🐧 I'll be teaching SANS FOR577: Linux Incident Response & Threat Hunting in Virginia Beach, VA — August 24, 2026.

Linux is everywhere. Your cloud infrastructure, your containers, your routers, your endpoints. Attackers have known this for years — and Linux-targeted intrusions are rising fast. Yet most IR teams are still primarily trained on Windows.

FOR577 changes that.

What we cover:
🔍 Threat hunting on Linux systems
🧠 Memory forensics
📋 Log analysis and timeline reconstruction
⚡ Live response under pressure
🕵️ Tracking real-world APT intrusions on Linux platforms

This isn't a survey course. We get deep into the artifacts, the techniques, and the mindset you need to find attackers hiding in Linux environments.

🎤 Free SANS @night Talk — August 26 @ 6:00 PM
**"Extending Protocol-SIFT to Linux"**

Protocol-SIFT has been getting a lot of attention in the DFIR community lately — but the first release was 100% focused on Windows investigations. In this talk, we'll look at what it takes to extend Protocol-SIFT to cover Linux investigations. Free to attend for all on-site SANS students.

💰 Early Bird Discount: Save $500
Use code EarlyBirdNA — must be paid by July 9, 2026. Don't wait on this one.

📍 Hilton Virginia Beach Oceanfront, Virginia Beach, VA
📅 Course: August 24, 2026
🎤 @night Talk: August 26 @ 6:00 PM

🔗 Register here: https://www.sans.org/cyber-security-training-events/virginia-beach-2026

#DFIR #SANS #FOR577 #LinuxForensics #IncidentResponse #ThreatHunting #InfoSec #ProtocolSIFT #Linux #Cybersecurity #DigitalForensics

Want to chat with other LEAPPs & LAVA users? Interact with the developers and maintainers? If so get into our LEAPPs Discord server! Check out the invite link at https://www.leapps.org/resources

#DigitalForensics #Discord #LEAPPs #MobileForensics #DFIR

Twelve people are dead. Four men from Lynn, Massachusetts are now looking at a combined 57-plus years in federal prison. And the pills that caused all of it were sold as Oxycodone, Adderall, and Xanax.

The final sentencing in this darknet counterfeit pill case closed out a conspiracy that ran from May 2022 to June 2025 — three years of manufacturing and distributing fentanyl-laced pills via darknet marketplaces and, notably, the U.S. Postal Service. Court documents link the operation to at least 9,000 sales and at least 12 fatal overdoses...

Full Details:🔗 https://www.technadu.com/fourth-individual-sentenced-in-darknet-counterfeit-pill-distribution-conspiracy/628472/

#Cybercrime #DarkWeb #LawEnforcement #DigitalForensics #CyberPolicy

Want to test out LAVA with some preprocessed data? Go to leapps.org/resources and check out out LAVA Sample Projects repository.

The goal is to allow users to:
ℹ️ Explore datasets in LAVA without needing to download and parse images themselves
ℹ️ Test LAVA features
ℹ️ Learn artifact structures
ℹ️ Validate workflows
ℹ️ Demonstrate LEAPPs outputs in training or presentations

#DigitalForensics #MobileForensics #DFIR

* A non-expert using a traditional forensics tool produces output that looks like tool output.
* A non-expert using an LLM produces output that reads like expert analysis.

"The danger is that AI produces such vast vats of plausible slop that they outpace our capacity to check."
-Tim Harford

#DigitalForensics #MobileForensics #AI #LLM #DFIR

EXIF stripped ≠ anonymous.

Two structures survive every standard strip untouched:

• DQT (quantisation tables) — hardcoded into camera firmware. Identifies the device. No EXIF needed.
• DHT (Huffman tables) — firmware uses JPEG Annex K fixed tables. Software re-encoders don't. Measurably different.

Re-encode to erase the DQT? Both tables are rebuilt simultaneously — you've replaced the camera signature with software signatures, and confirmed the original was deliberately overwritten. Partial tampering (altering only one) produces a forensic inconsistency that is itself a finding.

Full article: https://kennethbspringer.au/2026/05/27/your-cameras-fingerprint-survives-exif-stripping-heres-how/
Upload any JPEG to check: https://snapwonders.com/upload/analyse-photo-or-image

#digitalforensics #jpeg #OSINT #infosec