5 days to save $500 for the Digital Forensics & Incident Response Summit 2013

About SANS Computer Forensics

About SANS Computer Forensics

Mission Statement

Every organization will eventually deal with cyber-crime. Fraud, intrusion, insider threat, phishing and other cyber-crimes are now a fact of life. If you are an IT or law enforcement professional and don't know how to look for and sort out these cases -- your skills are becoming less valuable every day. SANS developed this site and the related resources to provide a 'home' for those that are focused on computer forensics. You can find advice, research, training, and other resources to unravel incidents and fight crime.

SANS is the most trusted and by far the largest source for information security training and certification in the world. It also develops, maintains, and makes available at no cost, the largest collection of research documents about various aspects of information security.

Why Is Computer Forensics Important?

Proper handling of a forensics investigation is key to fighting back against computer crimes. A thorough understanding of many areas is required for a proper investigation including: situation; acquisition; analysis; reporting; presenting; and certification.

Situation
Incident response teams need to respond to intrusions in addition to e-discovery requests.
Acquisition
Forensics analysts need to gather digital evidence using approved legal and technical methodologies.
Analysis
Forensics analysts need to examine data, extracting key evidence while preserving data integrity.
Reporting
Forensic analysts need to communicate key information with management.
Presenting
Analysts need to be prepared to present evidence in civil or criminal courts.
Certification
Forensic certification increases an analyst's stature in a court of law.

Link To SANS Computer Forensics

For information and graphics to link back to SANS Computer Forensics see:
Instructions on How to Link to SANS Computer Forensics web site

Forensics 526
Latest Blog Posts

SANS EU #DFIR Summit in Prague - Call for Speakers - Now Open
May 15, 2013 - 3:04 PM

Tools for Examining XOR Obfuscation for Malware Analysis
May 14, 2013 - 2:20 PM

Case Leads: Zero Day Trading, Decrypting iPhones, Calculating AppID's for [...]
May 13, 2013 - 12:08 AM

Latest Tweets @sansforensics

BrainDump Forensics: ZAccess/Sirefef.P Artifacts http://t.co/iibyPjukmG
May 24, 2013 - 12:45 AM

NewForensicArtifact: Skype shared.xml and the "ContraProbeRe [...]
May 23, 2013 - 12:44 AM

Sketchymoose Blog: New Toy: Teensy http://t.co/nRdPuOx69P
May 23, 2013 - 12:44 AM

Latest Papers

Grow Your Own Forensic Tools: A Taxonomy of Python Libraries Helpful for Forensic Analysis
By Terrence OConnor

Integrating Forensic Investigation Methodology into eDiscovery
By Colin Chisholm

Mastering the Super Timeline With log2timeline
By Kristinn Gudjonsson

"This is awesome! We're seeing details that most people don't even know exist."
- John Wright, Info Tech, Inc.

"For my line of work, basic & extensive understanding of the file system is extremely important. The literature and books on file systems for me are very critical & thanks you for them, great reference material"
- Vince Ramirez, Las Vegas Metro P.D.

"Rob Lee is a master of the subject matter. The material is presented in a way that is understandable. Rob is also charismatic enough to make the course enjoyable."
- Erik Ketlet, JP Morgan Chase