DIGITAL FORENSICS |
| 2010-11-17 | Guy Bruneau | Reference on Open Source Digital Forensics |
| 2010-05-22 | Rick Wanner | SANS 2010 Digital Forensics Summit - APT Based Forensic Challenge |
DIGITAL |
| 2020-03-24/a> | Russ McRee | Another Critical COVID-19 Shortage: Digital Security |
| 2018-11-19/a> | Xavier Mertens | The Challenge of Managing Your Digital Library |
| 2017-09-25/a> | Renato Marinho | XPCTRA Malware Steals Banking and Digital Wallet User's Credentials |
| 2010-11-17/a> | Guy Bruneau | Reference on Open Source Digital Forensics |
| 2010-05-22/a> | Rick Wanner | SANS 2010 Digital Forensics Summit - APT Based Forensic Challenge |
| 2010-05-21/a> | Rick Wanner | 2010 Digital Forensics and Incident Response Summit |
| 2009-04-20/a> | Jason Lam | Digital Content on TV |
FORENSICS |
| 2024-05-08/a> | Xavier Mertens | Analyzing Synology Disks on Linux |
| 2024-03-29/a> | Xavier Mertens | Quick Forensics Analysis of Apache logs |
| 2023-01-26/a> | Tom Webb | Live Linux IR with UAC |
| 2021-11-04/a> | Tom Webb | Xmount for Disk Images |
| 2021-06-18/a> | Daniel Wesemann | Network Forensics on Azure VMs (Part #2) |
| 2021-06-17/a> | Daniel Wesemann | Network Forensics on Azure VMs (Part #1) |
| 2021-02-25/a> | Daniel Wesemann | Forensicating Azure VMs |
| 2020-12-16/a> | Daniel Wesemann | DNS Logs in Public Clouds |
| 2019-10-25/a> | Rob VandenBrink | More on DNS Archeology (with PowerShell) |
| 2019-08-21/a> | Russ McRee | KAPE: Kroll Artifact Parser and Extractor |
| 2018-01-26/a> | Xavier Mertens | Investigating Microsoft BITS Activity |
| 2017-10-02/a> | Xavier Mertens | Investigating Security Incidents with Passive DNS |
| 2017-09-24/a> | Jim Clausing | Forensic use of mount --bind |
| 2017-09-19/a> | Jim Clausing | New tool: mac-robber.py |
| 2017-07-09/a> | Russ McRee | Adversary hunting with SOF-ELK |
| 2017-01-12/a> | Mark Baggett | System Resource Utilization Monitor |
| 2016-10-31/a> | Russ McRee | SEC505 DFIR capture script: snapshot.ps1 |
| 2016-08-11/a> | Pasquale Stirparo | Looking for the insider: Forensic Artifacts on iOS Messaging App |
| 2016-05-22/a> | Pasquale Stirparo | The strange case of WinZip MRU Registry key |
| 2016-03-28/a> | Xavier Mertens | Improving Bash Forensics Capabilities |
| 2016-03-11/a> | Jim Clausing | Forensicating Docker, Part 1 |
| 2016-02-18/a> | Xavier Mertens | Hunting for Executable Code in Windows Environments |
| 2016-01-06/a> | Russ McRee | toolsmith #112: Red vs Blue - PowerSploit vs PowerForensics |
| 2015-04-24/a> | Basil Alawi S.Taher | Fileless Malware |
| 2015-04-17/a> | Didier Stevens | Memory Forensics Of Network Devices |
| 2015-03-18/a> | Daniel Wesemann | New SANS memory forensics poster |
| 2015-02-03/a> | Johannes Ullrich | Another Network Forensic Tool for the Toolbox - Dshell |
| 2014-08-10/a> | Basil Alawi S.Taher | Incident Response with Triage-ir |
| 2014-06-22/a> | Russ McRee | OfficeMalScanner helps identify the source of a compromise |
| 2014-06-03/a> | Basil Alawi S.Taher | An Introduction to RSA Netwitness Investigator |
| 2014-05-18/a> | Russ McRee | sed and awk will always rock |
| 2014-03-11/a> | Basil Alawi S.Taher | Introduction to Memory Analysis with Mandiant Redline |
| 2014-03-07/a> | Tom Webb | Linux Memory Dump with Rekall |
| 2014-02-09/a> | Basil Alawi S.Taher | Mandiant Highlighter 2 |
| 2014-01-10/a> | Basil Alawi S.Taher | Windows Autorun-3 |
| 2013-12-12/a> | Basil Alawi S.Taher | Acquiring Memory Images with Dumpit |
| 2013-11-21/a> | Mark Baggett | "In the end it is all PEEKS and POKES." |
| 2013-11-20/a> | Mark Baggett | Searching live memory on a running machine with winpmem |
| 2013-11-19/a> | Mark Baggett | Winpmem - Mild mannered memory aquisition tool?? |
| 2013-08-26/a> | Alex Stanford | Stop, Drop and File Carve |
| 2013-08-14/a> | Johannes Ullrich | Imaging LUKS Encrypted Drives |
| 2013-07-12/a> | Rob VandenBrink | Hmm - where did I save those files? |
| 2013-05-23/a> | Adrien de Beaupre | MoVP II |
| 2013-04-25/a> | Adam Swanger | SANS 2013 Forensics Survey - https://www.surveymonkey.com/s/2013SANSForensicsSurvey |
| 2012-11-02/a> | Daniel Wesemann | The shortcomings of anti-virus software |
| 2012-09-14/a> | Lenny Zeltser | Analyzing Malicious RTF Files Using OfficeMalScanner's RTFScan |
| 2012-06-04/a> | Lenny Zeltser | Decoding Common XOR Obfuscation in Malicious Code |
| 2011-09-29/a> | Daniel Wesemann | The SSD dilemma |
| 2011-08-05/a> | Johannes Ullrich | Forensics: SIFT Kit 2.1 now available for download http://computer-forensics.sans.org/community/downloads |
| 2011-03-01/a> | Daniel Wesemann | AV software and "sharing samples" |
| 2010-11-17/a> | Guy Bruneau | Reference on Open Source Digital Forensics |
| 2010-05-22/a> | Rick Wanner | SANS 2010 Digital Forensics Summit - APT Based Forensic Challenge |
| 2010-05-21/a> | Rick Wanner | 2010 Digital Forensics and Incident Response Summit |
| 2010-04-30/a> | Kevin Liston | The Importance of Small Files |
| 2010-04-11/a> | Marcus Sachs | Network and process forensics toolset |
| 2010-03-26/a> | Daniel Wesemann | SIFT2.0 SANS Investigative Forensics Toolkit released |
| 2009-12-14/a> | Adrien de Beaupre | Anti-forensics, COFEE vs. DECAF |
| 2009-11-25/a> | Jim Clausing | Updates to my GREM Gold scripts and a new script |
| 2009-08-18/a> | Daniel Wesemann | Forensics: Mounting partitions from full-disk 'dd' images |
| 2009-08-13/a> | Jim Clausing | New and updated cheat sheets |
| 2009-07-02/a> | Daniel Wesemann | Getting the EXE out of the RTF |
| 2009-02-02/a> | Stephen Hall | How do you audit your production code? |
| 2009-01-02/a> | Rick Wanner | Tools on my Christmas list. |
| 2008-11-17/a> | Marcus Sachs | New Tool: NetWitness Investigator |
| 2008-08-17/a> | Kevin Liston | Volatility 1.3 Released |
| 2008-08-15/a> | Jim Clausing | OMFW 2008 reflections |
