|
Return to Main
Menu
Audit - Detect
Network Intrusions
Anonymity &
Privacy
ATM - Asynchronous
Transfer
Biometrics
Business
Continuity Planning
Cellular
Communications
Computer Crime
& Investigations
Computer Hardware
Tutorial
Corporate
Violence in Workplace
Crypto &
Encryption - Part I
Crypto &
Encryption - Part II
Crypto &
Encryption - Part III
Disaster Recovery
Planning
Downloads - -
Public Domain
Downloads - Packet
Storm
Downloads - Hacker
Domain
Employment and Job
Opportunities
Ethics Law and
Security Policy
Firewalls
Frame Relay
Tutorials
FreeBSD -
Berkeley Unix Clone
FreeBSD -
OnlineBooks to Read
General Security
Related Links
Hacking - How its
done Guides
Hacked Web
Sites
Information
Warfare
Internet
Telephony & Protocols
Intrusion
Detection Library
Investigations and
Courtrooms
Java Security
Resources
Jobs &
Employment Opportunities
Legal Resources -
Legal Basics
Linux Resources -
Basics
Linux Resources -
Online Books
Mailing List -
For Newsletters
Magazine
Articles - SEARCHER
Magazine Store -
CheapPrices
Military &
Govt Security Docs
Networking -
Internet Protocols
Novell Networking
Security
Online Courses
-Boost Your Skills
Pager Hardware
Reprogramming
Penetration
Testing -Intrusions
Physical and
Facility Security
Privacy &
Anonymity on the Net
Programming
Tutorials
Protocols -
Networking - Internet
Resume and
Interview Resources
Security Magazines
Online
Security Reference
Library I
Security Reference
Library II
Security Policy
Library
Security
Standards & Guidelines
Smart
Cards
Telecommunication
& Internet
Telecommunications
Tutorials
Threat Risk
Assessments
Unix Security
Resources
Unix Security
Online Books
VPN's - Virtual
Private Networks
Virus Worms
Trojans Hoaxs
Voice / IP
Protocols and Standards
WIN NT Assorted
Files
WIN
NT Security Files
WIN 2000 Operating
System
Workplace
Violence
Y2K Year 2000
Information
|
Computer Forensics - Network
Forensics - Tutorials,
Guides, Articles, FAQs & Reviews
Definition of: computer
forensics
The investigation of a computer system
believed to be involved in cybercrime. Forensic software provides a
variety of tools for investigating a suspect PC. Such programs may include
a function that copies the entire hard drive to another system for
inspection, allowing the original to remain unaltered.
Another
utility compares file extensions to the data content in order to determine
if files have been camouflaged with phony file extensions. For example, an
image file might be renamed as a text document and vice
versa.
Network Forensics
In order to
identify attacks, "network forensics" deals with the capture and
inspection of packets passing through a selected node in the network.
Packets can be inspected on the fly or stored on disk for later analysis.
See forensically
clean, slack
space, write
blocker, file
wipe, IDS
and security
event management software.
NIST
Phases
The National Institute of Standards and
Technology "Guide to Integrating Forensic Techniques into Incident
Responses" covers four phases, which are briefly summarized below. For the
complete 121-page NIST publication, download draft SP 800-86 at
http://csrc.nist.gov/publications/nistpubs.
1 - Collection:
Identify, label, record and acquire data from possible sources, while
preserving the integrity of the data.
2 - Examination: Use manual
and automated methods to assess and extract data of particular interest,
while preserving the integrity of the data.
3 - Analysis: Use
legally justifiable methods and techniques to derive useful
information.
4 - Reporting: Describe actions used, explain how
tools and procedures were selected, determine what other actions need to
be performed, including forensic examination of additional data sources,
securing identified vulnerabilities and improving existing security
controls. Recommend improvements to policies, guidelines, procedures,
tools and other aspects of the forensic process.
FORENSIC ARTICLES, PAPERS and
PRESENTATIONS - The Big List....
Monitoring
and Network Forensics at the University of Chicago
(2003-12-22)
Cyber
Forensics: Find Out What You Are Missing
(2005-02-23)
Computer
Forensics Tool Testing (CFTT) Project (2004-07-23)
Computer
forensics: Techniques for catching the 'perp' protect company
data (2005-02-07)
http://www.educause.edu/LibraryDetailPage/666?ID=CSD3383 (2004-09-09)
Antiforensic
Tools (2005-06-09)
Forensic
Overview (2006-04-18)
System-Wide
Strategies for Achieving IT Security at the University of
California (2006-04-18)
Forging an
Anti-terrorism Search Tool (2005-06-06)
International
Association of Computer Investigative Specialists
(2004-10-05)
Open Source
Security Tools at Maricopa Community Colleges
(2004-01-13)
Security
Awareness - (2006-10-18)
Logging and
Monitoring - (2006-10-18)
Data
Security - (2006-10-18)
Security
Awareness - (2006-10-18)
Data
Security - (2006-10-18)
Logging
and Monitoring - (2006-10-18)
Intrusion
Detection and Prevention - (2006-10-18)
Security
Architecture - (2006-10-18)
Effective
Incident Response Teams: Two Case Studies
(2005-04-07)
Incident
Handling/Incident Response - (2006-10-18)
Intrusion
Detection and Prevention - (2006-10-18)
Incident
Handling/Incident Response - (2006-10-18)
[MY CONTENT STARTS HERE AND CONSTITUTES THE REST OF THE PAGE]
Evaluation
of Intelligent Intrusion Detection Models [PDF] Summer 2004
Event
Sequence Mining to Develop Profiles for Computer Forensic Investigation
Purposes [PDF] 2006
Windows
Forensics: Have I been Hacked?February 2004
Basic Computer
Forensic for the Private Investigator [PP Presentation]
Computer
Forensics 101 [PP Presentation] May 2004
AccessData
Certified Examiner Study Guide [PDF] June 2006
Registry
Quick Find Chart [PDF] August 2005
AGEC
Issues Paper: Evidence and the Internet [PDF] September 2000
Live
forensics: diagnosing your system without killing it first [PDF]
February 2006
MFP:
The Mobile Forensic Platform [PDF] Spring 2003
Mobile
Forensic Platform [PP Presentation] January 2004
Standardizing
digital evidence storage [PDF] February 2006
Automatically
Creating Realistic Targets for Digital Forensic Investigation [PDF]
August 2005
Automatically
Creating Realistic Targets for Digital Forensic Investigation [PDF
Presentation] August 2005
Detection
and Investigation of Compromised Hosts on Campus Networks [PDF
Presentation] April 2006
Intrusion
Detection Systems and A View To Its Forensic Applications [Available
as Postscript download] February 2000
Computer
& Network Forensics; Best Practices and Lessons Learned [PP
Presentation]
The
Forensic Chain-of-Evidence Model: Improving the Process of Evidence
Collection in Incident Handling Procedures [PDF]
Improved
event logging for security and forensics: developing audit management
infrastructure requirements [PDF] April 2003
FIRESTORM:
Exploring the Need for a Forensic Tool for Pattern Correlation in Windows
NT Audit Logs [PDF] November 2002
Design
of a Network-Access Audit Log for Security Monitoring and Forensic
Investigation [PDF] November 2003
Towards
Identifying Criteria for the Evidential Weight of System Event Logs
[PDF] 2004
Cisco
Router Forensics [PP Presentation] July 2002
Cisco
Router Forensics Checklist [Zipped file] July 2002
WebMail
Forensics [PDF Presentation] July 2003
Tracing
E-mail Headers [PDF] 2004
Computer
Searches
XIRAF:
Ultimate Forensic Querying 2006
XIRAF –
XML-based indexing and querying for digital forensics [PDF] August
2006
Collecting
Digital Evidence from Intrusion Detection Systems [PP Presentation]
Spring 2002
Digital Media
Forensics May 2000
Audit
Trails in Evidence: Analysis of A Queensland Case Study [RTF document]
December 2003
Automated
Log Processing [PDF] December 2002
Forensic
analysis of Windows hosts using UNIX-based tools [PDF] July 2004
Using
Extended File Information (EXIF) File Headers in Digital Evidence
Analysis [PDF] Winter 2004
Unleashing
the Power of JumpStart: A New Technique for Disaster Recovery, Cloning, or
Snapshotting a Solaris System 2000
Recovering,
Examining and Presenting Computer Forensic Evidence in Court [Word
document] 2004PP
Presentation
Law
Enforcement Training Manual [PDF]
Computer Evidence
Comes Of Age
Computer Evidence
Processing
Computer
Evidence Processing Step 1 -- Seizure of the Computer
Electronic Document
Discovery: A Powerful New Litigation Tool
Evidence
Processing: Computer Autopsy
Good Documentation
Is Essential
Hard Disk Drives -
Bigger is Not Better
Identifying
Internet Activity: Computer Forensics Goes To Cyber Space
The Third Step -
Preserve the Electronic Crime Scene
Forensics
(Procedures)
Ilook
Investigator [PP Presentation] 2005
EnCase
Test and Tutorial (from archive.org)
Computer
& Insider Crime: Problems & Solutions [PP Presentation]
February 2004
Report
on the Digital Evidence Needs Survey Of State, Local and Tribal Law
Enforcement [PDF] March 2005
Best
Practices for Handling of Electronic Evidence [PDF Presentation]
September 2003
Trace-Back:
A Concept for Tracing and Profiling Malicious Computer Attackers [PDF]
2002
Developing
a Framework for Evaluating Computer Forensic Tools [PDF] March 2003
Teaching
Computer Forensics: Uniting Practice with Intellect [PDF] June 2004
Electronic
Forensics Education Needs of Law Enforcement [PDF] June 2004
Computer
Forensics - Detecting the Imprint [PDF] August 2002
Digital
Forensic Reconstruction and the Virtual Security Testbed ViSe 2006
Investigation
Into Computer Forensic Tools [PDF] September 2004
An
Investigation into Computer Forensic Tools [PDF] July 2004
Setting
up a Cyber Crime Investigation Cell & Cyber Forensics Laboratory
2004
Legal
Constraints for the Protection of Privacy and Personal Data in E-evidence
Handling [PP Presentation] May 2003
Overview of
Legal Aspects, E-Evidence and Data Protection [PP Presentation] May
2003
The Investigation of Computer Crime and Crime Scene ComputersLesson Sample
[PDF]
Good
Practice Guide For Computer Based Evidence [PDF] v.2 - June 1999
Good
Practice Guide For Computer based Electronic Evidence [PDF] v.3 -
September 2003
Local
Copy
Some
Golden Rules for Investigating On-Line Child Sexual Exploitation 2001
Australian
Computer Crime and Security Survey [PDF] May 2005
The
Digital Crime Scene: A Software Prospective [PDF] March 2004
Designing
and Implementing a Computer Forensics Curriculum and Exercises [PDF
Presentation] September 2005
Case
Forms [PDF]
To
Catch a Thief: Digital Forensics in Storage Networks [PDF
Presentation] Spring 2006
Seizing
Computers and other Electronic Evidence Best Practice Guide [PDF]
February 2003
Forensic
Plan - A technical guide to aid in the preservation of digital evidence
following a computer security incident [PDF] July 2004
Incident
Response Plan - A technical guide to aid in preparing for, detecting and
responding to computer security incidents [PDF] July 2004
High Tech Crime
Briefs January 2005 New series, issues 1-9
PDA
Forensic Tools: An Overview and Analysis [PDF] August 2004
Cell Phone
Forensic Tools: An Overview and Analysis [PDF] October 2005
Intro
to Linux for Cyber Crime Investigators and Computer Forensic Examiners
[PP Presentation] 2003
KNOPPIX
Bootable CD Validation Study for Live Forensic Preview of Suspects
Computer [PDF] 2003
Using Linux
VMware and SMART to Create a Virtual Computer to Recreate a Suspect's
Computer [PDF] October 2002
Intercept
and Intelligence Hopefully Lawful [PDF] 2001
Simple
Law Enforcement Monitoring [PDF] July 2003 Discusses Lawfully
Authorized Electronic Interception
Checking
Microsoft Windows® Systems for Signs of Compromise [PDF] October 2004
Searchtools,
Indexed searching in forensic images September 2004
Security
Applications of Bootable Linux CD-ROMs [PDF] November 2001
Honeynet
Data Analysis: A technique for correlating sebek and network data [PP
Presentation] August 2004
Extreme
IP Backtracing [PP Presentation]
Network
Monitoring and Forensics [PDF] May 2004
6 on Forensics [PDF]
2002 - 2005
Six articles on Computer Forensics for Lawyers
Computer Forensics for Lawyers Who Can’t Set the Clock on their VCR
Cross-examination of the Computer Forensic Expert
Getting to the Drive: Gaining Access to your Opponent’s Digital Media
Meeting the Challenge: E-mail in Civil Discovery
Finding the Right Computer Forensics Expert
Picking Up the Slack: A Peek Behind the Curtain of Computer Forensics
Beyond Data about
Data: The Litigator's Guide to Metadata [PDF] 2005
Cross-Examination
of the Computer Forensics Expert [PDF] 2004
Accompanying PP
Presentation
Cybersleuthing
for People Who Can't Set the Clock on Their VCR [PDF] 2003
Discovery
of Electronic Mail: The Path to Production [PDF] 2005
Dodging the Bullet:
Cross-Examination Tips for Computer Forensic Examiners [PDF] 2005
Finding the Right
Computer Forensic Expert [PDF] May 2004
Getting to
the Drive: Gaining Access to your Opponent’s Digital Media [PDF]
Meeting the
Challenge: E-Mail in Civil Discovery [PDF] 2004
The
Plaintiffs' Practical Guide to E-Discovery [PDF] 2004
Workshop:
Recovering From an Attack November 2004
Computer
Forensic Investigations [Presentation in PDF] 2002
Digital
Evidence Acceditation Winter 2004
Digital
Evidence Acceditation: Part 2 February/March 2005
Windows Forensics:
A Case Study, Part One December 2002
Windows Forensics:
A Case Study, Part Two March 2003
Catching
Intruders with SNARE [Honeypot] [PDF Presentation] April 2003
Honeypots: Monitoring and
Forensics [LINK to Site]
Compliance,
Response, and the Technology that Drives Them [PDF Presentation]
October 2004
Computer
Investigations Computer Investigations in the UC System [PDF] February
2005
The
Enhanced Digital Investigation Process Model [PDF] May 2004Related
PowerPoint Briefing May 2004
Implementing a Forensic
Response Unit [PDF Presentation] June 2004
Computer
Forensics - Electronic Evidence
Techniques for Now, Problems for the
Future October 2000
File
Deletion in MS FAT Systems April 1999 (updated September 2002)
Internet
Browsing (and the question of intent) February 2003
Kazaa Hash
values and their use as criminal 'proof' April 2006
Possession
of Child Pornography July 2001 (updated September 2002)
Torn
Pieces
True
Expertise April 2003
Windows
Explorer Properties July 2001 (updated September 2002)
Secure
Data Deletion for Linux File Systems 2001
Combating
Online Software Piracy in an Era of Peer-to-Peer File Sharing [PDF]
August 2004
Fighting
Online Software Piracy—What Works in 2005 [PDF] 2005
Kick-Starting
Forensics at Your School [PP Presentation] April 2006
Recognizing the
Importance of Network Enabled Computer Forensics [Presentation in PDF]
November 2003
Forensic
Computing: Developing Specialist Expertise within the CS Curriculum
[PDF] June 2006
Best
method of preserving volatile evidence in RAM
A
Hierarchical, Objectives-Based Framework for the Digital Investigations
Process [PDF] August 2004
Related
PowerPoint Briefing
Tracking
Down the Criminal in Cyberspace [PP Presentation] May 2003
Interpreting
Network Traffic: A Network Intrusion Detector's Look at Suspicious
Events October 2002
Network
Forensics Primer [PP Presentation] August 2005
Network
Forensic Traffic Reconstruction with Tcpxtract January 2006
The
Network-Centric Incident Response and Forensics Imperative [PDF
Presentation] June 2006
Surplus
Disk Drive Vulnerability – Information leakage November 2003
Forgetting to
Lock the Back Door: A Break-in Analysis on a Red Hat Linux 6.2 Machine
[PDF] August 2002
Alternate
Data Streams in Forensic Investigations of File Systems Backups [PDF]
May 2006
13th
Annual Computer Security Incident Handling Conference (FIRST) [PDF]
Two Views
from the Data Mountain [PDF] June 2003
Finding
Gold in the Browser Cache [PDF Presentation] August 2006
Netmon forensic
tools and tipsApril 2006
The
Discipline of Internet Forensics August 2003
Data
Hiding Tactics for Windows and Unix File Systems May 2006
Data
Mining Email April 2004
System
Documentation - The "RegistryExtractor" [PDF] October 2005
Computer
Forensics article (No title given) September 1997
How
damaging is that trunk mounted radio to computer evidence? [RTF doc]
Network
forensics in a post GE world [PDF Presentation] October 2005
Online
evidence gathering and the Evidence Bin [PDF] October 2005
Digital
Forensics: Crime Seen
Digital
Forensics: Storage Media Primer
Unix DD command
and image creation
Windows
Filesystems Recovery
Working
with Images
Computer
Forensics Gear August 2001
Defeating
Live Forensics in the Windows Kernel [PP Presentation] June 2006
An
Introduction to The Coroners Toolkit [PDF] January 2001
Software
Write Block - Testing Support Tools Validation [PDF Papers] March 2005
Testing
BIOS Interrupt 0x13 Based Software Write Blockers [Paper, PP
Presentation & Poster] March 2005
Forensic
Investigation of Data in Live High Volume Environments [Word doc] 2005
Data Loss
Causes
Securing Electronic Evidence
the Right Way [PP Presentation] 2001
Development
of a zero skills forensic laptop registration and identification tool
[PDF] July 2005
Secure
Digital Camera [PDF] August 2004
Related
PowerPoint Briefing
Improving
Computer Forensics Media Analysis with Modeling Languages [PP Poster]
2004
Knowledge
discovery and experience modeling in computer forensics media analysis
[PDF] 2004 (Registration required)
Preparing
for Large-Scale Investigations with Case Domain Modeling [PDF] August
2005
Selection of
Hashing Algorithms [Word Document] June 2000
Analysing
Privacy-Invasive Software Using Computer Forensic Methods [PDF]
January 2006
Computer
Forensic - A Technological Perspective [PDF] March 2002
Everything
Your Mother Should Have Told You About Write Blockers [PDF
Presentation] June 2006
Computer
Forensics [PDF Presentation] November 2005
Forensic
Techniques for Investigating Network Traffic [PP Presentation] July
2002
Forensics
in Fifteen [Flash Presentation] March 2006
Forensics
in Fifteen [PP Presentation] April 2006
Knoppix
First Responders Guide [PDF] July 2003
Downloading:
Using Computer Software as an Investigative Tool June 1996
The
Evidential Value of Email [PDF] 2003
Computer
Forensics Lab Investigation Report [Word doc] 2005
Towards
Proactive Computer System Forensics [PP Presentation]
Practice
effective security log analysis July 2005
Part
2 - Make the most of your security log data July 2005
Collecting
Electronic Evidence After a System Compromise April 2001
The
Computer Forensics and Cybersecurity Governance Model April 2003
High-Tech Crimes Revealed: Cyberwar Stories from the Digital
Front
Chapter
3: If He Had Just Paid the Rent [PDF] August 2004Alternate
Link
High
tech investigations: It ain’t just forensics [PDF Presentation] May
2005
Investigating
Wireless [PDF] 2005
Computer
Searches and Seizures: Some Unresolved Issues March 2002
Guidelines for
Evidence Collection and Archiving July 2000
Incident
Response Procedures
Playing
in the Devil's Playground [PP Presentation] July 1999 Discusses the
merit of using statically linked binaries for forensic applications
The
Need For Forensic Capabilities In The Commercial Sector [PP
Presentation] July 2000
Basic
Windows Intrusion Detection and Forensics September 2003
A cyber
forensics ontology: Creating a new approach to studying cyber
forensics [PDF] August 2006
BCS
Comments on Proposals for Registration of Digital Evidence Specialists
January 2004
How
to use Helix to conduct a Basic Incident Response on a Windows XP
Professional SP2 Computer March 2005
Forensic
Computer and Cybercrime Investigations [PDF] December 2001 (from
archive.org)
The
Federal Court, the Music Industry and the Universities: Lessons for
Forensic Computing Specialists [PDF] November 2003
Bridging
the Divide: Rising Awareness of Forensic Issues amongst Systems
Administrators [PDF] Abstract 2002
Bridging the
Divide:Rising Awareness of Forensic Issues amongst Systems
Administrators [Presentation in Adobe Acrobat] 2002
Computer
Incident Investigations: e-forensic Insights on Evidence Acquisition
[PDF] May 2004
E-mail
and WWW browsers: A Forensic Computing Perspective on the Need for
Improved User Education for Information Systems Security Management
[PDF] 2002
Forensic
Computing: Developing a Conceptual Approach for an Emerging Academic
Discipline [PDF] 2001
Forensic
Computing: Developing a Conceptual Approach in the Era of Information
Warfare [PDF] 2001
Intrusion
Detection: Forensic Computing Insights arising from a Case Study on
SNORT [PDF] 2003
Intrusion
Detection: Issues and Challenges in Evidence Acquisition [Word
document] May 2003
Risks
and Solutions to problems arising from illegal or Inappropriate Online
Behaviours: Two Core Debates within Forensic Computing. [PDF] 2001
Advances
in Data Hiding Effects on Computer Forensics [Zipped PDF] October 2002
Analysis
of the ATA Protected Area [PDF] July 2003
Auditing
Cisco Routers [PDF Presentation] 2004
Bates
Numbering - What’s in a number anyway? [PDF] July 2002
Case
Study: Using Security Audits as an adjunct to Computer Forensics [PDF
Presentation] 2004
Computer
Forensics; Collection, Analysis and Case Management using ProDiscover
[Presentation in PDF] 2003
Detecting
& Collecting Whole Disk Encryption Media [PDF Presentation] June
2005
Developing
Corporate Policies in Support of Computer Forensics [PDF] July 2003
Digital
Discovery: It’s more than email [Zipped PDF Presentation]
Drive
Math [Zipped Word Document] February 2002
Exchangeable
Image File Format (ExIF) [PDF] October 2004
Hexadecimal
Flags for Partition Types [Zipped Word Document] February 2002
Obtaining
Computer Evidence [Zipped PP Presentation] April 2002
Procedural
Aspects of Obtaining Computer Evidence with Highlights from the DoJ Search
& Seizure Manual [Zipped file] February 2002
Risk
Sensitive Evidence Collection [PDF Presentation] 2004
The
Art of Key Word Searching [PDF] October 2003
The
Latest in Live Remote Forensics Examinations [PDF Presentation] June
2006
Windows
File Header Signatures
PC Forensics
Analysis [PP Presentation] August 2003
A
case study in security incident forensics and response (Part 1) March
2001
A
case study in security incident forensics and response (Part 2)
[Author: John Desmond] April 2001
Solving
Crimes Through Digital Forensics July 2005
Innovative
Techniques to Manage Sex Offenders in the Community [PDF Presentation]
June 2005
'Cyber-Crime
& Digital Evidence' Seminar Materials [Several PDFs] November 2005
Forensic
Computing and Digital Evidence [PDF Presentation] November 2005
Auditing
Cyber Crime [Zipped PDF Presentation] March 2005
Design of a
Digital Forensics Image Mining System [PDF] October 2005
The
Difference Between Paper and Electronic Files [PDF] March 2006
Norton
Ghost 2003 as a Forensic Image Acquisition Tool (GCFA Practical) [PDF]
December 2002
Tracking
Hackers on IRC 1999
Hiding
within the Trees [PDF] 2004
How
to Reuse Knowledge about Forensic Investigations [PDF] August
2004
Related
PDF Briefing
Forensics
for Critical Information Infrastructure Protection [PP Briefing]
August 2004
Computer
Forensics in Virginia [PDF Presentation] September 2004
Design
and Implementation of Zeitline: a Forensic Timeline Editor [PDF]
August 2005
Providing
Process Origin Information to Aid in Computer Forensic Investigations
[PDF] September 2004
On
the role of file system metadata in digital forensics [PDF] December
2004
Recovering
Deleted Files in Linux April 2002
Issues
in Computer Forensics [PDF] May 2003
Accessing the
System BIOS on Various Computers
EnCase Base64
Processing
Log Parser
(Microsoft) June 2006
The "Swiss Army Knife" for Intrusion
Investigators and Computer Forensics Examiners
Registry
Processing: Determining What Files/Folders are Shared
Restore
Point Forensics May 2006
Searching
for Outlook Compressible Encryption (PST Data) in the Unallocated
Clusters January 2006
SERIES: DBB Kazaa Database File - 1st 9 Fields plus Kazaa Hash Decoded
Viewing the Kazaa
DBB File in EnCase
Using EnCase to
Decode DBB Record Field Values
Using Local
Loopback and Kazaa Port to View Kazaa Shared Files in Browser
Viewing
the Kazaa DBB File in EnCase - Meaning of the "Last Shared Date/Time"
Time Change
Captured in Event Log - Event 577 2005
Understanding
index.dat Files Part 1 2005
Understanding
index.dat Files Part 2 May 2006
UNIX
Time Stamp ID and Hotmail
EnCase Computer Forensics--The Official EnCE : EnCase Certified
Examiner Study Guide
Chapter
1: Computer Hardware [PDF] March 2006
Tracing
Anonymous Packets to Their Approximate Source 2000
An
introduction to Windows memory forensic [PDF] July 2005
Digital
forensics of the physical memory [PDF] March 2005
Finding
Digital Evidence in Physical Memory [PDF Presentation] January
2006
Zipped
Tools & Related docs
Forensic Analysis
of a Live Linux System, Part One March 2004
Forensic Analysis
of a Live Linux System, Part Two April 2004
Physical
Memory Forensics [PDF Presentation] July 2006
Additional
materials: Physical Memory Forensics Movies - 15 MB [Zipped]
Windows
Forensic How-to: Incident Response Plan for Abuse of Corporate Assets
[PDF] February 2003
An Introduction to Linux as a Tool for Digital Investigation and
Analysis
Part 1 [PDF
Presentation] July 2005
Part 2 [PDF
Presentation] July 2005
Maintaining
Credible IIS Log Files November 2002
Without
a Trace: Forensic Secrets on a Windows Server [Presentation in PDF]
January 2004
Related
Tools [Zipped file]
The
SMS Murder Mystery: The dark side of technology [PDF] September 2005
Forensic
Examination of a RIM (BlackBerry) Wireless Device [PDF] June 2002
Forensic
Examination of a RIM (BlackBerry) Wireless Device [PP Presentation]
September 2002
Criminal
Forensic Investigations Use of Supportive Presentation Tools In a
Successful Investigation [PDF] May 2004
Computer
Security Incident Response Procedures: Do You Need One? You Bet You
Do! [PDF] January 2005
Forensics:
What to do after the Break-In [PDF Presentation] May 2002
Data
Hiding and Recovery [PDF] April 2003
Linux as
Forensic Platform of Choice [Presentation in PDF] April 2003
Computer
Crime & the Use of Computers in Crime
Chapter 8 from electronic
booklet"Dealing
with White Collar Crime"
Encase
Version 5 Presentation [PDF Presentation] June 2006
The Global
Enterprise - Forensic Audits Across the Large Scale Network [PDF
Presentation] November 2003
CATCH
Project Description [PDF]
Security
Event Correlation – Security's Holy Grail? [PP Presentation]
Combating High-Tech
Crime in California: The Task Force Approach [PDF] June 1997
Computer Forensics and Privacy
Chapter
6 - Modes of Data Insertion and Acquistion [PDF] 2002
Digital
"Evidence" May Not Be "Evidence" At All [PDF - Scroll down] February
2004
Police
Tighten the Net September 1998
The Necessity for
Computer Forensics January 2002
Computer
Forensics; What You Need to Know [PDF Presentation] October 2004
Digital
Fraud Examination [PDF] 2005
A
Mechanism for Automatic Digital Evidence Collection on High-Interaction
Honeypots [PDF & PP Presentations] June 2004
Teaching
Computer Forensics Using Student Developed Evidence Files [PP
Presentation] March 2006
To
Catch a Thief: Computer Forensics in the Classroom [PDF] October 2005
eDiscovery
Combining Forensics with Data Management: Applying the “Key Players”
concept of Zubulake [PDF Presentation] November 2005
A
Critical Evaluation of the Treatment of Deleted Files in Microsoft Windows
Operation Systems [PDF] 2005
The
Enemy Within - Investigating Computer Crime in the 21st Century [PDF]
2005
The
Trojan Made Me Do It: A First Step in Statistical Based Computer Forensics
Event Reconstruction [PDF] Spring 2004
Child
Abuse, Child Pornography and the Internet [PDF] December 2003
A
Crash Course in Digital Forensics [PDF Presentation] June 2006
A
Hypothesis-Based Approach to Digital Forensic Investigations [PDF]
March 2005
An
Investigator’s Guide to File System Internals (From archive.org) [PDF
Presentation] June 2002
Basic
Media Analysis & The Sleuth Kit / Autopsy [PDF Presentation] 2004
Defining
Digital Forensic Examination and Analysis Tools [PDF] August 2002
Defining Digital
Forensic Examination & Analysis [PP Presentation]
Open
Source Digital Forensics Tools: The Legal Argument [PDF] October 2002
PC-Based
Partitions [PDF] March 2005
Sample Chapter from File System
Forensic Analysis
Performing
an Autopsy Examination on FFS and EXT2FS Partition Images: An
Introduction to TCTUTILs and the Autopsy Forensic Browser [PDF]
The Sleuth Kit
Informer
UNIX
Computer Forensics [PDF] April 2004
Sample Chapter 12 from Know
your enemy
Why Recovering a
Deleted Ext3 File Is Difficult . . . August 2005
A
Hardware-Based Memory Acquisition Procedure for Digital Investigations
[PDF] 2003
A
Recursive Session Token Protocol For Use in Computer Forensics and TCP
Traceback [PDF] 2002
A
Digital Investigation Process Model (Poster) [PDF] 2004
An
Event-Based Digital Forensic Investigation Framework [PP Presentation]
August 2004
Automated
Digital Evidence Target Definition Using Outlier Analysis and Existing
Evidence [PDF] August 2005
Categories
of digital investigation analysis techniques based on the computer history
model [PDF] August 2006
Defining
Event Reconstruction of Digital Crime Scenes [PDF] November 2004
Getting
Physical with the Digital Investigation Process [PDF] Fall 2003
Investigating
Internet Histories with Internet Explorer 6
Investigating
Internet Histories with Netscape Navigator 6
Investigation
Internet Usage [HTML-Frames Presentation] January 2002
Forensic
Computing [PDF Presentation]
Bringing
the Cyber-Criminal to Justice: An Essay for the Technologically
Impaired 1997
Architectural
Innovations for Enterprise Forensics [PDF] November 2003
The
Coroner's Toolkit (TCT) [PP Presentation] Spring 2002
Carvdawg's
Perl Page
A collection of perl scripts, some of which may have
forensic applications.
Chapter 8: Using the
Forensic Server Project [PDF] July 2004
Sample Chapter book
Data
Hiding on a Live System [PP Presentation] January 2004
Detecting and
Removing Trojans and Malicious Code from Win2K September 2002
GMU2005
presentations [Zipped PP Presentations] August 2005
Topics: The
Windows Event Log file format; Tracking USB storage devices across Windows
systems; File/document metadata.
Malware
analysis for windows administrators [Available by request] 2005
No Stone Unturned Series
Part 1
February 2002
Part 2 March
2002
Part 3 April
2002
Part 4 May
2002
Part 5 June
2002
Part 6 August
2002
NT/2K Incident
Response Tools August 2001
Registry key list
[Zipped excel spreadsheet] April 2005
The
Dark Side of NTFS (Microsoft’s Scarlet Letter)
Discusses Alternate
Data Streams
The
Windows Registry as a forensic resource [Available by request] 2005
Using the
Forensic Server Project November 2004
Win2K First
Responder's Guide September 2002
Creating
an Incident Response Team [PP Presentation] April 2003
Digital Evidence and Computer Crime (Sample Chapters)
Chapter
1 - Digital Evidence and Computer Crime [PDF] 2004
Chapter
16 - Digital Evidence on Physical and Data-Link Layers [PDF] 2004
Error,
Uncertainty and Loss in Digital Evidence [PDF] June 2002
Error,
Uncertainty, and Loss in Digital Evidence [PP Presentation] February
2003 (from archive.org)
Forensic
Computer Analysis [PP Presentation] April 2003
Handbook
of Computer Crime Investigation Sample Chapter [PDF]Additional Materials
Related to the Book
Incident
Response and Analysis [PP Presentation] April 2003
Incident
Response and Forensics in Higher Education Environment [PP
Presentation] April 2004
Investigating
Network Intrusions [PDF Presentation] June 2001
Investigating
Sophisticated Security Breaches [PDF] February 2006
Network
Traffic as a Source of Evidence: Tool Strengths, Weaknesses, and Future
Needs [PDF] December 2003
Practical
Approaches to Recovering Encrypted Digital Evidence [PDF] August 2002
Profiling
Computer Criminals - Methodology or Myth [PP Presentation] July 2002
Tool
review - WinHex [PDF] April 2004
Tool
review – remote forensic preservation and examination tools [PDF]
December 2004
What to
Do After the Break-in: Preparing an Incident Report for Law
Enforcement May 2001
Automating
Case Reports for the Analysis of Digital Evidence [Abstract & PDF]
September 2005
Incident
Handling I [PDF Presentation] May 2003 (from archive.org)
Incident
Handling II [PDF Presentation] May 2003 (from archive.org)
Digital
Evidence Standards [PP Presentation] November 1999
Survey
of Disk Image Storage Formats [PDF] September 2006
Discovering Relationships in
Context: Inductive tools for forensic computing [PDF] June 2006
Digital
Search and Seizure [PDF] February 2006
Maintaining
the Forensic Viability of Logfiles [PDF] May 2001
Analyze
all available information to characterize an intrusion.
Installing
The Coroner's Toolkit and using the mactime utility
Steps
for Recovering from a Unix or NT System Compromise
Using
The Coroner's Toolkit : Harvesting information with grave-robber
Using
The Coroner's Toolkit : Rescuing files with lazarus
This
documentation discusses the use of two TCT tools, unrm and lazarus, on the
Sun Solaris operating system, version 2.x. You can use this approach with
other UNIX operating systems and hosts.
Virtual Training Environment (VTE)
January 2006
Challenges
of Forensic Investigations Under Corporate Environment [PDF
Presentation] June 2006
Computer
Forensics [PDF] November 2002
Computer
Forensics
Advanced
Packet Analysis [PDF Presentation] October 2002
Case
Studies in Implementing Packet-Level Analysis-based Security Solutions
[PDF Presentation] October 2002
Cybercrime at
Packet-Level Part 1 [PDF Presentation] October 2002
Cybercrime at
Packet-Level Part 2 [PDF Presentation] October 2002
Ethereal:
Analysis on a Budget [PDF Presentation] May 2005
Introduction
to Network and Local Forensics [PDF Presentation] May 2005
Decoy
Systems: A New Player in Network Security and Computer Incident
Response [PDF] Winter 2004
Criminal
Computer Intrusion Unit [PDF Presentation] August 2005
Who’s
At The Keyboard? Authorship Attribution in Digital Evidence
Investigations [PDF] May 2005
The Digital
Evidence in the Information Era March 2004
ECF
- Event Correlation for Forensics [PDF] 2003
An
Automatic System for Collecting Crime Information on the the Internet
2000
Content-Based
Image Retrieval for Digital Forensics [PDF] February 2005
Freeware
Forensics Tools November 2001
Freeware Forensics
Tools for Unix November 2001
Step by step instructions for using
TCT
Reasons
to Challenge Digital Evidence and Electronic Photography June 2003
Computer
Forensics and the Law of Evidence (Hong Kong) [PP Presentation] May
2003
Forensic
Software Maker Gets Tough on Computer Crime July 2004
Defending
Against Misuse of Forensic Analysis Tools on Windows Systems [PDF]
January 2004
FTP
Attack Case Study Part I: The Analysis May 2002
FTP
Attack Case Study Part II: The Lesson June 2002
Linux
Data Hiding and Recovery March 2002
Security
Warrior: How to Tell if you Unix System is Hacked [PDF] March 2004
An
Extended Model of Cybercrime Investigations [PDF] Summer 2004
CIO
Cyberthreat Response & Reporting Guidelines [PDF]
First
Responders: Training Scene of Computer Crime Investigators [PDF] June
2002
A Police
Officer’s Guide: Seizure, Handling and Storage of Computer Evidence
[PDF]
Forensics:
Data Trails and Detection [PDF Presentation] February 2006
Technological
Aspects of Internet Crime Prevention February 1998
Computer
Forensics - Digging with a Digital Shovel [PDF] April 2005
PDF
Presentation
Computer
Forensics - Digging with the Digital Shovel [PP Presentation] 2006
Forensic
Computer Examinations for Small to Medium Size Businesses [PDF
Presentation] September 2005
Auditing Tools for
Use in Forensic Investigations [PDF Presentation] February 2005
LINX
Best Current Practice - Traceability May 1999
Evidence
gathering tools
Evidence
investigation tools
Supportive
tools
Forensics
[PDF Presentation] December 2003
Discusses The Coroners Toolkit
Forensic
Computing within the Crime and Misconduct Commission [PDF] 2004 (from
archive.org)
Evidentiary
Benefits of Write Once-Read Many ("WORM") Optical Disk Storage for Records
Management [PDF] August 2000
A Day of Cyber
Investigation [HTML Presentation] April 2000
Challenges
to Digital Forensic Evidence [PDF Presentation] February 2006
Report on
Defendant-Name vs. State-Name November 2001
In this case, the
prosecution claims that Mr. Defendant-Name knowingly possessed and
accessed specific contraband data. The question posed to Mr. Cohen in
regard to this matter is whether these assertions made by the prosecution
are supported by the evidence.
So
Much Evidence... So Little Time November 1999
Forensic
and Log Analysis GUI Tutorial [PDF Presentation] January 2006
Hooking
IO Calls for Multi-Format Image Support (using PyFlag) January 2005
RAID
Reconstruction - And the search for the Aardvark [PDF Presentation]
April 2005
Disk
Forensics (using PyFlag) January 2005
Keyword
Searching and Indexing of Forensic Images (using PyFlag) January 2005
Log
Analysis (using PyFlag) January 2005
RAID
Reassembly - A forensic Challenge (using PyFlag) February 2005
Retrieval
of Video Evidence and Production of Working Copies from Digital CCTV
Systems [PDF] March 2006
Intrusion
Detection Tools [PDF Presentation] November 2005
The
Future of Network Digital Evidence [PDF Presentation] November 2005
Security
Essentials Toolkit: Forensic Backups
Exercise 1: Disk Imaging with
Ghost
Security
Essentials Toolkit: Forensic Backups
Exercise 2: Forensics with dd
Forensic
and Log Analysis GUI [PDF Presentation] April 2005
Collecting
and Preserving Evidence after a System Compromise [PP Presentation]
2000
Intrusion
Investigation and Post-Intrusion Computer Forensic Analysis 2000
Issue of
newsletter devoted to 'Computer Crime' [PDF] Summer 1999
Searching
and Seizing Computers and Obtaining Electronic Evidence in Criminal
Investigations July 2002
An
Emerging Challenge For Law Enforcement December 1999 Article contains
a list of Computer Evidence Processing Steps.
CSI For The
Home PC [PDF] 2004
The Computer
Under the Microscope Images
The
Basics of Digital Evidence Recovery
Computer
Forensics and Cyber Investigations [PDF Presentation] 2004
CSI/FBI
Computer Crime and Security Survey [PDF] 2005
Internal
Investigations - Procedures and Techniques: An Overview [PDF] April
2001
Digital
Forensics: A Case Study April 2005
Computer
Forensics [PDF Presentation] August 2003
Computer
Forensics [PDF Presentation] 2003
Computer
Forensics in a LAN Environment [PDF] 1999
Operational
Computer Forensics - The New Frontier [PDF] 2000
Network
Forensics Analysis [PDF] 2002
Analysing
E-mail Text Authorship for Forensic Purposes [PDF] March 2003
Gender-Preferential
Text Mining of E-mail Discourse [PDF] 2002
Examination
of Computer-Resident Evidence [PDF]
Forensic
Examination of Internet Activity [PDF] July 2001
A System for Collection,
Storage, and Analysis of Multi-platform Computer System Data November
2003
Do's and
Don'ts of Forensic Computer Investigations September 2004
Part
Two: A Forensics Inquiry, Step by Step September 2004
Identify
Intrusions with Microsoft Proxy Server, Web Proxy Service and WinSock
Proxy Service Log Files [PDF] 2001
Computer
Forensics [PP Presentation]
Cybercrime and
Computer Related Forensic Investigations [PP Presentation]
Enscript v3
Tutorials
Your Pal,
Enscript [PP Presentation]
Computer
Forensics Procedures and Methods [PDF] 2005
Craiger's
Cyberforensic Commandline Cheatsheet (C4) [PDF] 2005
Digital
Discovery with Linux Bootable CDs [PDF Presentation] 2005
Recovering Digital
Evidence from Linux Systems [PDF] 2005
Virtual
Digital Evidence Lab: A Distributed Forensic Resource Network [PDF]
May 2006
Abstract
[Word doc]
Law Enforcement
and Digital Evidence [PDF] April 2005
Digital evidence
obfuscation: recovery techniques [PDF] 2005
Challenges
for Law Enforcement in Forensics [PDF Presentation] February 2005
Cracking
Windows 2000 And XP Passwords With Only Physical Access [Word doc]
The
Eavesdropper’s Dilemma [PDF] February 2006
Computer
Crime and Forensics [PP Presentation] February 2003
2005
E-CrimeWatch Survey [PDF] 2005
CTOSE Project
Results [PDF] October 2003
Computer
Forensics 101 & Incident Response [PDF] October 2003
An
Evaluation of Image Based Steganography Methods [PDF] Fall 2003
Electronic
Evidence in Criminal Defense [PDF Presentation] March 2006
Cyber
Crime: The Next Challenge An Overview of the Challenges Faced by Law
Enforcement While Investigating Computer Crimes in the Year 2000 and
Beyond [PDF] 2000
Source of graphichttp://www.pittsburghlive.com/images/static/newsextra/0113cyber.pdf
Computer
Forensics - Problems and Solutions [PDF Presentation]
The
Use of Random Forest to Develop an Intelligent Computer Forensic Tool
[PDF] 2004
A
Forensic Tool Validation of the Coroner's Toolkit's mactime [PDF] 2003
Building
a Computer Forensics Education Program [PDF Presentation] April 2004
Digital
Forensics Research in the United States [PDF] March 2006
Digital
Forensics [PDF Presentation] May 2006
Computer Forensics:
Overview [PDF Presentation] 2003
Setting up an
Online Investigative Computer: Hardware, Connectivity and Software
Recommendations [PDF] June 2004
Creating
a Cell Phone Investigation Toolkit: Basic Hardware and Software
Specifications [PDF] August 2006
Deleted files can be
recovered 2006
SmartMedia,
CompactFlash & Memory Stick Data Recovery 2001
Computer
Forensics - A digital approach to Investigating Computer Crime [PDF
Presentation] 2004
Methods
for evidencing illicit use of a computer system or device [A Patent
Application] April 2003
Digital
Evidence Impact on Investigations and Audits [PP Presentation]
December 2003
Computer
Forensic Resources
Downloads -
Forms and Checklists
Computer
Intrusion Investigation Guidelines January 2001
High
Technology Crimes (Sacramento Valley Hi-Technology Crimes Task Force)
[PDF Presentation] 2004
Data
Recovery [PP Presentation] May 2003
Handling
Digital Evidence [PP & PDF Presentation] May 2005
Language
and Gender Author Cohort Analysis of E-mail for Computer Forensics [PP
Presentation] August 2002
Mining
E-mail Content for Author Identification Forensics [PDF]
Language
and Gender Author Cohort Analysis of E-mail for Computer Forensics
[PDF] August 2002
An Exploration
of Future Anti-Forensic Techniques [PDF] 2005
Computer
Forensics [PP Presentation] June 2002
Data Validation
Using The Md5 Hash
Cases
Involving Encryption in Crime and Terrorism May 1997
Hiding
Crimes in Cyberspace [Word document] July 1999
Hiding
Crimes in Cyberspace [PP Presentation] March 2001
Digital
Evidence Collection Worksheet [RTF document]
First
Responder's Manual [PDF] May 2001
Evidentiary
Considerations for Collecting and Examining Hard-Drive Media [PDF]
November 2001 (from archive.org)
Network
Forensics - Hacker, You cannot Escape! [Presentation in PDF] February
2004 (from archive.org)
The
Difficulty of Data Annihilation from Disk Drives: or Exnihilation Made
Easy [PDF] December 2001
A
Triad of Collaboration: Internet-Related Investigative Considerations
Prior to the Computer Forensic Application [PDF] November 2004
Virtual
- Reality: A Preliminary Forensic Assessment Relating to Child Pornography
in the Prosecutorial/Defense Effort [PDF] November 2003
Enterprise
Forensics - Changing the Forensic Paradigm… [PDF Presentation]
November 2005
The
Metasploit Framework - A DigitalDefence Technical Note [PDF] April
2006
Privacy and
Online Investigation by Copyright Management Bodies [PP Presentation]
May 2003
ISObuster
as a Forensic Tool [PDF] September 2002
Authenticating
Evidence of Internet Chat Room Logs Recovered From A Hard Drive
Documents and Meeting
Materials 2004 - 2006
Scan of the month -
Scan 24
Scan of the month -
Scan 26
What
is a Forensic Network?
The Weight of
Electronic Traces [PP Presentation] May 2003
Incident
response and fraud investigation – the role of the information technology
auditor 2003
Nailing
the Intruder [PDF] July 2001
Basic
Steps in Forensic Analysis of Unix Systems
Dissecting
Distributed Malware Networks [PP Presentation]
Intruder
Discovery / Tracking and Compromise Analysis August 2000
Reporting
probes/intrusion attempts from an IP address 2000
Responding
to a security incident on a Unix workstation 2000
An
Introduction to Computer Forensics [PDF] April 2006
Identification
of Appropriate Technologies, Procedure for Handling & Analysing
Digital Evidence [PP Presentation] 2005
Building
a Forensic PC [PDF Presentation] November 2005
Macintosh
Forensics [PDF Presentation] November 2005
Macintosh
Forensics [PDF Presentation] September 2005
Open
Source Digital Forensic Acquisition and Analysis on Mac OS X [PDF
Presentation] October 2004
Hands-On
Honeypot Technology - Analysis & Forensics [PDF Presentation] July
2005
Part of their'Hands-On Honeypots' course
taught at Blackhats USA 2005
Standardization
of Computer Forensic Protocols and Procedures [PDF Presentation] 2002
(from archive.org)
Computer
Forensics [PDF] January 2001
Information
Assurance Applied to Authentication of Digital Evidence October 2004
Digital
Forensics [PDF Presentation] November 2003
Dialing
for Evidence [PDF] Jan/Feb 2006
Can
Digital Evidence Endure the Test of Time? [PDF] August 2002
Powerpoint
Briefing
Forensics,
Fighter Pilots and the OODA Loop: The Role of Digital Forensics in Cyber
Command and Control [PDF] August 2004
Powerpoint
Briefing
XMeta:
a Bayesian approach for computer forensics [PDF] November 2004
Gentoo
Linux Quick Install Guide for a Forensic Workstation [PDF] March 2004
Virtual
War's Computer Forensic page
Learning
from what Intruders Leave Behind December 2000
Guidelines
for the Best Practice in the Forensic Examination of Digital
Technology [Word document] October 2003
Computer
Forensics in the Classroom [PPT Presentation] 2006
Abstract [PDF]
Is
That Data Gone Forever? [PP Presentation] May 2001
eBanking
Forensics
Forensics
for Advanced UNIX File Systems [PDF] 2004
Data
Hiding in Journaling File Systems [PDF] August 2005
Dusting for
digital fingerprints [Word document] March 2005
Whodunnit?
March 2001
Tracking the
hackers
Computer-Mediated
Communications and Criminal Evidence [PDF] March 1999
Drive
Translation (and second article AOL ART Files) [From archive.org]
March 2000
Automated
diagnosis for computer forensics [PDF] August 2001
Responding to
Cybercrime in the Post-9/11 World [PDF]
Formal
Specification and Refinement of a Write Blocker System for Digital
Forensics [PDF] November 2005
Embedding
Forensic Capabilities into Networks: Addressing Inefficiencies in Digital
Forensics Investigations [PDF Presentation] June 2006
Designing
a Computer Forensics Course for an Information Assurance Track [PDF]
June 2004
The
New Zealand Hacker Case: A Post Mortem [PDF] September 2005
Running
an IT Investigation in the Corporate Environment [PDF] February 2003
Evidence
Collection and Data Seizure
Introduction
to Knoppix-STD: Forensic Analysis of a Compromised Linux Harddrive [PP
Presentation] March 2004
Computer
Forensics: Training and Education [PDF]
CyberCrime
[HTML-framed Presentation] September 2001
Cyber
Crimes [PP Presentation] May 2006
Evaluating
the Capacity to Respond to E-Crime [PDF] 2000
Network
Forensics Evasion: How to Exit the Matrix March 2006
Computer
Forensics in the Inspector General Environment [PDF Presentation
Electronic
Discovery and Computer Forensics [PDF] January 2004
No
Thanks for the Memories January 2001
Higher-order
Wavelet Statistics and their Application to Digital Forensics [PDF]
2003
A
bit of help if you've just been broken into (from archive.org) 2000
A
bit of help recovering a deleted file under Unix (from archive.org)
2000
Bring Out Your Dead January
2001
What Are MACtimes? July
2001
Forensic Computer Analysis: An
Introduction July 2001
Forensic
Discovery (The Book)
The final HTML drafts that were sent to the
publisher; minus the final formatting and a few minor changes
Forensic Discovery
|