Home Digital Forensics BIBLIO What's New ALL Other Resources Digital Forensic Books OS Specific Articles Links to Links Reciprocal Links About This Site

WHAT'S NEW? This space is used to maintain a record of the latest additions to the site. Past Update Pages [2003 - 2004] January 2005 Februray 2005 March 2005 April 2005 May 2005 June 2005 July 2005 August 2005   Within the Bibliography section Barbara, John J. Digital Evidence Acceditation Winter 2004 Digital Evidence Acceditation: Part 2 February/March 2005 Bejtlich, Richard Network Forensics Primer [PP Presentation] August 2005 Bogen A. Chris & Dr. David A. Dampier Preparing for Large-Scale Investigations with Case Domain Modeling [PDF] August 2005 Bradley, Tony Practice effective security log analysis July 2005 Part 2 - Make the most of your security log data July 2005 Buchholz, Florian & Courtney Falk Design and Implementation of Zeitline: a Forensic Timeline Editor [PDF] August 2005 Burke, Paul & Chris Marberry An Introduction to Linux as a Tool for Digital Investigation and Analysis Part 1 [PDF Presentation] July 2005 Part 2 [PDF Presentation] July 2005 Cannon, Richard Computer Forensics and Financial Investigations “What You Need To Know” [PDF Presentation] February 2005 Carrier, Brian D. & Eugene H. Spafford Automated Digital Evidence Target Definition Using Outlier Analysis and Existing Evidence [PDF] August 2005 Carvey, Harlan GMU2005 presentations [Zipped PP Presentations] August 2005 Topics: The Windows Event Log file format; Tracking USB storage devices across Windows systems; File/document metadata. Ceroni, Cristian Computer Forensics Tools with Mac OS X June 2005 Davis, Chris, David Cowen & Aaron Phillipp Hacking Exposed Computer Forensics Downloads - Forms and Checklists Department of Energy Digital Evidence Collection Worksheet [RTF document] Dornseif, Maximillian & Thorsten Holz Hands-On Honeypot Technology - Analysis & Forensics July 2005 Part of their 'Hands-On Honeypots' course taught at Blackhats USA 2005 Eckstein, Knut & Marko Jahnke Data Hiding in Journaling File Systems [PDF] August 2005 Farmer, Dan & Wietse Venema Forensic Discovery (The Book) The final HTML drafts that were sent to the publisher; minus the final formatting and a few minor changes Fellows, Geoff H. The joys of complexity and the deleted file [PDF] July 2005 (Requires registration) Foster, James C. & Vincent T. Liu Catch Me If You Can: Exploiting Encase, Microsoft, Computer Associates, and the rest of the bunch... [PDF Presentation] July 2005 Geiger, Matthew Evaluating Commercial Counter-Forensic Tools [PDF] August 2005 Geiger, Matthew & Lorrie Faith Cranor Computer-Forensic Privacy Tools: A Forensic Evaluation [PDF] June 2005 Geradts, Zeno, Arnout Ruifrok, Ivo Alberink, Jurrien Bijhold, Mirelle Goos, Bart Hoogeboom & Derk Vrijdag Extracting Forensic evidence from biometric access systems [PP Presentation] September 2004 Geradts, Zeno, Rikkert Zoun, Sjoert Bakker, Derk Vrijdag, Jurrien Bijhold Codecs & Formats [PP Presentation] September 2004 Gillam, Wm. Blair & Marc Rogers File Hound: A Forensics Tool for First Responders [PDF] August 2005 Grand, Joseph Handheld Forensics: Palm and Beyond [PDF Presentation] June 2005 Grimes, Roger A. Honeypots for Windows Ch. 11 - Honeypot Data Analysis [PDF] 2005 Hausman, Kalani Kirk Digital Forensics: A review of electronic forensic analysis techniques and why they should matter to you. [PP Presentation] October 2004 Video Stream of this Talk Hilton, Kelvin An Example of Mobile Forensics [PP Presentation] 2005 Kleiman, Dave Advanced Forensic Concepts [Zipped PP Presentation & Handouts] August 2005 Legary, Michael Digital Anti-Forensics: Real World Identification, Analysis & Prevention [PDF Presentation] July 2005 Louwrens, Buks Digital Forensics: Theory & Practice [PP Presentation] June 2005 Lucid IT Methods of Data Transportation Mandia, Kevin Performing Effective Incident Response [PDF Presentation] July 2005 Marko, Chris Beginners Guide to Linux Forensics [PDF] June 2005 Introduction to Linux Forensics [PDF] June 2005 Introduction to Linux Forensics [PP Presentation] June 2005 Muller, Jon Digital Warrants Language for a proposed California law dealing with computer search warrants. Encase Decryption System [PDF] Forensic Checklist [PDF] Mac Acquisition using Target Disk Mode Musil, Marcin Data Recovery - Part of Computer Forensic Process [PP Presentation] September 2004 NIST, Tim Grance, Suzanne Chevalier, Karen Kent & Hung Dang Guide to Computer and Network Data Analysis: Applying Forensic Techniques to Incident Response [PDF] August 2005 NIST Special Publication 800-86 (Draft) Nolan, Richard, Colin O’Sullivan, Jake Branson, & Cal Waits First Responders Guide to Computer Forensics [PDF] March 2005 CERT Training and Education Nugen, Stephen M. Helping Your Users by Spying On Them [PDF] August 2005 Pan, Lei & Lynn M. Batten Reproducibility of Digital Evidence in Forensic Investigations [PDF] August 2005 Parker, Don & Mike Sues Packet forensics using TCP August 2005 Peron, Christian S.J. & Michael Legary Digital Anti-Forensics: Emerging trends in data transformation techniques [PDF] May 2005 Richard, Golden G. III & Vassil Roussev Scalpel: A Frugal, High Performance File Carver [PDF] August 2005 Sarmoria, Christian G. & Steve J. Chapin Monitoring Access to Shared Memory-Mapped Files [PDF] August 2005 Steichen, Pascal Computer Forensics [PDF] January 2005 Tiger Shark Forensic Process and Tricks [Word document] Tseng, Newbug Linux Forensics [PDF Presentation] October 2004 Turner, Philip Unification of Digital Evidence from Disparate Sources (Digital Evidence Bags) [PDF] August 2005 van der Knijff, Ronald TULP2G: A forensic framework for extraction and decoding of data stored in electronic devices [PP Presentation] September 2004 Vidas, Tim Computer & Network Forensics [PDF Presentation] August 2005 Large download - 5.5 MB / 329 slides Wang, Wei & Thomas E. Daniels Network Forensics Analysis with Evidence Graphs [PDF] August 2005 Within Legalese section Carr, Michael G. Implications of the Proposed New Federal Rules for E-Discovery May 2005 [PP Presentation] Podcast of this session Loncke, Mieke Case law and acceptance of electronic evidence in court September 2004 [PP Presentation] Nelson, Sharon D. & John W. Simek Electronic Discovery What Dangers Lurk in the Virtual Abyss June 2004 Swienton, Anjali R. & Erin E. Kenneally Poking the Wookie: The Chewbacca Defense in Digital Evidence Cases [PDF Presentation] February 2005 Walker, Cornell Computer Forensics: Bringing the Evidence to Court [PDF] August 2005 Within International section GERMAN Dornseif, Maximillian Computerforensik in der akademischen Forschung und Ausbildung [PDF Presentation& Handouts] August 2005 Within Resources / Audio & Video section Cynergy's Web Cast Previews Digital Evidence and the Role it Plays - MCLE Computer Evidence Collection and Preservation (labelling evidence) Attenex Archived Webcasts Sept 2004 - Creating an Effective Digital Discovery Strategy Oct 2004 - Discovery Tactics for Microsoft Outlook and Lotus Notes Digital Forensics Information Security Forum Meeting - Kirk Hausman, speaker Digital Forensics John Walters interviews Dartmouth professor Hany Farid about his work in counterfeit image detection Merrill Corporation's On-demand Seminars Dennis Kennedy, Tom O'Connor, & Michael Clark speak on Electronic Discovery (10 seminars available to date) US Air Force Office of Special Investigations COURT TV'S FORENSIC FILES & OSI - SHOW #1 - Reassembly of Floppy Disk Within Resources / Projects section FCCU GNU/Linux Forensic Boot CD This CD is based on KNOPPIX by Klauss Knopper, remastered for use by a computer forensic investigator. SMART Linux SMART Linux is a live CD and an installable distribution of Linux designed for Data Forensics and Incident Response Within Resources / Other Tools section Eindeutig A tool that parses Outlook Express DBX files Offline Registry Parser [from Harlan Carvey] A Perl script that parses the raw Registry files in binary mode, and prints out the data, to include LastWrite times Scalpel: A Frugal, High Performance File Carver Scalpel is a fast file carver that reads a database of header and footer definitions and extracts matching files from a set of image files or raw device files. TAFT - The ATA Forensics Tool TAFT is an ATA (IDE) forensics tool that communicates directly with the ATA controller. It can retrieve various information about a hard disk, as well as look at and change the HPA and DCO settings. TULP2G A forensic framework for extracting and decoding data - July 31 2005: TULP2G 1.2.0.2 Released Within Forums Forensic Magazine On-Line and Print Source For Information on Forensic Products, Equipment, and Services; has several articles related to Digital Forensics ForensicIT Forums (IN)SECURE Magazine A freely available digital security magazine discussing some of the hottest information security topics PuterCops.org: Forums SMARTFORENSICS Forums SMART and Linux Support boards Technology Pathways Community Forum Knowledge Management and Collaboration Lists for ProDiscover Users © 2005 All rights reserved