Home About This Site Kudos What's New Digital Forensics BIBLIO OS Specific Articles Other Resources Links to Links

March 2003 Within the Bibliography section Ball, Craig Cybersleuthing for People Who Can't Set the Clock on Their VCR [PDF] October 2002 Barbin, Douglas W. & Rob Hanson Incident Management and Forensics in the 21st Century June 2001 [Download, and rename without .gz extension] Barish, Stephen Windows Forensics: A Case Study, Part Two March 2003 Bourgeois, Philippe Over Disk Analysis Hurdles (bottom of page) June 2001 [Download, and rename without .gz extension] Caloyannides, Michael Computer Forensics and Privacy - Chapter 6 - Modes of Data Insertion and Acquistion [PDF] 2002 Carrier, Brain An Investigator’s Guide to File System Internals [Presentation in PDF] June 2002 Collie, Byron Legal and Operational Issues affecting Evidence Preservation and Recovery in Intrusion Cases June 2001 [Download, and rename without .gz extension] Corey, Vicka, Charles Peterman, Sybil Shearin, Michael S. Greenberg, and James Van Bokkelen Network Forensics Analysis [PDF] 2002 dos Reis, Marcelo Abdalla & Paulo L. de Geus Standardization of Computer Forensic Protocols and Procedures [Presentation in PDF] June 2002 Farmer, Dan & Wietse Venema Forensic Discovery & Hawaii [Presentation in PDF] June 2002 Filiberto, James Forensic Analysis of a Rogue System [PDF] February 2002 Garrett, Dan Recovering Malicious User Activity June 2001 [Download, and rename without .gz extension] Ghirardini, Andrea "Pila" Computer Forensics - "Introduzione alla Computer Forensics" [PDF Presentation in Italian] July 2002 Grand, Joe pdd: Memory Imaging and Forensic Analysis of Palm OS Devices [Presentation in PDF] June 2002 Jackman, Michael Ghosts in the Machine Juhnke, Deborah H. Where Litigation Support Ends and Electronic Discovery Begins (Part One of Two Parts) October/November 2002 Where Litigation Support Ends and Electronic Discovery Begins (Part Two of Two Parts) December/January 2003 Kohl, Kevin Obtaining And Protecting Electronic Information For Prosecution Purposes [Word Document] August 2001 Leibrock, Larry Tutorial - Forensics for Windows XP Clients [Presentation in PDF] June 2002 Orshesky, Christine M. Investigating Malware Incidents June 2001 [Download, and rename without .gz extension] Pasqual, Everton Schonardie, Julio Dias, & Ricardo Felipe Custodio A new method for Digital Time-Stamping of Electronic Document [PDF] June 2002 Redmon, Barbara Jones Maintaining Forensic Evidence for Law Enforcement Agencies from a Federation of Decoy Networks: An Extended Abstract [PDF] Fall 2002 Redmond, Sharren Creating Hash Sets Manually [PDF] Schaffer, Gregory P. The Role of Computer Forensics in the Investigation of Network Intrusion Activity [Presentation in PDF] June 2002 Shpantzer, Gal & Ted Ipsen Law Enforcement Challenges in Digital Forensics [Presentation in PDF] 2002 Venema, Wietse Indestructible Information (bottom of page) June 2001 [Download, and rename without .gz extension] Within Resources / Other Tools section DFSee (Demo available) Display File Systems (DFSee) is a generic partition and filesystem utility. It supports partition-tables (FDISK, LVM), (V)FAT, FAT-32, HPFS and some NTFS and JFS. Digital Evidence Analysis Software (DEAS) (in German) InstantRecovery (Demo available) The disk imaging software quickly performs a "physical disk" image backup of any hard drive or partition directly to CD-R/CD-RW, hard disk, removable drives, or tape drive. New version 4.0 can now write the backup image to a file on a local (larger) disk leaving the remaining space unused. Includes USB 2.0 and FireWire 1394 removable-media device support. Recover (Freeware) Recover is a utility which automates some steps of recovering deleted files on an ext2 filesystem. RPM of Recover built on Red Hat Linux 8.0 (thanks to Thomas Rude) Secure Hash Signature Generator (Demo available) The "Secure Hash Signature Generator" creates signatures that are unique to the data stored on a disk drive. These signatures are used to verify intentional or accidental tampering with the drive image. The software has the ability to scan any secondary or slave drive attached to a PC or the RoadMASSter running the Windows operating system. This application can run on any version of the Windows operating system including Win 95/98/2000/NT/ME/XP. It is safe and does not write to the drive. There are three different algorithms used to generate the signature. Any one of them can be chosen before starting the operation. We support MD5 (128-bit signature), SHA1 (160-bit signature), and CRC (32-bit signature). SomarSoft Utilities (Freeware) DumpSec - a security auditing program for Microsoft Windows® NT/2000 DumpEvt - a Windows NT program to dump the event log in a format suitable for importing into a database DumpReg - a program for Windows NT and Windows 95 that dumps the registry Within Legalese section Butler, Jeffrey M. Managing E-Mail: "Discovery" in a US Lawsuit [PP Presentation] October 2002 Henderson, Curt B. Computer Forensics and Electronic Evidence: New Opportunities and New Obligations for the 21st Century [PDF] November 2002 Examplar Order Requiring Imaging of Hard Drive [PDF] March 2003 The Duty To Preserve Electronic Data [PDF] January 2003 Pike & Fischer's Criminal Practice Library Computer Generated Evidence: Demonstrative Evidence in the Age of Computerization 2001 Ryan, Daniel J. & Gal Shpantzer Legal Aspects of Digital Forensics [Word Document] © 2003 All rights reserved