Home Digital Forensics BIBLIO What's New ALL Other Resources Digital Forensic Books OS Specific Articles Links to Links About This Site

WHAT'S NEW? This space is used to maintain a record of the latest additions to the site. Past Update Pages [2003 - 2005] January 2006 February 2006 March 2006 April 2006 May 2006 June 2006 July 2006 August 2006   AccessData AccessData Certified Examiner Study Guide [PDF] June 2006 America Online Law Enforcement Training Manual [PDF] Alink, W., R.A.F. Bhoedjang, P.A. Boncz, & A.P. de Vries XIRAF – XML-based indexing and querying for digital forensics [PDF] August 2006 Benninger, Corey Finding Gold in the Browser Cache [PDF Presentation] August 2006 Brinson, Ashley, Abigail Robinson, & Marcus Rogers A cyber forensics ontology: Creating a new approach to studying cyber forensics [PDF] August 2006 Bunting, Steve Log Parser (Microsoft) June 2006 The "Swiss Army Knife" for Intrusion Investigators and Computer Forensics Examiners Burdach, Mariusz Physical Memory Forensics [PDF Presentation] July 2006 Additional materials: Physical Memory Forensics Movies - 15 MB [Zipped] Butler, Frank Encase Version 5 Presentation [PDF Presentation] June 2006 CDESF (Common Digital Evidence Storage Format Working Group) Survey of Disk Image Storage Formats [PDF] September 2006 Carrier, Brian A Crash Course in Digital Forensics [PDF Presentation] June 2006 Carrier, Brian D. & Eugene H. Spafford Categories of digital investigation analysis techniques based on the computer history model [PDF] August 2006 Chan, Fred Challenges of Forensic Investigations Under Corporate Environment [PDF Presentation] June 2006 Daniels, Keith & Chris Sanft Creating a Cell Phone Investigation Toolkit: Basic Hardware and Software Specifications [PDF] August 2006 Digital Forensic Certification Board (DFCB) Documents and Meeting Materials 2004 - 2006 Fleischmann, Stefan X-Ways Software Technology AG [PDF Presentation] June 2006 Forentech The Forensic Lifecycle [PDF] 2005 Garfinkel, Simson L. Forensic feature extraction and cross-drive analysis [PDF] August 2006 Gleason, B.J. FOSS Digital Forensics [PDF Presentation] June 2006 Harris, Ryan Arriving at an anti-forensics consensus: Examining how to define and control the anti-forensics problem [PDF] August 2006 Hartley, Bruce Computer Forensics and Electronic Discovery [PDF Presentation] August 2006 Heiser, Jay Digital Forensics and Corporate Investigations [PDF Presentation & MP3] March 2006 Hines, 'Loki' Forensic Analysis Without an IDS: A Detailed Account of Blind Incident Response [PDF] January 2002 Ieong, Ricci S.C. FORZA – Digital forensics investigation framework that incorporate legal issues [PDF] August 2006 Interpol Mobile Phone Forensic Tools Sub-Group Good Practice Guide for Mobile Phone Seizure & Examination [Word doc] March 2006 Jansen, Wayne & Rick Ayers Guidelines on Cell Phone Forensics [Draft] [PDF] August 2006 Jeyaraman, Sundararaman, & Mikhail J. Atallah An empirical study of automatic event reconstruction systems [PDF] August 2006 Kennedy, Ian Principles of Digital Forensics as applied to Law Enforcement [PDF Presentation] July 2006 The electronic autopsy - digital forensics Part 1 August 2006 Looking for foul play - digital forensics Part 2 August 2006 Khanna, Nitin, Aravind K. Mikkilineni, Anthony F. Martone, Gazi N. Ali, George T.-C. Chiu, Jan P. Allebach, & Edward J. Delp A survey of forensic characterization methods for physical devices [PDF] August 2006 Klein, Tobias Process Dump Analyses - Forensical acquisition and analyses of volatile data [Zipped PDF] July 2006 Kornblum, Jesse Identifying almost identical files using context triggered piecewise hashing [PDF] August 2006 Krawetz, Dr. Neal You Are What You Type: Non-Classical Computer Forensics [PDF Presentation] August 2006 Lee, Sangwon, David A. Shamma, Bruce Gooch Detecting false captioning using common-sense reasoning [PDF] August 2006 Lyle, James R. A strategy for testing hardware write block devices [PDF] August 2006 McDougal, Monty Live Forensics on a Windows System: Using Windows Forensic Toolchest (WFT) [PDF Presentation] June 2006 Moulton, Scott Animated Hard Drive Recovery & Physical Rebuilds [Flash Presentation] August 2006 Murphy, Daniel Search, Seizure and Production Orders Considering the Privacy Environment [PP Presentation] March 2005 Musters, Marty Cell Phone Forensics [PDF] February 2006 The Trojan Horse Defence [PDF] December 2005 Netherlands Forensic Institute Mobile Phone Forensic Examination - Basic Workflow & Preservation Select options from drop-down menu at left Network Security Technology Digital Forensics Curriculum Consortium [Word docs] 2006 Pasco, Benedict M. Analytic & Forensics Technologies [PDF Presentation] June 2006 Patel, A., M. Shah, R. Chandramouli, & K.P. Subbalakshmi Covert Channel Forensics on the Internet: Issues, Approaches, and Experiences [PDF] February 2006 Riden, Jamie Responding to Security Incidents on a Large Academic Network: A Case Study May 2003 – October 2005 [PDF] February 2006 Rogers, Marcus K., Kathryn Seigfried, & Kirti Tidke Self-reported computer criminal behavior: A psychological analysis [PDF] August 2006 Roussev, Vassil, Yixin Chen, Timothy Bourg, & Golden G. Richard III md5bloom: Forensic filesystem hashing revisited [PDF] August 2006 Schatz, Bradley, George Mohay, & Andrew Clark A correlation method for establishing provenance of timestamps in digital evidence [PDF] August 2006 Schuster, Andreas Searching for processes and threads in Microsoft Windows memory dumps [PDF] August 2006 SEARCH Training Services Creating a Forensic Computer System: Basic Hardware and Software Specifications [PDF] August 2006 Shipley, Todd G. & Henry R. Reeve Collecting Evidence from a Running Computer: A Technical and Legal Primer for the Justice Community [PDF] August 2006 Sitaraman, Sriranjani Algorithms to Enable Forensic Analysis of Computer and Network Intrusions [PDF] Spring 2006 SWGDE-SWGIT Best Practices for Computer Forensics [PDF] July 2006 Turner, Paul Selective and intelligent imaging using digital evidence bags [PDF] August 2006 Vidas, Tim Cyber Forensics - Intermediate Topics [PDF Presentation] August 2006 Cyber Forensics - The Basics [PDF Presentation] August 2006 Cyber Forensics - Windows Remnants [PDF Presentation] August 2006 Forensic Analysis of Volatile Data Stores [PDF Presentation] August 2006 Walters, AAron FATKit: Detecting Malicious Library Injection and Upping the “Anti” [PDF] July 2006 Willis, Chuck & Rohyt Belani Web Application Incident Response & Forensics: A Whole New Ball Game! [PDF Presentation] August 2006 Within Legalese Guidance Software EnCase Legal Journal [PDF] Updated July 2006 Velasco, Jason Fundamental Issues of Electronic Discovery [PDF Presentation] July 2006 Within Forensic Utilities dumpautocomplete [Free] Dump Firefox AutoComplete files into XML Forensic Analysis Toolkit (FATKit) [In development] A new cross-platform, modular, and extensible digital investigation framework for analyzing volatile system memory. Live View [Free] A Java-based graphical forensics tool that creates a VMware virtual machine out of a raw (dd-style) disk image or physical disk. Process Dumper & Memory Parser [Free] Process Dumper is able to make a dump of a running process in a forensical manner. Memory Parser (MMP) is able to parse the meta information stored within process dumps made with Process Dumper (pd) and extract the different process mappings to disk PTfinder Collection [Free] A collection of PTfinders for Windows 2000, Windows XP (should be good for XP SP1 too), Windows XP SP2 and Windows Server 2003 (courtesy of Andreas Schuster) Sleuthkit Windows Executables [Free] Microsoft Windows executables for The Sleuth Kit; full source code and documentation can be downloaded. ssdeep [Free] The utility works like md5deep to create a short text signature for each input file. The signatures can be used to match other files against the original. Unlike MD5 or SHA-1, however, this algorithm can match two input files even if they are not exactly the same. Files match if they have significant homologies, or the same sequences of bytes in the same order. Sleuthkit/Autopsy Foremost patch [Free] Allows the integration of Foremeost into Autopsy, along with the option to edit the configuration file. Swapper [Free] Swapper is a small tool written in C that swaps all the bytes present in a file per pair. This is required for forensic research of disks for a large number of mobile phones and of copiers. Within Audio/Video Let's Talk Computers Real Digital Forensics w/ Keith Jones [Real Audio or Windows Media Player] July 2006 Within International GERMAN Klein, Tobias Computer Forensik - Live-Analyse [Zipped PDF] 2006 © 2006 All rights reserved