Never Ending Security

It starts all here

Digital Forensics Cheat Sheets Collection

DFIR “Memory Forensics” Poster – Analysts armed with memory analysis skills have a better chance to detect and stop a breach before you become the next news headline. This poster shows some of the structures analyzed during memory forensic investigations. Just as those practicing disk forensics benefit from an understanding of file systems, memory forensic practitioners also benefit from an understanding of OS internal structures.
Download Here


DFIR “Advanced Smartphone Forensics” Poster– Forensic investigations often rely on data extracted from smartphones and tablets. Smartphones are the most personal computing device associated to any user, and can therefore provide the most relevant data per gigabyte examined. Commercial tools often miss digital evidence on smartphones and associated applications, and improper handling can render the data useless. Use this poster as a cheat-sheet to help you remember how to handle smartphones, where to obtain actionable intelligence, and how to recover and analyze data on the latest smartphones and tablets.
Download Here


DFIR “Evidence of…” Poster– The “Evidence of…” categories were originally created by SANS Digital Forensics ad Incidence Response faculty for the SANS course FOR408 – Windows Forensics. The categories map a specific artifact to the analysis questions that it will help to answer. Use this poster as a cheat-sheet to help you remember where you can discover key items to an activity for Microsoft Windows systems for intrusions, intellectual property theft, or common cyber crimes.
Download Here


DFIR “Find Evil” Poster – In an intrusion case, spotting the difference between abnormal and normal is often the difference between success and failure. Your mission is to quickly identify suspicious artifacts in order to verify potential intrusions. Use the information below as a reference for locating anomalies that could reveal the actions of an attacker.
Download Here


DFIR SIFT 3.0 Cheat Sheets and Brochure – Inside our DFIR course catalog you will find two critical cheat sheets. SIFT 3.0 guide and the Memory Forensics cheat sheets.
Download Here


SIFT Cheat Sheet – Looking to use the SIFT workstation and need to know your way around the interface? No problem, this cheat sheet will give you the basic commands to get cracking open your case using the latest cutting edge forensic tools.
Download Here


Evidence Collection Cheat Sheet – This sheet covers the various locations where evidence to assist in an investigation may be located.
Download Here


Linux Shell Survival Guide – This guide is a supplement to SANS FOR572: Advanced Network Forensics and Analysis. It covers some of what we consider the more useful Linux shell primitives and core utilities. These can be exceedingly helpful when automating analysis processes, generating output that can be copied and pasted into a report or spreadsheet document, or supporting quick-turn responses when a full tool kit is not available.
Download Here


Windows to Unix Cheat Sheet – It helps to know how to translate between windows and unix. This handy reference guide ties together many well known Unix commands with their Windows command line siblings. A great way to get Windows users familiar with the command line quickly.
Download Here


Log2timeline Cheat Sheet – Creating a timeline is easy with the essential reference guide. The step by step nature of the log2timeline cheat sheet will enable anyone not familiar with the process to step through creation of their first timeline in no time.
Download Here


Memory Forensics Cheat Sheet – Covering the popular memory suite Volatility, this cheat sheet will empower each investigator the key knowledge to quickly step through the 6 step memory analysis process using key commands from the plugins. This reference guide is very useful to have near you for those just starting out in memory forensics or those who are experts who need to quickly remember plugin syntax.
Download Here


Hex and Regex Forensics Cheat Sheet – Quickly become a master of sorting through massive amounts of data quickly using this useful guide to knowing how to use simple Regex capabilities built into the SIFT workstation.
Download Here


Developing Process for Mobile Device Forensics (Det. Cynthia A. Murphy)- With the growing demand for examination of cellular phones and other mobile devices, a need has also developed for the development of process guidelines for the examination of these devices. While the specific details of the examination of each device may differ, the adoption of consistent examination processes will assist the examiner in ensuring that the evidence extracted from each phone is well documented and that the results are repeatable and defensible.
Download Here


SANS FOR518 Reference Sheet – This cheat sheet is used to describe the core functions and details of the HFS+ Filesystem.
Download Here

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s