Internet Storm Center
Sign In
Sign Up
Watch ISC TV. Great for NOCs, SOCs and Living Rooms:
https://isctv.sans.edu
Handler on Duty:
Guy Bruneau
Threat Level:
green
Date
Author
Title
FORENSIC CHALLENGE
2021-12-22
Brad Duncan
December 2021 Forensic Contest: Answers and Analysis
2010-11-12
Guy Bruneau
Honeynet Forensic Challenge - Analyzing Malicious Portable Destructive Files
2010-07-13
Jim Clausing
Forensic challenge results
2010-06-04
Rick Wanner
New Honeynet Project Forensic Challenge
2010-03-28
Rick Wanner
Honeynet Project: 2010 Forensic Challenge #3
2010-01-19
Jim Clausing
Forensic challenges
FORENSIC
2023-01-26/a>
Tom Webb
Live Linux IR with UAC
2023-01-02/a>
Xavier Mertens
NetworkMiner 2.8 Released
2021-12-22/a>
Brad Duncan
December 2021 Forensic Contest: Answers and Analysis
2021-12-08/a>
Brad Duncan
December 2021 Forensic Challenge
2021-11-04/a>
Tom Webb
Xmount for Disk Images
2021-10-22/a>
Brad Duncan
October 2021 Contest: Forensic Challenge
2021-06-30/a>
Brad Duncan
June 2021 Forensic Contest: Answers and Analysis
2021-06-18/a>
Daniel Wesemann
Network Forensics on Azure VMs (Part #2)
2021-06-17/a>
Daniel Wesemann
Network Forensics on Azure VMs (Part #1)
2021-05-19/a>
Brad Duncan
May 2021 Forensic Contest: Answers and Analysis
2021-05-05/a>
Brad Duncan
May 2021 Forensic Contest
2021-04-01/a>
Brad Duncan
April 2021 Forensic Quiz
2021-02-25/a>
Daniel Wesemann
Forensicating Azure VMs
2020-12-16/a>
Daniel Wesemann
DNS Logs in Public Clouds
2019-10-25/a>
Rob VandenBrink
More on DNS Archeology (with PowerShell)
2019-08-21/a>
Russ McRee
KAPE: Kroll Artifact Parser and Extractor
2018-01-26/a>
Xavier Mertens
Investigating Microsoft BITS Activity
2017-10-02/a>
Xavier Mertens
Investigating Security Incidents with Passive DNS
2017-09-28/a>
Xavier Mertens
The easy way to analyze huge amounts of PCAP data
2017-09-24/a>
Jim Clausing
Forensic use of mount --bind
2017-09-19/a>
Jim Clausing
New tool: mac-robber.py
2017-07-09/a>
Russ McRee
Adversary hunting with SOF-ELK
2017-01-12/a>
Mark Baggett
System Resource Utilization Monitor
2016-10-31/a>
Russ McRee
SEC505 DFIR capture script: snapshot.ps1
2016-08-11/a>
Pasquale Stirparo
Looking for the insider: Forensic Artifacts on iOS Messaging App
2016-06-01/a>
Xavier Mertens
Docker Containers Logging
2016-05-22/a>
Pasquale Stirparo
The strange case of WinZip MRU Registry key
2016-03-28/a>
Xavier Mertens
Improving Bash Forensics Capabilities
2016-03-11/a>
Jim Clausing
Forensicating Docker, Part 1
2016-02-18/a>
Xavier Mertens
Hunting for Executable Code in Windows Environments
2016-01-06/a>
Russ McRee
toolsmith #112: Red vs Blue - PowerSploit vs PowerForensics
2015-04-24/a>
Basil Alawi S.Taher
Fileless Malware
2015-04-17/a>
Didier Stevens
Memory Forensics Of Network Devices
2015-03-18/a>
Daniel Wesemann
New SANS memory forensics poster
2015-02-03/a>
Johannes Ullrich
Another Network Forensic Tool for the Toolbox - Dshell
2014-08-10/a>
Basil Alawi S.Taher
Incident Response with Triage-ir
2014-06-22/a>
Russ McRee
OfficeMalScanner helps identify the source of a compromise
2014-06-03/a>
Basil Alawi S.Taher
An Introduction to RSA Netwitness Investigator
2014-05-18/a>
Russ McRee
sed and awk will always rock
2014-03-11/a>
Basil Alawi S.Taher
Introduction to Memory Analysis with Mandiant Redline
2014-03-07/a>
Tom Webb
Linux Memory Dump with Rekall
2014-02-09/a>
Basil Alawi S.Taher
Mandiant Highlighter 2
2014-01-10/a>
Basil Alawi S.Taher
Windows Autorun-3
2013-12-12/a>
Basil Alawi S.Taher
Acquiring Memory Images with Dumpit
2013-11-21/a>
Mark Baggett
"In the end it is all PEEKS and POKES."
2013-11-20/a>
Mark Baggett
Searching live memory on a running machine with winpmem
2013-11-19/a>
Mark Baggett
Winpmem - Mild mannered memory aquisition tool??
2013-08-26/a>
Alex Stanford
Stop, Drop and File Carve
2013-08-14/a>
Johannes Ullrich
Imaging LUKS Encrypted Drives
2013-07-12/a>
Rob VandenBrink
Hmm - where did I save those files?
2013-05-23/a>
Adrien de Beaupre
MoVP II
2013-04-25/a>
Adam Swanger
SANS 2013 Forensics Survey - https://www.surveymonkey.com/s/2013SANSForensicsSurvey
2012-11-02/a>
Daniel Wesemann
The shortcomings of anti-virus software
2012-09-14/a>
Lenny Zeltser
Analyzing Malicious RTF Files Using OfficeMalScanner's RTFScan
2012-06-04/a>
Lenny Zeltser
Decoding Common XOR Obfuscation in Malicious Code
2011-09-29/a>
Daniel Wesemann
The SSD dilemma
2011-08-05/a>
Johannes Ullrich
Forensics: SIFT Kit 2.1 now available for download http://computer-forensics.sans.org/community/downloads
2011-03-01/a>
Daniel Wesemann
AV software and "sharing samples"
2010-11-17/a>
Guy Bruneau
Reference on Open Source Digital Forensics
2010-11-12/a>
Guy Bruneau
Honeynet Forensic Challenge - Analyzing Malicious Portable Destructive Files
2010-07-13/a>
Jim Clausing
Forensic challenge results
2010-06-04/a>
Rick Wanner
New Honeynet Project Forensic Challenge
2010-05-22/a>
Rick Wanner
SANS 2010 Digital Forensics Summit - APT Based Forensic Challenge
2010-05-21/a>
Rick Wanner
2010 Digital Forensics and Incident Response Summit
2010-05-04/a>
Rick Wanner
SIFT review in the ISSA Toolsmith
2010-04-30/a>
Kevin Liston
The Importance of Small Files
2010-04-11/a>
Marcus Sachs
Network and process forensics toolset
2010-03-28/a>
Rick Wanner
Honeynet Project: 2010 Forensic Challenge #3
2010-03-26/a>
Daniel Wesemann
SIFT2.0 SANS Investigative Forensics Toolkit released
2010-01-19/a>
Jim Clausing
Forensic challenges
2009-12-14/a>
Adrien de Beaupre
Anti-forensics, COFEE vs. DECAF
2009-11-25/a>
Jim Clausing
Updates to my GREM Gold scripts and a new script
2009-08-18/a>
Daniel Wesemann
Forensics: Mounting partitions from full-disk 'dd' images
2009-08-13/a>
Jim Clausing
New and updated cheat sheets
2009-07-02/a>
Daniel Wesemann
Getting the EXE out of the RTF
2009-02-02/a>
Stephen Hall
How do you audit your production code?
2009-01-02/a>
Rick Wanner
Tools on my Christmas list.
2008-11-17/a>
Marcus Sachs
New Tool: NetWitness Investigator
2008-08-17/a>
Kevin Liston
Volatility 1.3 Released
2008-08-15/a>
Jim Clausing
OMFW 2008 reflections
CHALLENGE
2022-12-10/a>
Didier Stevens
Open Now: 2022 SANS Holiday Hack Challenge & KringleCon
2021-12-22/a>
Brad Duncan
December 2021 Forensic Contest: Answers and Analysis
2021-12-08/a>
Brad Duncan
December 2021 Forensic Challenge
2020-08-02/a>
Didier Stevens
Small Challenge: A Simple Word Maldoc
2017-12-27/a>
Guy Bruneau
What are your Security Challenges for 2018?
2014-04-12/a>
Guy Bruneau
Interested in a Heartbleed Challenge?
2013-12-28/a>
Bojan Zdrnja
DRG online challenge(s)
2013-01-02/a>
Chris Mohan
Starting the New Year on the right foot
2012-04-16/a>
Mark Baggett
Challenge: What can you do with Funky Directory Names (Part 2)
2012-04-11/a>
Mark Baggett
Challenge: What can you do with funky directory names?
2011-09-07/a>
Lenny Zeltser
Analyzing Mobile Device Malware - Honeynet Forensic Challenge 9 and Some Tools
2010-12-23/a>
Mark Hofman
Skoudis' Annual Xmas Hacking Challenge - The Nightmare Before Charlie Brown's Christmas
2010-11-12/a>
Guy Bruneau
Honeynet Forensic Challenge - Analyzing Malicious Portable Destructive Files
2010-07-13/a>
Jim Clausing
Forensic challenge results
2010-06-04/a>
Rick Wanner
New Honeynet Project Forensic Challenge
2010-03-28/a>
Rick Wanner
Honeynet Project: 2010 Forensic Challenge #3
2010-01-27/a>
Raul Siles
European Union Security Challenge (Campus Party 2010)
2010-01-19/a>
Jim Clausing
Forensic challenges
2009-07-27/a>
Raul Siles
New Hacker Challenge: Prison Break - Breaking, Entering & Decoding
2008-03-25/a>
Raul Siles
New Security Challenge - It Happened One Friday
2008-03-23/a>
Johannes Ullrich
Finding hidden gems (easter eggs) in your logs (packet challenge!)
Homepage
Diaries
Podcasts
Jobs
Data
TCP/UDP Port Activity
Port Trends
SSH/Telnet Scanning Activity
Weblogs
Threat Feeds Activity
Threat Feeds Map
Useful InfoSec Links
Presentations & Papers
Research Papers
API
Tools
DShield Sensor
DNS Looking Glass
Honeypot (RPi/AWS)
InfoSec Glossary
Forums
Auditing
Diary Discussions
Forensics
General Discussions
Industry News
Network Security
Penetration Testing
Software Security
Contact Us
Contact Us
About Us
Handlers
Slack Channel
Mastodon
Twitter
Have you seen our swag?
Buy SANS ISC Gear