This is G o o g l e's cache of http://www.infosyssec.com/infosyssec/networkforensics.html as retrieved on Dec 12, 2006 17:20:01 GMT.
G o o g l e's cache is the snapshot that we took of the page as we crawled the web.
The page may have changed since that time. Click here for the current page without highlighting.
This cached page may reference images which are no longer available. Click here for the cached text only.
To link to or bookmark this page, use the following url: http://www.google.com/search?q=cache:jVna5Eq5h9oJ:www.infosyssec.com/infosyssec/networkforensics.html+%22Time+Change+Captured+in+Event+Log+-+Event+577%22&hl=en&gl=us&ct=clnk&cd=4

Google is neither affiliated with the authors of this page nor responsible for its content.
These search terms have been highlighted:  time  change  captured  in  event  log  event  577 

Computer Forensics - Network Forensics - Tutorials, Guides, Articles, FAQs & Reviews - Computer Security - Hacking And Hackers Information Security Resource Portal security hacking hackers hacker news downloads crackers virus virii viruses hacked webpages DOS denial of service hacking files hack files hack links hacking links encryption spoofing news texts password crackers port monitors key logger phreaking boxes wardialers patches exploits computer security network security privacy encryption computer crime firewallsinformation warfare intrusion detection hackers elec

Our News Resources have been upgraded
to bring you the latest news from around the World.
Check out the latest news by clicking HERE

The Security Portal for Information System Security Professionals

The most comprehensive computer and network security resource on the Internet for Information System Security Professionals - Says Yahoo Editors

Return to Main Menu

Return to Main Menu

Our Research Facility

Audit - Detect Network Intrusions
Anonymity & Privacy
ATM - Asynchronous Transfer
Biometrics
Business Continuity Planning
Cellular Communications
Computer Crime & Investigations
Computer Hardware Tutorial
Corporate Violence in Workplace
Crypto & Encryption - Part I
Crypto & Encryption - Part II
Crypto & Encryption - Part III
Disaster Recovery Planning
Downloads - - Public Domain
Downloads - Packet Storm
Downloads - Hacker Domain
Employment and Job Opportunities
Ethics Law and Security Policy
Firewalls
Frame Relay Tutorials
FreeBSD - Berkeley Unix Clone
FreeBSD - OnlineBooks to Read
General Security Related Links
Hacking - How its done Guides
Hacked Web Sites
Information Warfare
Internet Telephony & Protocols
Intrusion Detection Library
Investigations and Courtrooms
Java Security Resources
Jobs & Employment Opportunities
Legal Resources - Legal Basics
Linux Resources - Basics
Linux Resources - Online Books
Mailing List - For Newsletters
Magazine Articles - SEARCHER
Magazine Store - CheapPrices
Military & Govt Security Docs
Networking - Internet Protocols
Novell Networking Security
Online Courses -Boost Your Skills
Pager Hardware Reprogramming
Penetration Testing -Intrusions
Physical and Facility Security
Privacy & Anonymity on the Net
Programming Tutorials
Protocols - Networking - Internet
Resume and Interview Resources
Security Magazines Online
Security Reference Library I
Security Reference Library II
Security Policy Library
Security Standards & Guidelines
Smart Cards
Telecommunication & Internet
Telecommunications Tutorials
Threat Risk Assessments
Unix Security Resources
Unix Security Online Books
VPN's - Virtual Private Networks
Virus Worms Trojans Hoaxs
Voice / IP Protocols and Standards
WIN NT Assorted Files
WIN NT Security Files
WIN 2000 Operating System
Workplace Violence
Y2K Year 2000 Information

Computer Forensics - Network Forensics - Tutorials, Guides, Articles, FAQs &  Reviews

Definition of: computer forensics

The investigation of a computer system believed to be involved in cybercrime. Forensic software provides a variety of tools for investigating a suspect PC. Such programs may include a function that copies the entire hard drive to another system for inspection, allowing the original to remain unaltered.

Another utility compares file extensions to the data content in order to determine if files have been camouflaged with phony file extensions. For example, an image file might be renamed as a text document and vice versa.

Network Forensics
In order to identify attacks, "network forensics" deals with the capture and inspection of packets passing through a selected node in the network. Packets can be inspected on the fly or stored on disk for later analysis. See forensically clean, slack space, write blocker, file wipe, IDS and security event management software.

NIST Phases

The National Institute of Standards and Technology "Guide to Integrating Forensic Techniques into Incident Responses" covers four phases, which are briefly summarized below. For the complete 121-page NIST publication, download draft SP 800-86 at http://csrc.nist.gov/publications/nistpubs.

1 - Collection: Identify, label, record and acquire data from possible sources, while preserving the integrity of the data.

2 - Examination: Use manual and automated methods to assess and extract data of particular interest, while preserving the integrity of the data.

3 - Analysis: Use legally justifiable methods and techniques to derive useful information.

4 - Reporting: Describe actions used, explain how tools and procedures were selected, determine what other actions need to be performed, including forensic examination of additional data sources, securing identified vulnerabilities and improving existing security controls. Recommend improvements to policies, guidelines, procedures, tools and other aspects of the forensic process.

FORENSIC ARTICLES, PAPERS and PRESENTATIONS - The Big List....

  • Intro to Linux for Data Forensics version 2.0.5
  • Accessing the System BIOS on Various Computers
  • EnCase Base64 Processing
  • Using EnCase to Decode DBB Record Field Values
  • Viewing the Kazaa DBB File in EnCase
  • Understanding index.dat Files Part 1
  • Understanding index.dat Files Part 2
  • Viewing the Kazaa DBB File in EnCase - Meaning of the "Last Shared Date/Time"
  • Log Parser (Microsoft)
  • Searching for Outlook Compressible Encryption (PST Data) in the Unallocated Clusters
  • Restore Point Forensics
  • Registry Processing: Determining What Files/Folders are Shared
  • Time Change Captured in Event Log - Event 577
  • UNIX Time Stamp ID and Hotmail
  • Using Local Loopback and Kazaa Port to View Kazaa Shared Files in Browser
  • Electronic Evidence and Computer Forensics
  • Computer Forensics and Electronic Evidence--Reconstructing What Happened
  • Preparing to be an Expert Witness
  • Filesystem and network acquisition and analysis tools
  • Network forensics in a post GE world
  • FCCU GNU/Linux Forensic Boot CD
  • Computer Under the Microscope Images
  • The Computer Under the Microscope Images
  • Extracting Email IDs from IM Clients
  • Information Technology Security Part 6 Investigation and Forensics I
  • Seizing a Computer System for Digital Forensic Systems Examination
  • Time Stamps and Timing in Audit-Based Digital Forensic Systems Examination
  • Semantic Forensics: An Application of Ontological Semantics to Information Assurance
  • Using Digital Forensics to Maintain the Integrity of our Nation’s Critical Infrastructure
  • A Day of Cyber Investigation
  • Firms increasingly call on cyberforensics teams
  • Metadata, The Mac, and You
  • Computer forensics tips help you monitor investigations
  • Securing Electronic Evidence the Right Way
  • Data Loss Causes
  • Why Conduct Computer Forensics Examinations?
  • Guidelines For Data Gathering And Forensics?
  • What is the Scope of Computer Forensics?
  • Internal Computer Investigations as a Critical Control Activity
  • Forensic Analysis Without an IDS: A Detailed Account of Blind Incident Response
  • Data Hiding Tactics for Windows and Unix File Systems
  • Finding Digital Evidence in Physical Memory
  • WebMail Forensics
  • Chapter 1 - Digital Evidence and Computer Crime
  • Chapter 16 - Digital Evidence on Physical and Data-Link Layers
  • Refining the Taxonomy of Forensic Computing in the Era of E-crime: Insights from a Survey of Australian Forensic Computing Investigation (FCI) Teams
  • Electronic Evidence and Computer Forensics
  • Computer Forensics in the Campus Environment
  • General Guidelines for Seizing Computers and Digital Evidence
  • Computer Forensics: Forensic Data Diving Using the Linux Operating System
  • Forensic Data Diving Using the Linux OS
  • Network Intrusion and Attack Signatures
  • Computer Forensics
  • Evidence gathering tools
  • Evidence investigation tools
  • Supportive tools
  • Digital Evidence Collection Worksheet
  • U.S. Department of Energy Cyber Incident Response Handbook
  • Cyber Security Incident Response/Forensic Awareness for Managers
  • Cyber Security Incident Response/Forensic Awareness for System Administrators
  • Cyber Security Incident Response/Forensic Awareness for Users
  • DOE Cyber Forensics Laboratory: Program Briefing
  • An Analysis of Disk Carving Techniques
  • An Analysis of Linux RAM Forensics
  • Computer Forensics in the Classroom
  • Automating Case Reports for the Analysis of Digital Evidence
  • ForNet: A Distributed Forensics Network
  • Forensic Computing
  • Throwing out the Enterprise with the Hard Disk
  • Sharing Network Logs for Computer Forensics: A New Tool for the Anonymization of NetFlow Records
  • Put A Trace On It: A Command You Can "truss"
  • TKS1 - An anti-forensic, two level, and iterated key setup scheme
  • The Value of Computer Forensics
  • Open Source Digital Forensic Acquisition and Analysis on Mac OS X
  • Computer Forensics for Non profits
  • Internet Security & Incident Response: Scenarios & Tactics
  • Cyber crime and the Law; Where the Net meets the Node
  • Police Reserve Specialists - Local Application of Global Concept
  • Event Sequence Mining to Develop Profiles for Computer Forensic Investigation Purposes
  • Unredacted copy of this report (also available as a PDF) from Cryptome.org
  • Towards Proactive Computer System Forensics
  • A Critical Evaluation of the Treatment of Deleted Files in Microsoft Windows Operation Systems
  • Computer Forensics in a LAN Environment
  • Operational Computer Forensics - The New Frontier
  • Computer Security Incident Response Guide
  • An Overview and Analysis of PDA Forensic Tools
  • Forensic Software Tools for Cell Phone Subscriber Identity Modules
  • Incident Response Fundamentals Class
  • The CERT Virtual Training Environment: Information Assurance and Forensics Training Anywhere, Anytime
  • Guidelines on Cell Phone Forensics [Draft]
  • Guide to Computer and Network Data Analysis: Applying Forensic Techniques to Incident Response
  • Guidelines for Media Sanitization
  • Computer Forensic Guidance
  • Fingerprint Identification and Mobile Handheld Devices: An Overview and Implementation
  • PDA Forensic Tools: An Overview and Analysis
  • Cell Phone Forensic Tools: An Overview and Analysis
  • Guidelines on PDA Forensics
  • Guide to Computer and Network Data Analysis: Applying Forensic Techniques to Incident Response
  • Article I - Preliminary Matters
  • Article X - Reimbursement and Return of Property
  • Article XI - Using Evidence
  • Article II - Challenges and Sanctions
  • Article III- Preserving Evidence
  • Article IV - Obtaining Evidence: Interception & Surveillance
  • Article V - Undercover Operations and Informants
  • Article VI - Obtaining Evidence: Production Orders
  • Article VII - Obtaining Evidence: Search and Seizure
  • Article VIII - Post-Collection Procedures
  • Article IX - Processing and Analyzing Evidence
  • A strategy for testing hardware write block devices
  • Forensic feature extraction and cross-drive analysis
  • md5bloom: Forensic filesystem hashing revisited
  • Identifying almost identical files using context triggered piecewise hashing
  • A correlation method for establishing provenance of timestamps in digital evidence
  • An empirical study of automatic event reconstruction systems
  • Self-reported computer criminal behavior: A psychological analysis
  • Categories of digital investigation analysis techniques based on the computer history model
  • Searching for processes and threads in Microsoft Windows memory dumps
  • A survey of forensic characterization methods for physical devices
  • FORZA – Digital forensics investigation framework that incorporate legal issues
  • A cyber forensics ontology: Creating a new approach to studying cyber forensics
  • Arriving at an anti-forensics consensus: Examining how to define and control the anti-forensics problem
  • XIRAF – XML-based indexing and querying for digital forensics
  • Selective and intelligent imaging using digital evidence bags
  • Detecting false captioning using common-sense reasoning
  • Digital Forensics Tool Testing Images (DFTT) - Introduction
  • Digital Forensics Tool Testing Images (DFTT) - Extended DOS Partition Test
  • Digital Forensics Tool Testing Images (DFTT) - NTFS Autodetect Test #1
  • Digital Forensics Tool Testing Images (DFTT) - Basic Data Carving Test #1
  • Digital Forensics Tool Testing Images (DFTT) - Basic Data Carving Test #2
  • Digital Forensics Tool Testing Images (DFTT) - FAT Keyword Search
  • Digital Forensics Tool Testing Images (DFTT) - NTFS Keyword Search #1
  • Digital Forensics Tool Testing Images (DFTT) - EXT3FS Keyword Search #1
  • Digital Forensics Tool Testing Images (DFTT) - FAT Daylight Savings Test
  • Digital Forensics Tool Testing Images (DFTT) - FAT Undelete Test #1
  • Digital Forensics Tool Testing Images (DFTT) - NTFS Undelete (and leap year) Test #1
  • Digital Forensics Tool Testing Images (DFTT) - JPEG Search Test #1
  • Digital Forensics Tool Testing Images (DFTT) - FAT Volume Label Test #1
  • Domain Name Forensics: A Systematic Approach to Investigating an Internet Presence
  • Forensic acquisition and analysis of magnetic tapes
  • Generalizing sources of live network evidence
  • Digital Forensics using Linux and Open Source Tools
  • Improving evidence acquisition from live network sources
  • The Role of Digital Forensics within a Corporate Organization
  • Anti-Forensics Degaussers
  • Ibas Computer Forensics: A White Paper
  • Internet and judicial investigation: difficulties in judicial practice
  • Analysis: The Forensics of Internet Security
  • Design of a Digital Forensics Image Mining System
  • Unleash the Cyberhounds!
  • Ipod Forensics: Forensically Sound Examination of an Apple Ipod
  • Development of a zero skills forensic laptop registration and identification tool
  • Digital Forensics: Exploring Validation, Verification & Certification
  • Disabling Wireless Networks for Law Enforcement
  • Forensic Analysis for Unix-Based Operating Systems
  • Forensic Analysis of Mobile Phones
  • Hidden or Hiding: Mac OS X’s Forensic Assets and Liabilities
  • Online evidence gathering and the Evidence Bin
  • System Documentation - The "RegistryExtractor"
  • Software Engineering Project (Honours): ZSAT
  • Towards a validation framework for forensic tools in Australia
  • ZSAP (Zero Skill Analysis Program)
  • Computer Forensics: How to be a Cybercrime Detective
  • Computer Forensics
  • Network Forensics Evasion: How to Exit the Matrix
  • Computer Forensics: The Key to Solving the Crime
  • Cybercrime: The Internet as a Crime Scene
  • Intrusion Detection and Incident Response
  • Investigative Responses (Email Tracing)
  • Digital Evidence Collection and Handling
  • Forensic Duplication and Analysis Using Encase
  • Computer Forensics Course Syllabus
  • The File Extension Source (FILEXT)
  • An Improved Protocol for the Examination of Rogue WWW Sites
  • Silicon Pathology?
  • Spam & Chips - A Discussion of Internet Crime
  • An introduction to Windows memory forensic
  • Digital forensics of the physical memory
  • Physical Memory Forensics
  • Forensic Implications of Biometric Devices and future identification management systems
  • Forensic Computing Theory & Practice: Towards Developing a Methodology for a Standardised Approach to Computer Misuse
  • The Federal Court, the Music Industry and the Universities: Lessons for Forensic Computing Specialists
  • Risks and Solutions to problems arising from illegal or Inappropriate Online Behaviours: Two Core Debates within Forensic Computing.
  • Intrusion Detection: Forensic Computing Insights arising from a Case Study on SNORT
  • Computer Incident Investigations: e-forensic Insights on Evidence Acquisition
  • Bridging the Divide:Rising Awareness of Forensic Issues amongst Systems Administrators
  • Forensic Computing: Developing a Conceptual Approach in the Era of Information Warfare
  • Bridging the Divide: Rising Awareness of Forensic Issues amongst Systems Administrators
  • Forensic Computing: Developing a Conceptual Approach for an Emerging Academic Discipline
  • E-mail and WWW browsers: A Forensic Computing Perspective on the Need for Improved User Education for Information Systems Security Management
  • Recovering Unrecoverable Data
  • Forensic Disk Imaging Using Linux
  • Linux Computer Forensics: Forensic Disk Imaging
  • Computer Forensic Investigation for XYZ Company
  • Computer Forensic Investigation Standard Operating Plan
  • System Baselining - A Forensic Perspective
  • Basic Media Analysis & The Sleuth Kit / Autopsy
  • Computer Forensics in Litigation
  • Introduction to Computer Forensics
  • Starting your own Computer Forensics Company
  • Downloads - Forms and Checklists
  • Computer Forensic Resources
  • Chapter 6 - Modes of Data Insertion and Acquistion
  • Software Write Block - Testing Support Tools Validation
  • Testing BIOS Interrupt 0x13 Based Software Write Blockers
  • Forensic Checklist
  • Digital Warrants
  • Encase Decryption System
  • Mac Acquisition using Target Disk Mode
  • Computer Forensics Analysis
  • Computer Forensics Analysis
  • Electronic Forensics
  • Ultimate Guide to Mac OS Forensics
  • On the Role of File System Metadata in Digital Forensics
  • Providing Process Origin Information to Aid in Network Traceback
  • Computer Forensics
  • Incident Response & Evidence Management
  • Software Forensics: Can We Track Code to its Authors?
  • Honeypots: Monitoring and Forensics
  • Computer Forensics: What is Metadata, Why is it Significant, and How do you Deal with it?
  • Forensic Logging in Apache v1.3.30 and later (Module mod_log_forensic.c)
  • The Global Enterprise - Forensic Audits Across the Large Scale Network
  • Computer Forensics Primer
  • Best Methods for Forensic Investigators when Encountering Windows Encrypted Content
  • Antiforensics: Trends and Emerging Technology
  • Intro to Computer Forensic Tools
  • Recognizing the Importance of Network Enabled Computer Forensics
  • Covert Channels: A Never Ending Challenge for Forensic Examiners
  • Starting a Computer Forensic Lab
  • A Brief Intro to End-to-End Digital Investigation
  • Virtual Digital Evidence Lab: A Distributed Forensic Resource Network
  • Linux/UNIX Security Response Cookbook
  • IT Forensics: the collection of and presentation of digital evidence
  • An Investigation into Computer Forensic Tools
  • Investigation Into Computer Forensic Tools
  • Child Abuse, Child Pornography and the Internet
  • System Administration and Network Security Course
  • Computer Forensics Analysis
  • Summer Workshop 2002 on Network Security
  • Day 3 : Computer Forensics I (On-line inspection)
  • Day 4 : Computer Forensics II (Off-line inspection)
  • Digital Forensics Research in the United States
  • Academic Search and Seizure: An Update
  • Computer Forensics Search and Seizure: Challenges in the Academe -An Update
  • Computer Forensics in the Academic Environment
  • Cybercop
  • Cracking the Cracking
  • Learning by Doing - Do's and Dont's of Building a Forensics Workstation
  • Learning by Doing
  • Cybercrime: Supporting Cyber Sleuths
  • Digital Forensics: Crime Seen
  • Digital Forensics: Storage Media Primer
  • Auditing and Event Correlation
  • Unix Tools Track Hackers
  • Auditing Cyber Crime
  • Computer Crime and Forensics
  • WACIRC - Law Enforcement Guidelines for Reporting and Responding to Computer Crimes
  • To Catch a Thief: Computer Forensics in the Classroom
  • Information Systems Forensics: A Practitioner's Approach
  • The types of computer crimes in Hong Kong and the difficulties in prosecuting such crimes
  • Cyber-Investigation on Cyber-Crime
  • Digital Evidence Standards
  • Automated Reassembly of Fragmented Images
  • ForNet: A Distributed Forensics Network
  • The Digital Crime Scene: A Software Prospective
  • Cybercrime in New Network Ecosystem: Vulnerabilities and New Forensic Capabilities
  • "Transborder Search" A new perspective in law enforcement?
  • Computer Forensics in Virginia
  • Computer Forensic Science: A Methodology
  • Forensic Analysis of Digital Evidence from Palm Personal Digital Assistants
  • Computer Forensics and the Law of Evidence (Hong Kong)
  • Anti-Forensics
  • Introduction to Digital Forensics Procedure, Tools, and Techniques
  • Computing forensics: a live analysis
  • Why Recovering a Deleted Ext3 File Is Difficult . . .
  • Through the Looking Glass: Finding Evidence of Your Cracker
  • A Graphic Picture of Crime
  • Malware Forensics by Automatic Experiments
  • Collecting and Preserving Evidence after a System Compromise
  • Unix Security 101 - Forensic Examples
  • A System for Collection, Storage, and Analysis of Multi-platform Computer System Data
  • Unix Security: Diagnostics and Forensics
  • Hands-On Honeypot Technology - Analysis & Forensics
  • Project PFC - Personal Filing Cabinet Converter
  • A Guide to Investigation and Prosecuting cases involving Hacking and the Computer Underground
  • SMART Anti-Forensics
  • Digital "Evidence" May Not Be "Evidence" At All
  • The Windows XP [DOS] Startup Disk - An Example in Basic Forensics / Data Recovery
  • The Windows XP Startup Disk [An Example in Basic Forensics / Data Recovery]
  • Commonly Overlooked Audit Trails on Intrusions
  • Finding and Analyzing Trojans under Unix
  • Corporate Forensics Toolkit
  • Computer & Network Forensics; Best Practices and Lessons Learned
  • Wireless Network Security and Forensic Analysis
  • Computer Forensics for a Computer-based Assessment: The Preparation Phase
  • Forensics and Privacy-enhancing Technologies - Logging and Collecting Evidence in Flocks
  • Towards Hippocratic Log Files
  • Dialing for Evidence
  • Digital evidence obfuscation: recovery techniques
  • Law Enforcement and Digital Evidence
  • Computer Forensics Procedures and Methods
  • Recovering Digital Evidence from Linux Systems
  • IOCE
  • Computer Forensics in the Inspector General Environment
  • IOCE vs. G-8 Principles
  • A Brief History of Computer Forensics
  • Guidelines and Recommendations for Training in Digital & Multimedia Evidence
  • Proficiency Test Program Guidelines
  • Recommended Guidelines for Developing Standard Operating Procedures [for Digital Forensic Examinations]
  • Recommended Guidelines for Validation Testing
  • SWGDE and SWGIT Glossary of Terms
  • Best Practices for Computer Forensics
  • Data Archiving
  • Data Integrity Within Computer Forensics
  • Data Evidence Findings
  • Identifying the Owner of a Website
  • Digital Discovery with Linux Bootable CDs
  • Craiger's Cyberforensic Commandline Cheatsheet (C4)
  • Explanation of an IP Address Tracing
  • IP Addresses and You
  • Digital Sleuthing Uncovers Hacking Costs
  • Computers hinder paper shredders
  • Report on the Investigation into Improper Access to the Senate Judiciary Committee's Computer System
  • Preserve and Protect
  • Using Linux VMware and SMART to Create a Virtual Computer to Recreate a Suspect's Computer
  • Seizing and Searching Computers and Computer Data
  • A Graphical Representation of File Statistics for Computer Forensics
  • Methods for evidencing illicit use of a computer system or device
  • Forensic Computing: An Introduction to the Principles and the Practical applications
  • The DFRWS Framework Classes
  • Conducting an Incident Post Mortem
  • Digital Forensics - A Primer
  • DIPL: The Digital Investigation Process Language
  • Ensuring the Reliability and Admissibility of Digital Evidence
  • FARES: Forensic Analysis of Risks in Enterprise Systems
  • Intro to End-to-End Digital Investigation
  • A New Approaches to Complex Digital Investigations
  • Detecting Local Filesystem Changes with Perl
  • Ilook Investigator
  • Destroying Data ... is it possible
  • Ext2fs and forensics
  • Using ATA commands on hard disks ... why bother?
  • Knowledge discovery and experience modeling in computer forensics media analysis
  • Digital Forensics Laboratory Projects
  • Computer Forensics: A Critical Need for Computer Science Programs
  • Computer Forensics Laboratory and Tools
  • NGN Network Security Forensics and the Data Retention Directive
  • An Introduction to Computer Forensics: Gathering Evidence in a Computing Environment
  • Encountering Encrypted Evidence (potential)
  • Forensic Discovery
  • Computer Forensics
  • Hooking IO Calls for Multi-Format Image Support (using PyFlag)
  • Hooking IO Calls for Multi-Format Image Support
  • Keyword Searching and Indexing of Forensic Images (using PyFlag)
  • Keyword Searching and Indexing of Forensic Images
  • RAID Reassembly - A forensic Challenge (using PyFlag)
  • Disk Forensics (using PyFlag)
  • Log Analysis (using PyFlag)
  • Forensic and Log Analysis GUI
  • Forensic and Log Analysis GUI Tutorial
  • RAID Reconstruction - And the search for the Aardvark
  • "e-Evidence Standard": Proving the integrity, reliability, and trust on electronic records
  • Guidelines for the Handling and Seizure of Digital Evidence
  • Computer-Forensic Privacy Tools: A Forensic Evaluation
  • Counter-Forensic Privacy Tools - A Forensic Evaluation
  • Criminal Computer Intrusion Unit
  • Tools for Discovering Credit Card and Social Security Numbers in Computer File Systems
  • Computer Forensics Search & Seizure: Challenges in Academe
  • Windows Media Imaging
  • The Technology of CSI and Computer Forensics
  • Designing and Implementing a Computer Forensics Curriculum and Exercises
  • Retrieval of Video Evidence and Production of Working Copies from Digital CCTV Systems
  • Secure Deletion and the Effectiveness of Evidence Elimination Software
  • After Conversation - An Forensic ICQ Logfile Extraction Tool
  • Googling Forensics
  • An investigation into the efficiency of forensic erasure tools for hard disk mechanisms
  • The effectiveness of commercial erasure programs on BitTorrent activity
  • An Analysis of the Integrity of Palm Images Acquired with PDD
  • Towards Identifying Criteria for the Evidential Weight of System Event Logs
  • Tracing E-mail Headers
  • An Analysis of the Integrity of Palm Images acquired with PDD
  • Electronic Crime - its not only the big end of town that should be worried
  • To Revisit: What is Forensic Computing?
  • A Preliminary Examination of Tool Markings on Flash Memory Cards
  • Digital Evidence Integrated Management System
  • Generalising Event Forensics Across Multiple Domains
  • Throwing out the Enterprise with the Hard Disk
  • ECF - Event Correlation for Forensics
  • Testing the Date Maintenance of the File Allocation Table File System
  • Computer Forensics in the Global Enterprise
  • Forensic tools (Group Test)
  • Chapter 10:
  • Chapter 2:
  • UNIX Computer Forensics
  • Intro to forensics: Using the last command to track down changes
  • Practice effective security log analysis
  • Part 2 - Make the most of your security log data
  • Investigating an Attempted Intrusion
  • Automated Analysis for Digital Forensic Science
  • Computer Based Forensics - A Case Study - U.S. Support to the U.N.
  • Data Forensics: "Analyzing the Tracks of an Intruder" or "Analyzing Administrative Responses to Log Anomolies"
  • Automated Analysis for Computer Forensics
  • Windows NT/2000 Event Log Management and Intrusion Detection
  • Dissecting Distributed Malware Networks
  • Working with Law Enforcement to Abate Cybercrime
  • Disk Cloning
  • FIRE: Forensic & Incident Response Environment
  • Computer Forensics 101
  • Computer Forensics 101
  • Computer Forensics 101
  • Computer Forensics 101
  • An Introduction to Knoppix-STD: Forensic Analysis of a Compromised Linux Harddrive
  • Introduction to Knoppix-STD: Forensic Analysis of a Compromised Linux Harddrive
  • Analysing E-mail Text Authorship for Forensic Purposes
  • Salon On Computer Forensics
  • Bootable Linux Demo Distro - Knoppix
  • Linux and Forensic Discovery
  • Computers Forensics
  • Web Application Forensics
  • Internet Ballistics: Retrieving Forensic Data From Network Scans (Poster)
  • Digital Evidence
  • Dave Dittrich's Computer Forensics Links
  • Hack and Counter-Hack - Active Forensics: Tracking that Intruder
  • Data Recovery
  • Reporting probes/intrusion attempts from an IP address
  • Responding to a security incident on a Unix workstation
  • Basic Steps in Forensic Analysis of Unix Systems
  • Intruder Discovery / Tracking and Compromise Analysis
  • Incident Response Procedures
  • Forensic Analysis of Microsoft Internet Explorer Cookie Files
  • Forensic Analysis of Microsoft Windows Recycle Bin Records
  • Evidence
  • Network Forensic Traffic Reconstruction with Tcpxtract
  • Track down lost data with the EnCase computer forensics tool
  • Begin a forensics investigation with WinHex
  • Computer Forensics - The Legal Side of Incident Response
  • How To Permanently Erase Data from a Hard Disk
  • Compliance and Computer Forensics
  • Unix Forensics
  • Forensic Analysis of Microsoft Internet Explorer Cookie Files
  • Forensic Analysis of Internet Explorer Activity Files
  • Forensic Analysis of Microsoft Windows Recycle Bin Records
  • Guidelines for the Management of IT Evidence
  • Security Forensic on E-commerce
  • Computer Forensics - The FAQs, the Do’s and the Don’ts
  • Incident Response - Preparedness is Essential in Today’s Computing Environment
  • IP Tracing - A Primer in Tracing IP and Email Addresses
  • Forensic Acquisition Utilities
  • Forensic Analysis of File System Intrusions using Improved Backtracking
  • Byteprints: A Tool to Gather Digital Evidence
  • Low-Intrusive Consistent Disk Checkpointing: A Tool for Digital Forensics
  • Algorithms to Enable Forensic Analysis of Computer and Network Intrusions
  • Virtual Training Environment (VTE)
  • CSI For The Home PC
  • Forensic Examination
  • EnCase Test and Tutorial
  • Tutorial - Forensics for Windows XP Clients
  • Laptop Hard disk removal page
  • A bit of help if you've just been broken into
  • A bit of help recovering a deleted file under Unix
  • Chapter 6
  • The Reality of Computer Forensics
  • Forensic Analysis using FreeBSD - Part 1
  • Forensic Analysis of a Compaq RAID-1 Array and Using dd with EnCase v3
  • Ghosts in the Machine
  • Technology Report: Forensic Security Tools
  • Design and Development of a Distance Education Paradigm for Training Computer Forensic Examiners
  • ENCASE - A forensic computing utility that does it all
  • Drive Translation (and second article AOL ART Files)
  • Cyber detectives: Collecting evidence for web crimes
  • Tracking Hackers with Cyber Forensics
  • An Investigator’s Guide to File System Internals
  • Standardization of Computer Forensic Protocols and Procedures
  • Memory Imaging and Forensic Analysis of Palm OS Devices
  • The Role of Computer Forensics in the Investigation of Network Intrusion Activity
  • Incident and Wiretap of a Real Case
  • Unix Forensic Techniques for Incident Response
  • Computer Discovery and Risk Control: What’s Lurking on Your Computer System?
  • Working with Police
  • Computer Forensics: Evidence Handling & Management
  • http://web.archive.org/web/20030530124911/http://www.rootshell.be/~anuradha/scrolls/forensics.txt
  • Chapter 11
  • Forensic Techniques for Investigating Network Traffic
  • Computer Crimes and Digital Evidence
  • FBI Cyber Crime Program Philadelphia Division
  • Fight Crime and Improve Security with Data Mining
  • Incident Handling II
  • Incident Handling I
  • Chapter 1
  • Defending Cyber-Crime
  • Carvdawg's Perl Page
  • Forensic Readiness (Whitepaper)
  • Hidden Date & Times - Forensic Analysis & Daylight Saving / Time Zone Pitfalls
  • Independent Review of Common Computer Forensics Imaging Tools
  • Digital Evidence in Internet Time
  • Digital Evidence in Internet Time
  • Cybercrime – Challenges to Enforcement of IPR
  • The Future of Forensic Computing
  • Incident Response: A Primer on Prepartation and Resolution
  • Building a Jump Kit
  • Investigation of Cybercrime and Technology-related Crime
  • Cyber Crime and the Courts - Investigation and Supervising the Information Age Offender
  • Network Forensics
  • Windows Live Incident Response Volatile Data Collection: Non-Disruptive User & System Memory Forensic Acquisition
  • Is your data ready for its day in court?
  • Evidence Discovery in a Digital World
  • Evidentiary Considerations for Collecting and Examining Hard-Drive Media
  • Cyber Crime: Labs and Investigations
  • Forensic Computer and Cybercrime Investigations
  • Network Forensics - Hacker, You cannot Escape!
  • The Managers Role: Incident Response, Electronic Evidence and Forensics
  • Network Forensics and Auditing
  • Forensic Computing within the Crime and Misconduct Commission
  • Incident Response Planning and Forensic Readiness
  • Building a Linux-Based Computer Forensics Lab
  • Managing your Evidence Problems associated with proper collection procedures
  • Find the Email Header
  • Internet Investigations - Finding the Suspect
  • An Attorney’s Brief Guide to Dating (Computer File Dating That Is)
  • Forensic Readiness - CanSecWest Conference
  • Error, Uncertainty, and Loss in Digital Evidence
  • NTFS compression white paper
  • RCFL National Program
  • Evidence Collection and Data Seizure
  • High Tech Forensics
  • Honeypot forensics
  • Recent Advances in Computer Forensics
  • Electronic Evidence in Criminal Defense
  • Computer Forensics
  • Forensic Vulnerability Discovery And Analysis
  • Honeytraps As A Forensic Tools
  • The Economics of Digital Forensics
  • GMU2005 presentations
  • Computer and Network Forensics as an Integral Component of the Information Security Enterprise
  • Forensics and Active Protection
  • Honeytraps, a Network Forensic Tool
  • Honeytraps as Forensic Tools
  • Computer and Network Forensics (CNF) Project Homepage
  • Handling Crime in the 21st century
  • Network Support For IP Traceback
  • Introduction to Computer Forensics
  • Digital Evidence & Computer Forensics
  • Computer Forensics – An Introduction
  • Computer Crime Manual (excerpt)
  • FATKit: Detecting Malicious Library Injection and Upping the “Anti”
  • Trojan Defence: A Forensic View (Part 1)
  • Trojan Defence: A Forensic View (Part 2)
  • Phishing and Federal Law Enforcement
  • Digital Data in the Enterprise: Do You Have it Under Control?
  • Resurrecting the Smoking Gun: How to Find and Recover Evidence
  • How to Conduct On-Premises Discovery of Computer Records
  • How to Conduct On-Premises Discovery of Computer Records
  • Registry Quick Find Chart
  • AccessData Certified Examiner Study Guide
  • Forensic Computer Investigation Brings Notorious Serial Killer BTK to Justice
  • eDanger.com
  • Cyber-Criminals and Data Sanitization: A Role for Forensic Accountants
  • Computer Searches
  • The Discipline of Internet Forensics
  • Mining E-mail Content for Author Identification Forensics
  • Backtracking Intrusions
  • Network Forensics
  • Good Practice Guide For Computer based Electronic Evidence
  • Evaluating the Capacity to Respond to E-Crime
  • Seizing Computers and other Electronic Evidence Best Practice Guide
  • MD5 collisions and the impact on computer forensics
  • Orphans in the NTFS World
  • Thumbs DB Files Forensic Issues
  • Automated Analysis for Digital Forensic Science: Semantic Integrity Checking
  • Automatic Reassembly of Document Fragments via Context Based Statistical Methods
  • Gender-Preferential Text Mining of E-mail Discourse
  • Automated Analysis for Digital Forensic Science: Semantic Integrity Checking
  • Automated Reassembly of Document Fragments via Context Based Statistical Models
  • Building Evidence Graphs for Network Forensics Analysis
  • Can You Survive a Cybercrime?
  • AFF: The Advanced Forensic Format
  • AFIRM
  • Forensic Analysis of a Compromised Mac OS X (Client) Machine
  • Review of Digital Intelligence Firefly and Ultrablock products
  • Linux Forensics Weekly
  • Developing a Framework for Evaluating Computer Forensic Tools
  • High Tech Crime Briefs
  • Investigative Skills for the 1990s and Beyond
  • What is Forensic Computing?
  • A Typology of Online Child Pornography Offending
  • Impediments to the successful investigation of transnational high tech crime
  • Criminal forfeiture and restriction-of-use orders in sentencing high tech offenders
  • Data Forensics:. A Case for Routine Implementation
  • Introduction to Cyber Forensics: Forensics Incident Response
  • Deleted files can be recovered
  • Cybersleuthing: A Guide to the Essentials of Computer Discovery
  • Report on Defendant-Name vs. State-Name
  • Challenges to Digital Forensic Evidence
  • Forensics: Data Trails and Detection
  • The Byte Stops Here: Duty and Liability for Negligent Internet Security
  • Microsoft Word MetaData Forensics Tutorial
  • Technological Aspects of Internet Crime Prevention
  • Digital Forensics
  • Guidelines for the Management of IT Evidence
  • How Effective Cooperation with Law Enforcement Authorities Can Promote Computer Security
  • Computer Forensics as a Tool for Criminal Investigation
  • Computer Forensics - The Need for Diverse Tools
  • Wireless Intrusion Investigation
  • Chapter 11: Honeypot Data Analysis
  • Real-time Forensic Evidence Collection
  • Forensic Readiness
  • Setting up a Cyber Crime Investigation Cell & Cyber Forensics Laboratory
  • Recovery of Digital Evidence
  • Tracing the Source of an Email
  • Expert Witness Compression Format Specification
  • Computer Forensics – Hiding in Plain Sight
  • An Exploration of Future Anti-Forensic Techniques
  • Stand-alone PC Examination Basic Forensic Guidelines
  • Not Just a Game Anymore
  • Collection and Control of Electronic Evidence
  • Surplus Disk Drive Vulnerability – Information leakage
  • Australian Computer Crime and Security Survey
  • Collecting Electronic Evidence After a System Compromise
  • Evidence on the Internet
  • AGEC Issues Paper: Evidence and the Internet
  • E-Mail Discovery in Civil Litigation: Worst Case Scenarios vs. Best Practices
  • Anti Forensics
  • Linux Forensics
  • PC-Based Partitions
  • Case Studies
  • Chapter 1: Windows Live Response
  • Meeting the Challenge: E-Mail in Civil Discovery
  • Shadowcrew: Web Mobs
  • A Crash Course in Digital Forensics
  • Client-side Exploits: Forensic Analysis of a Compromised Laptop
  • Forensics
  • Fighting Online Software Piracy
  • Safe-KIDS - Known Image Database System
  • Combating Online Software Piracy in an Era of Peer-to-Peer File Sharing
  • Fighting Online Software Piracy—What Works in 2005
  • Data Forensics: In Search of the Smoking Gun
  • BCS Comments on Proposals for Registration of Digital Evidence Specialists
  • The electronic autopsy - digital forensics Part 1
  • Looking for foul play - digital forensics Part 2
  • Wading in Alternate Data Streams
  • What Does a Disk Wiper Wipe when a Disk Wiper Does Wipe Disks?
  • Additional Information
  • Basic Considerations in Investigating Computer Crime, Executing Computer Search Warrants and Seizing High Technology Equipment
  • Computer-Mediated Communications and Criminal Evidence
  • Operation CyberSweep
  • Operation Websnare
  • Computer Forensics Reveals a Whole New Universe of Discoverable Information
  • Intrusion Detection and Network Forensics
  • Computer Forensics - Tracking the Cyber Vandals
  • Computer Forensics: Tracking the Cyber Vandals
  • Forensic Tools and Processes for Windows XP Clients
  • Computer Forensics
  • Digital Information, User Tokens, Privacy and Forensics Investigations: The Case of Windows XP Platform
  • New Directions in Disk Forensics
  • FragFS: An Advanced Data Hiding Technique
  • The Need For Forensic Capabilities In The Commercial Sector
  • Solving Network Mysteries
  • Computer Forensics: A Critical Process in Your Incident Response Plan
  • Cisco Router Forensics
  • Cisco Router Forensics Checklist
  • Security Event Correlation – Security's Holy Grail?
  • The Need for an 802.11b Toolkit
  • Scene of the Cybercrime: Assisting Law Enforcement in Tracking Down and Prosecuting Cybercriminals
  • Forensic Dead-Ends: Tracing Anonymous Remailer Abusers
  • Forensic Dead-Ends: Tracing Users Through Anonymous Remailers
  • WebMail Forensics
  • Forensics with Linux 101 - or - How to do Forensics for Free
  • Nobody’s Anonymous — Tracking Spam and Covert Channels
  • The Evolution of Incident Response
  • Catch Me If You Can: Exploiting Encase, Microsoft, Computer Associates, and the rest of the bunch...
  • Performing Effective Incident Response
  • Finding Gold in the Browser Cache
  • You Are What You Type: Non-Classical Computer Forensics
  • Web Application Incident Response & Forensics: A Whole New Ball Game!
  • Intrusion Auditing with NTLast
  • A Brief Introduction to Cyber Forensic Analysis
  • Investigating Internet Security Incidents: A Brief Introduction to Cyber Forensic Analysis
  • Computer Forensics: The Investigator's Perspective
  • Forensic Tools and Processes for Windows XP
  • Without a Trace: Forensic Secrets on a Windows Server
  • Data Hiding on a Live System
  • Nobody's Anonymous - Tracking Spam
  • Windows Forensics: Have I been Hacked?
  • Evidence With A Byte
  • Forensic Investigation Case Studies and Results
  • The Essentials of Computer Discovery
  • Searchtools, Indexed searching in forensic images
  • Computer Forensics - Digging with the Digital Shovel
  • Forensic Computer Examinations for Small to Medium Size Businesses
  • Computer Forensics - Digging with a Digital Shovel
  • IP & Cybercrime
  • Analysing Privacy-Invasive Software Using Computer Forensic Methods
  • Forensics in Fifteen
  • Practical Windows Forensics
  • Architectural Innovations for Enterprise Forensics
  • Remote physical device fingerprinting
  • The Necessity for Computer Forensics
  • Router Forensics - DDOS/Worms Update
  • CyberCrime
  • Search and Seizure of Canadian Computer Environments
  • Honeypot Forensics - No stone unturned or: logs, what logs?
  • Hidden Data in Internet Published Documents
  • Chapter 3
  • Tracing Activity on a Windows-Based Laptop