs a Test Device?: In a perfect world, we would always be examining rooted Androids and jailbroken iOS devices, but unfortunately, full access to the file system is becoming a thing of the past. This mini webcast highlights the importance of populating test devices with user data so you can better speak to the artifacts that you ARE able to access on your next examination.         4) What if Nothing Supports Android Pie (v9)? The l...

  We are excited to announce the release of an all-new version of the free SOF-ELK®, or Security Operation and Forensics ELK virtual machine. Now based on the new version of the Elastic Stack, SOF-ELK is a complete rebuild that is faster and more effortless than its predecessors, making forensic and security data analysis easier than ever.   Since its introduction about five years ago, there have been more than 10,000 downloads of SOF-ELK around the world by computer forensic investigators and information security operations personnel in the government, law enforcement and commercial sectors. The SOF-ELK platform is a customized build of the open source ELK stack , consisting of the Elasticsearch storage and search engine, Logstash ingestion and enrichment component, and the Kibana dashboard frontend.   SOF-ELK was always designed to help minimize the typically long and involved setup process the ELK stack requires by delivering a pre-built virtual appliance that ca...

You are being exposed to malicious scripts in one form or another every day, whether it be in email, malicious documents, or malicious websites. Many malicious scripts at first glance appear to be impossible to understand. However, with a few tips and some simple utility scripts, you can deobfuscate them in just a few minutes. SANS Instructor Evan Dygert conducted a webcast on October 3rd, 2018. This webcast teaches you how to cut through the obfuscation techniques the script authors use and not spend a lot of time doing it. Evan also demonstrates how to quickly deobfuscate a variety of malicious scripts. The samples of the scripts he provided during the webcast can be downloaded here: https://dfir.to/MaliciousScripts . Please note the password for the samples.zip folder is: “infected”     We hope that the techniques presented in this webcast help you to begin deobfuscating potentially malicious JavaScript.  This topic is explored in depth in the SAN...

  Mobile devices hold a trove a data that could be crucial to criminal cases, and they also can play a key role in accident reconstructions, IP theft investigations and more. It’s not just investigators who care about examining a mobile device – so do those interested in application research and data, and enterprises who rely on smartphones and tablets to perform work tasks, engage with customers and deliver new services. Effectively accessing and testing smartphones requires an optimal application toolbox, and the chops to use it. Listen to this  webinar  that details how to build your Android application testing toolbox to ensure you’re set up to successfully access and examine the information you need from Android mobile phones. SANS instructor Domenica Crognale , who is one of the course co-authors of SANS FOR585: Advanced Smart Phone Forensics , and who teaches the course as well, details why testing of mobile phone applications is critical – especially given the...