This week in Case Leads we have a great new update to REMnux, two new tools for registry analysis and be sure to vote for the Forensic 4cast Awards right after you hop over to the new REM community on Stack Exchange.

If you have an item you'd like to contribute to Digital Forensics Case Leads, please send it tocaseleads@sans.org.

Tools:

• REMnux, the linux distro designed for malware reverse-engineering, has been updated to version 4 and it's now distributed as a VMware virtual appliance, a bootable ISO and as an OVA virtual appliance. An overview of the appliance installation was covered on this blog a couple of days ago, and SANS is hosting a webcast to go over what's new in

...

SANS is offering a one-time discount for the Cyber Threat Intelligence Summit to government employees (e.g., federal, state, local, DoD). This offer reduces the registration fee from $895 to $395 and will be available for a limited time only, on a first come, first served basis. Please select -Register Nowon the right side of the page and use the code CTIGOV.

Join SANS for this innovative 1-day event as we focus on enabling organizations to build effective cyber threat intelligence capabilities.

...

This week on Case Leads, we learn the truth of China's cyber espionage unit, Twitter verified accounts were hacked and there have been some updates to some of your favorite tools.

If you have an item you'd like to contribute to Digital Forensics Case Leads, please send it tocaseleads@sans.org.

Tools:

• HMFTwas given a small update.


• Autopsywas recently updated as well.


• Passware can now extract passwords for certain popular websites from memory.

Good Reads:

• A very interesting article about finding and reverse

...

Earlier this year, SANS created the most in-depth incident response training scenario that spans multiple systems in FOR508: Advanced Forensic Analysis and Incident Response. We discussed the entire scenario in a blog titled: "Is Anti-Virus Really Dead? A Real-World Simulation Created for Forensic Data Yields Surprising Results"

One of the biggest complaints that many have in the DFIR community is the lack of realistic data to learn from. Starting a year ago, I planned to change that through creating a realistic scenario based on experiences from the entire cadre of instructors at SANS and additional experts who reviewed and advised the attack "script". We created an incredibly rich and

...

Join SANS for this innovative 1-day event as we focus on enabling organizations to build effective cyber threat intelligence capabilities.

AGENDA

Conventional network defense tools such as intrusion detection systems and anti-virus focus on the vulnerability component of risk, and traditional incident response methodology presupposes a successful intrusion. An evolution in the goals and sophistication of computer network intrusions has rendered these approaches insufficient for the threats facing many modern networked organizations. A new class of adversaries, ...