Home About This Site Kudos What's New Digital Forensics BIBLIO OS Specific Articles ALL Other Resources Links to Links

July 2004 FEATURED SITE FIRST'S Online Forensics of Win32 System Guide Past Updates 2004 January 2004 February 2004 March 2004 April 2004 May 2004 June 2004 2003 February 2003 March 2003 April 2003 May 2003 June 2003 July 2003 August 2003 September 2003 October 2003 November 2003 December 2003   Within the Bibliography section Afifi, Andrew Computer & Network Forensics; Best Practices and Lessons Learned [PP Presentation] Barnett, Ryan Using SWATCH for Forensic Analysis of VMware & DD images Using SWATCH for Forensic Analysis of VMware & DD images [Follow-ups] Bates, Jim Torn Pieces Bradford, Phillip, et alia Towards Proactive Computer System Forensics [PP Presentation] Broome, Neil Computer Forensics Auditing [PP Presentation] Carney, Megan & Marc Rogers The Trojan Made Me Do It: A First Step in Statistical Based Computer Forensics Event Reconstruction [PDF] Spring 2004 Chawki, Mohamed The Digital Evidence in the Information Era March 2004 Christiansen, Michael Defending Against Misuse of Forensic Analysis Tools on Windows Systems [PDF] January 2004 Clowes, Anthony Forensic Computing within the Crime and Misconduct Commission [PDF] COMSEC International Computer Forensics and Cyber Investigations [Presentation in PDF] 2004 FIRST Online Forensics of Win32 System Guide May 2004 Furlong, Dora Use of Dates and Times in Forensic Exams/Investigations [PDF] 2003 Ghosh, Ajoy Guidelines for the Management of IT Evidence [PDF] March 2004 Guidelines for the Management of IT Evidence [Presentation in PDF] March 2004 Gupta, Gaurav, Chandan Mazumdar & M. S. Rao Digital Forensic Analysis of E-Mails: A Trusted E-Mail Protocol [PDF] Spring 2004 Hosmer, Chet & BobbyJoe Countryman Biometrics and Digital Evidence [PDF] Jackson, Paul Computer Forensics - The Need for Diverse Tools [PP Presentation] March 2004 Kessler, Gary Steganography: Implications for the Prosecutor and Computer Forensics Examiner April 2004 An Overview of Steganography for the Computer Forensics Examiner July 2004 Kremen, Stanley H. Apprehending The Computer Hacker: The Collection and Use of Evidence Leung, Collin Computer Forensics as a Tool for Criminal Investigation [Presentation in PDF] March 2004 Menz, Mark & Steve Bress The Fallacy of Software Write Protection in Computer Forensics [PDF] May 2004 New Scotland Yard Computer Crime Unit Guide for the preservation of computer based evidence following an unauthorised intrusion San Bernardino County Sheriff’s Department Hi-Tech Crime Detail Applying Advanced Technology to Digital Evidence [PDF] 2003 Sarma, S.S. & Nishant Mohorikar Logs & Forensics [Presentation in PDF] December 2003 Shannon, Matthew Forensic Relative Strength Scoring: ASCII and Entropy Scoring [PDF] Spring 2004 Sommer, Peter Emerging Problems in Forensic Computing [PP Presentation] May 2004 Introducing Digital Forensics [PP Presentation] May 2004 Spenneberg, Ralf Autopsy and Sleuthkit, the Digital Forensics Toolkit - The Tracker Dog’s Guide [PDF] November 2003 SWGDE SWGDE Guidelines and Recommendations for Training in Digital Evidence [PDF] Modified March 2004 SWGDE Recommended Guidelines for Developing Standard Operating Procedures for Digital Forensic Examinations [PDF] Modified March 2004 SWGDE Recommended Guidelines for Validation Testing [PDF] Modified March 2004 Wong, C.M. The Value of Computer Forensics [PP Presentation] February 2004 Within Resources / Vendors section X-Ways Forensics Integrated Computer Forensics Software X-Ways Forensics is an advanced work environment for computer forensic examiners. It is closely integrated with the WinHex hex and disk editor and can be purchased as a forensic license for WinHex. X-Ways Forensics comprises all the general and specialist features known from WinHex VOOM ShadowDrive The VOOM ShadowDrive is a patented computer hardware device that is designed to aid the investigation of a computer’s hard drive. It provides investigators with read write access from the host computer’s perspective, while maintaining the original hard drive unchanged. Within Resources / Other Tools section Forensic Script [Zipped File] Modified version of script from 'Forensic Analysis of a Live Linux System, Part One' by Mariusz Burdach [http://www.securityfocus.com/infocus/1769], as well as a server side script for netcat, and definition of what ports are used for what files. memfetch memfetch is a handy utility for dumping the memory of a running process (either immediately or on fault). It is a quite valuable addition to the shell command armory of an average hacker, helping you recover information that would otherwise be lost, and making it easier to check the integrity or internals of a running process. Oxygen Phone Manager II (Forensic version) [Free] A special software for Police Departments, Law Enforcement units and all government services that wish to use Oxygen Phone Manager II for investigation purposes. Protected Storage Explorer Protected storage viewer is a freeware utility which allows you to view the protected storage in Windows 2000, Windows XP and Windows 2003 in an 'explorer style' fashion. PyFlag -v0.60 PyFlag is the Python implementation of Flag - a complete rewrite of FLAG in the much more robust python programming language. Many additional improvements were made. Revisionist MS Word document metadata analysis system EARLY BETA RELEASE Shaneware Small collection of forensic shell scripts Within Resources / Projects section Forensic Server Project The Forensic Server Project (FSP) is a proof of concept tool for retrieving volatile (and some non-volatile) data from potentially compromised systems. Within Audio & Video section IS3 Conference Aftermath Peter Sommer's audio recordings of presentations given at IS3 conference on Digital Forensics. ABC News Visits Logicube March 17, 2004 Within Legalese section Adams, James Suppressing Evidence Gained by Government Surveillance of Computers Spring 2004 Brown, Mary Kay & Paul D. Weiner Digital Dangers: A Primer on Electronic Evidence in the Wake of Enron [PDF] January 2003 Federal Judicial Center Materials on Electronic Discovery [Links] Galves, Fred & Christine Galves Ensuring the Admissibility of Electronic Forensic Evidence and Enhancing Its Probative Value at Trial Spring 2004 Hamzah, Zaid General Principles in Computer Forensic Law: An Introduction for IT professionals [PDF] May 2003 Patzakis, John Internal Computer Investigations as a Critical Control Activity Under Sarbanes-Oxley [PP Presentation] Podgor, Ellen S. Computer Crimes and the USA PATRIOT Act Summer 2002 Rubinger, Adam & Dean Gonsowski Instant Messaging: Newest E-discovery Frontier? [PDF] June 2004 © 2004 All rights reserved