Blog: Category - Case Leads

This week in Case Leads we have a great new update to REMnux, two new tools for registry analysis and be sure to vote for the Forensic 4cast Awards right after you hop over to the new REM community on Stack Exchange.

If you have an item you'd like to contribute to Digital Forensics Case Leads, please send it tocaseleads@sans.org.

Tools:

• REMnux, the linux distro designed for malware reverse-engineering, has been updated to version 4 and it's now distributed as a VMware virtual appliance, a bootable ISO and as an OVA virtual appliance. An overview of the appliance installation was covered on this blog a couple of days ago, and SANS is hosting a webcast to go over what's new in

Mark this date: On March 20th 2013, the non-technical managers may finally start to understand what a digital forensics professional actually does. With the massive cyber attacks on South Korean banks, media outlets, and ISPs, the role of forensicators is put front and center. The attack(s) resulted in widespread ATM outages, online banking and mobile banking offline, and tens of thousands of PCs wiped of all their data. At minimum, non-technical decision makers should finally start to understand that cyber attackers are not targeting "someone else." The attacks in South Korea had an impact on the bottom line of many South Korean firms. Since many of the same strategies for information security and incident response are used by most westernized nations, many experts agree that the attacks in South Korea are a warning sign of what could happen in the United States. We have analytical coverage of the South Korean attacks, with stories and drill downs that go beyond the

In this issue of Case Leads with have Android Malware increase, DoS Attacks on Czech Banks, some updates to Oxygen Forensics Suite and a New tool from Magnet Forensics and a little levity.

If you have an item you'd like to contribute to Digital Forensics Case Leads, please send it to caseleads@sans.org.

Tools:

• Oxygen Forensics Suite have released version 5.1.1. Some of the new features include aupport for Windows 8. Added support for Opera Mini and Opera Mobile for Android. Many other enhancements and improvements as well.


• Passware is now integrated in Oxygen Forensic Suite to provide a joint solution to mobile device investigations.


• Magnet Forensics has release a new tool called

This week on Case Leads, we learn the truth of China's cyber espionage unit, Twitter verified accounts were hacked and there have been some updates to some of your favorite tools.

If you have an item you'd like to contribute to Digital Forensics Case Leads, please send it tocaseleads@sans.org.

Tools:

• HMFTwas given a small update.


• Autopsywas recently updated as well.


• Passware can now extract passwords for certain popular websites from memory.

• A very interesting article about finding and reverse

This week's case leads has several new tool updates and some interesting articles about reverse engineering, database forensics and a new forensics challenge. However, the big stories this week were about the recent break ins at the New York Times and the Wall Street Journal.

If you have an item you'd like to contribute to Digital Forensics Case Leads, please send it tocaseleads@sans.org.

Tools:

• AccessData has updated FTK to version 4.2, and added support for MS SQL server databases, new parsers and other updates. The complete release notes are available (PDF).


• Brian Baskin has