Home Digital Forensics BIBLIO What's New ALL Other Resources Digital Forensic Books OS Specific Articles Links to Links Reciprocal Links About This Site

November 2004 FEATURED SITE(S) James Nerlinger's ISP Contact List (Updated October 2004) [PDF] American Academy of Applied Forensics (Digital Evidence Training) Past Updates 2004 January 2004 February 2004 March 2004 April 2004 May 2004 June 2004 July 2004 August 2004 September 2004 October 2004 November 2004 December 2004 2003 February 2003 March 2003 April 2003 May 2003 June 2003 July 2003 August 2003 September 2003 October 2003 November 2003 December 2003   Within the Bibliography section Brown, Christopher Exchangeable Image file Format (ExIF) [PDF] October 2004 Carrier, Brian UNIX Computer Forensics [PDF] April 2004 Sample Chapter 12 from Know your enemy Carrier, Brian D. & Eugene H. Spafford Defining Event Reconstruction of Digital Crime Scenes [PDF] November 2004 Abstract Christy, Jim Defense Cyber Crime Center (DC3) [PP Presentation] August 2004 (NOTE: 50+ MB download) Cox, Charlie The FBI's Response to the Digital Threat [PP Presentation] August 2004 Devera, Dean The Difficulty of Data Annihilation from Disk Drives: or Exnihilation Made Easy [PDF] December 2001 Dykstra, Brian & Virtual War Unlimited Gentoo Linux Quick Install Guide for a Forensic Workstation [PDF] March 2004 Virtual War's Computer Forensic page EU Commission European Guide to the Seizure of E-Evidence V1.01 [PDF] December 2003 Guttman, Boaz Breaking Digital Evidence in Court [Several Items from ICCyber 2004 Conference] September 2004 Hodges, Keith Handling Digital Photographs for Use in Criminal Trials [PDF] May 2004 Laliberte, Scott & Ajay Gupta The Role of Computer Forensics in Stopping Executive Fraud October 2004 Sample chapter from "Defend IT: Security by Example" Lam, Patrick Why do we Need a Dedicated Technology Crime Unit? [PP Presentation] Lewis, Paul G. Data Forensics - The smoking gun may be a click away September 2004 Linux Security Research Center (Chonnam National University) System Forensics [PP Presentation] August 2004 Maurer, Ueli New Approaches to Digital Evidence [PDF] August 2003 Medford, MA Police Department Presentations/Forms/Publications - Internet Safety page Mislan, Richard P. Acquisition of a Palm OS PDA using @Stake’s Palm dd, Paraben’s PDA Seizure, and Guidance Software’s EnCase [PDF] 2004 Morgester, Robert M. Digital Photographs (in the courtroom) [PP Presentation] NIST, Rick Ayers & Wayne Jansen PDA Forensic Tools: An Overview and Analysis [PDF] August 2004 NHTCU Hi-Tech Crime 2004 - The Impact on UK Business [PDF] 2004 Othman, Kamal Hilmi Logging and Log Analysis - The Essential [PDF Presentation] July 2004 Parsons, Ian Forensic tools (Group Test) August 2004 Tools Tested: AccessData Ultimate Toolkit, EnCase Forensic Edition, Freeware and open-source tools, NetWitness Professional Edition, ProDiscover Incident Response, Vogon Investigation Software, Wiebetech Forensic ComboDock Phifer, Lisa Security Tools for the Budget Conscious ISP, Part III: Analysis and Forensics February 2004 Rathore, Balwant Incident Response Toolkit [PDF Presentation] August 2003 Rusch, Jonathan J. Phishing and Federal Law Enforcement [PDF Presentation] August 2004 Sedory, Daniel B. How To Permanently Erase Data from a Hard Disk May 2004 Seward, Jack Forensic Accounting - the recorded electronic data found on Computer Hard Disk Drives, PDAs and numerous other Digital Devices September 2004 Smith, Stuart Insider Threat, Identity Theft & Cyber Crime [PP Presentation] August 2004 Sremack, Joseph C. Formalizing Computer Forensic Analysis: A Proof-Based Methodology [PDF] 2004 Stenhouse, David P. Computer-Based Discovery and Risk Control [PDF] May 2004 Tran, Peter M. Distributed Cyber Forensics (pages 10-13) [PDF] Spring 2004 Wolfe, Heank Forensic evidence testimony — some thoughts [PDF] February 2004 The Emergence Of Electronic Forensics And Its Impact On IT [PP Presentation] October 2004 Within Legalese section Brill, Alan E. et alia Unlocking, Discovering and Using Digital Evidence [PDF] August 2003 Cohen, Adam I. & Gina A. Dombosch The Jurisprudence of Hard Disk Inspection: Protection by Protocol [PDF] 2004 eneate Digital Images as evidence in the judicial process [PDF] February 2003 Fujitsu The Legal Admissibility of Electronic Documents [PDF] Llewellyn, Virginia R. & E. Pennock Gheen Effective Electronic Discovery: Implementing a Response Plan [PDF] June 2004 NCSC's Civil Action Publication Issue's Focus: E-discovery [PDF] Summer 2004 Natsui, Takato Online Witness – How to Prevent Fake Evidence [PDF] Setec Investigations Several short articles Seward, Jack Protecting Yourself Against E-Illiteracy: Avoid Being Duped [PDF] September 2004 Sinrod, Eric J. The legal implications of self-destructing e-mail September 2004 Sinrod, Eric J. & William P. Reilly CyberCrime: A Practical Approach to the Application of Federal Computer Crime Laws [PDF] May 2000 Withers, Ken Two Tiers and Safe Harbor: The Electronic Discovery Amendments to the Federal Rules of Civil Procedure [PDF] August 2004 Zweig, Michael P. & Mark J. Goldberg Electronic Discovery June 2004 Within Other Tools section Ontrack PowerControls [Demo available] Tool for copying and searching mailbox data directly from Microsoft Exchange Server backups, un-mounted databases (.edb), and Information Store files. Partition Image [Free] A Linux/UNIX utility which saves partitions in many formats to an image file. Resource Hacker [Free] A freeware utility to view, modify, rename, add, delete and extract resources in 32bit Windows executables and resource files (*.res). RKDetect [Free] An anomaly detection tool which can find services hidden by generic Windows rootkits, like Hacker Defender. SecCheck [Free] A Windows forensic tool which aids in the detection and removal of malicious applications, backdoors, trojans, worms, and viruses. Sleuthkit/Autopsy Searchtools patch (by P. Bakker) [Free] Provides indexed searching capabilities for Sleuthkit/Autopsy tools Win32 Analyzer [Free] This script uses various Windows and 3rd Party tools to provide an effective forensic snapshot of your computer. Win32 First Responder's Analyzer Tookit [Free - from Archive.org] Win32 Analyzer Toolkit is a self-extracting exe meant for floppy, highlighting the use of simple scripts on Windows32 platforms to perform basic security tasks. This script uses various Windows and 3rd Party tools to provide an effective forensic snapshot of your computer. Windows Forensic Toolchest (WFT) [Free] Provides automated incident response on a Windows system, and collects security-relevant information from the system Within Projects section The Digital Evidence Project (ABA) http://www.digitalevidence.org/ Within Forums section Cell Phone Forensics [Yahoo group] http://groups.yahoo.com/group/phoneforensics/ DoD IA Newsletter http://www.iwar.org.uk/infocon/ia-vol.htm PG Lewis & Associates, LLC Monthly e-Newsletter http://www.pglewis.com/enewsletters_title.asp Windows IR [Yahoo Group] http://groups.yahoo.com/group/windowsir/ Within Links to Links section SecGuru Forensics - Presentations and Tools © 2004 All rights reserved