Archive for the 'Forensics' Category

If your medical data, credit card number, Social Security number, personal email, or other information were stolen, would you even know about it? After ten years handling incident response and forensics, I’ve been repeatedly shocked at the number of times that organizations sweep data breaches under the rug. When upper management is notified of a […]

Read Full Post »

Today is the final day to submit solutions for the Network Forensics Puzzle Contest #2: Ann Skips Bail. The winner will receive a Lenovo IdeaPad S10-2 – just like the free netbooks Sec558 students will get in Orlando. The MOST ELEGANT solution wins. Good luck!! “After being released on bail, Ann Dercover disappears! Fortunately, investigators […]

Read Full Post »

Puzzle Contest Winner and Solution

Congratulations to all of our rock star investigators who solved the Network Forensics Puzzle Contest! We received over 100 submissions, many of which were truly excellent. Figuring out a winner was challenging, but in the end, one submission stood out over all. We asked you for the most elegant solution. It was possible to solve […]

Read Full Post »

Puzzle Contest Update (2)

To our excellent contestants, We received so many great contest entries, including custom-written tools, that we will be taking a few more days to finish testing all of the code we received. The winner will be announced on the PaulDotCom podcast next Thursday and posted on this site. Great job everybody! Stay tuned.

Read Full Post »

Contest Prize Update

SANS is sponsoring a prize for our Network Forensics Puzzle Contest! The winner gets a free SANS On-Demand class (worth up to $3500 depending on the class you pick). Prizewinners will be announced during the Sec558 “Network Forensics” class in San Diego, 9/16-9/18. Remember, the MOST ELEGANT solution wins. We highly encourage coding and automated […]

Read Full Post »

Network Forensics Puzzle Contest!

*Prizewinner to be announced at Sec558 “Network Forensics” in San Diego, 9/16-9/18. Anarchy-R-Us, Inc. suspects that one of their employees, Ann Dercover, is really a secret agent working for their competitor. Ann has access to the company’s prize asset, the secret recipe. Security staff are worried that Ann may try to leak the company’s secret […]

Read Full Post »

By Jonathan Ham How can you investigate a computer that isn’t there any more? “No Hard Drive? No Problem!” SANS Network Forensics (Sec558) A lot has been written about methods for “fingerprinting” systems with active scanning methods (eg. nmap). These of course require that the system be actively reachable, and that you don’t mind totally […]

Read Full Post »

Squid Forensics

Cephalopod autopsies? Nope, today’s article is about conducting forensics on a Squid web proxy/cache. Just as complicated, but less smelly. Chances are pretty good that you’re reading this page through a web proxy right now, especially if you’re in an enterprise environment. Web proxying and caching have become increasingly popular, for both filtering traffic and […]

Read Full Post »

No matter where you go, your computer leaves footprints on the network. When you connect to the network, logon to your workstation, or surf the web, these activities leave trails throughout your employer or ISP’s network– even when the administrators are not deliberately trying to monitor your activity. Forensic analysts traditionally focus on hard drive […]

Read Full Post »

The National Drug Intelligence Center has developed software called (ahem) “HashKeeper” “as its principal tool to expedite the analysis of electronic media.” Hahahaha….. Apparently, “HashKeeper is available free of charge.” Contact the National Drug Intelligence Center for more information. National Drug Intelligence Center c/o Mr. Steve Gironda Telephone: 814-532-4987 E-mail: ndic.domex.request@usdoj.gov Hat tip to John […]

Read Full Post »