|
Return to Main
Menu
Audit - Detect
Network Intrusions
Anonymity &
Privacy
ATM - Asynchronous
Transfer
Biometrics
Business
Continuity Planning
Cellular
Communications
Computer Crime
& Investigations
Computer Hardware
Tutorial
Corporate
Violence in Workplace
Crypto &
Encryption - Part I
Crypto &
Encryption - Part II
Crypto &
Encryption - Part III
Disaster Recovery
Planning
Downloads - -
Public Domain
Downloads - Packet
Storm
Downloads - Hacker
Domain
Employment and Job
Opportunities
Ethics Law and
Security Policy
Firewalls
Frame Relay
Tutorials
FreeBSD -
Berkeley Unix Clone
FreeBSD -
OnlineBooks to Read
General Security
Related Links
Hacking - How its
done Guides
Hacked Web
Sites
Information
Warfare
Internet
Telephony & Protocols
Intrusion
Detection Library
Investigations and
Courtrooms
Java Security
Resources
Jobs &
Employment Opportunities
Legal Resources -
Legal Basics
Linux Resources -
Basics
Linux Resources -
Online Books
Mailing List -
For Newsletters
Magazine
Articles - SEARCHER
Magazine Store -
CheapPrices
Military &
Govt Security Docs
Networking -
Internet Protocols
Novell Networking
Security
Online Courses
-Boost Your Skills
Pager Hardware
Reprogramming
Penetration
Testing -Intrusions
Physical and
Facility Security
Privacy &
Anonymity on the Net
Programming
Tutorials
Protocols -
Networking - Internet
Resume and
Interview Resources
Security Magazines
Online
Security Reference
Library I
Security Reference
Library II
Security Policy
Library
Security
Standards & Guidelines
Smart
Cards
Telecommunication
& Internet
Telecommunications
Tutorials
Threat Risk
Assessments
Unix Security
Resources
Unix Security
Online Books
VPN's - Virtual
Private Networks
Virus Worms
Trojans Hoaxs
Voice / IP
Protocols and Standards
WIN NT Assorted
Files
WIN
NT Security Files
WIN 2000 Operating
System
Workplace
Violence
Y2K Year 2000
Information
|
Computer Forensics - Network
Forensics - Tutorials,
Guides, Articles, FAQs & Reviews
Definition of: computer
forensics
The investigation of a computer system
believed to be involved in cybercrime. Forensic software provides a
variety of tools for investigating a suspect PC. Such programs may include
a function that copies the entire hard drive to another system for
inspection, allowing the original to remain unaltered.
Another
utility compares file extensions to the data content in order to determine
if files have been camouflaged with phony file extensions. For example, an
image file might be renamed as a text document and vice
versa.
Network Forensics
In order to
identify attacks, "network forensics" deals with the capture and
inspection of packets passing through a selected node in the network.
Packets can be inspected on the fly or stored on disk for later analysis.
See forensically
clean, slack
space, write
blocker, file
wipe, IDS
and security
event management software.
NIST
Phases
The National Institute of Standards and
Technology "Guide to Integrating Forensic Techniques into Incident
Responses" covers four phases, which are briefly summarized below. For the
complete 121-page NIST publication, download draft SP 800-86 at
http://csrc.nist.gov/publications/nistpubs.
1 - Collection:
Identify, label, record and acquire data from possible sources, while
preserving the integrity of the data.
2 - Examination: Use manual
and automated methods to assess and extract data of particular interest,
while preserving the integrity of the data.
3 - Analysis: Use
legally justifiable methods and techniques to derive useful
information.
4 - Reporting: Describe actions used, explain how
tools and procedures were selected, determine what other actions need to
be performed, including forensic examination of additional data sources,
securing identified vulnerabilities and improving existing security
controls. Recommend improvements to policies, guidelines, procedures,
tools and other aspects of the forensic process.
FORENSIC ARTICLES, PAPERS and
PRESENTATIONS - The Big List....
Intro to Linux
for Data Forensics version 2.0.5
Accessing the
System BIOS on Various Computers
EnCase Base64
Processing
Using EnCase to
Decode DBB Record Field Values
Viewing the Kazaa
DBB File in EnCase
Understanding
index.dat Files Part 1
Understanding
index.dat Files Part 2
Viewing
the Kazaa DBB File in EnCase - Meaning of the "Last Shared Date/Time"
Log Parser
(Microsoft)
Searching
for Outlook Compressible Encryption (PST Data) in the Unallocated
Clusters
Restore
Point Forensics
Registry
Processing: Determining What Files/Folders are Shared
Time Change Captured in
Event Log - Event 577
UNIX
Time Stamp ID and Hotmail
Using Local
Loopback and Kazaa Port to View Kazaa Shared Files in Browser
Electronic Evidence and
Computer Forensics
Computer
Forensics and Electronic Evidence--Reconstructing What Happened
Preparing
to be an Expert Witness
Filesystem
and network acquisition and analysis tools
Network
forensics in a post GE world
FCCU
GNU/Linux Forensic Boot CD
Computer Under
the Microscope Images
The Computer
Under the Microscope Images
Extracting
Email IDs from IM Clients
Information
Technology Security Part 6 Investigation and Forensics I
Seizing a Computer
System for Digital Forensic Systems Examination
Time Stamps and
Timing in Audit-Based Digital Forensic Systems Examination
Semantic
Forensics: An Application of Ontological Semantics to Information
Assurance
Using
Digital Forensics to Maintain the Integrity of our Nation’s Critical
Infrastructure
A Day of Cyber
Investigation
Firms
increasingly call on cyberforensics teams
Metadata,
The Mac, and You
Computer
forensics tips help you monitor investigations
Securing Electronic Evidence
the Right Way
Data Loss
Causes
Why Conduct Computer
Forensics Examinations?
Guidelines
For Data Gathering And Forensics?
What
is the Scope of Computer Forensics?
Internal
Computer Investigations as a Critical Control Activity
Forensic
Analysis Without an IDS: A Detailed Account of Blind Incident Response
Data
Hiding Tactics for Windows and Unix File Systems
Finding
Digital Evidence in Physical Memory
WebMail
Forensics
Chapter
1 - Digital Evidence and Computer Crime
Chapter
16 - Digital Evidence on Physical and Data-Link Layers
Refining the
Taxonomy of Forensic Computing in the Era of E-crime: Insights from a
Survey of Australian Forensic Computing Investigation (FCI) Teams
Electronic
Evidence and Computer Forensics
Computer
Forensics in the Campus Environment
General
Guidelines for Seizing Computers and Digital Evidence
Computer
Forensics: Forensic Data Diving Using the Linux Operating System
Forensic
Data Diving Using the Linux OS
Network
Intrusion and Attack Signatures
Computer
Forensics
Evidence
gathering tools
Evidence
investigation tools
Supportive
tools
Digital
Evidence Collection Worksheet
U.S.
Department of Energy Cyber Incident Response Handbook
Cyber
Security Incident Response/Forensic Awareness for Managers
Cyber
Security Incident Response/Forensic Awareness for System
Administrators
Cyber
Security Incident Response/Forensic Awareness for Users
DOE
Cyber Forensics Laboratory: Program Briefing
An
Analysis of Disk Carving Techniques
An
Analysis of Linux RAM Forensics
Computer
Forensics in the Classroom
Automating
Case Reports for the Analysis of Digital Evidence
ForNet: A
Distributed Forensics Network
Forensic
Computing
Throwing out the
Enterprise with the Hard Disk
Sharing Network Logs
for Computer Forensics: A New Tool for the Anonymization of NetFlow
Records
Put
A Trace On It: A Command You Can "truss"
TKS1 - An
anti-forensic, two level, and iterated key setup scheme
The
Value of Computer Forensics
Open
Source Digital Forensic Acquisition and Analysis on Mac OS X
Computer
Forensics for Non profits
Internet
Security & Incident Response: Scenarios & Tactics
Cyber
crime and the Law; Where the Net meets the Node
Police
Reserve Specialists - Local Application of Global Concept
Event
Sequence Mining to Develop Profiles for Computer Forensic Investigation
Purposes
Unredacted copy of
this report (also available as a PDF) from Cryptome.org
Towards
Proactive Computer System Forensics
A
Critical Evaluation of the Treatment of Deleted Files in Microsoft Windows
Operation Systems
Computer
Forensics in a LAN Environment
Operational
Computer Forensics - The New Frontier
Computer
Security Incident Response Guide
An
Overview and Analysis of PDA Forensic Tools
Forensic
Software Tools for Cell Phone Subscriber Identity Modules
Incident
Response Fundamentals Class
The
CERT Virtual Training Environment: Information Assurance and Forensics
Training Anywhere, Anytime
Guidelines
on Cell Phone Forensics [Draft]
Guide
to Computer and Network Data Analysis: Applying Forensic Techniques to
Incident Response
Guidelines
for Media Sanitization
Computer
Forensic Guidance
Fingerprint
Identification and Mobile Handheld Devices: An Overview and
Implementation
PDA
Forensic Tools: An Overview and Analysis
Cell Phone
Forensic Tools: An Overview and Analysis
Guidelines
on PDA Forensics
Guide
to Computer and Network Data Analysis: Applying Forensic Techniques to
Incident Response
Article I -
Preliminary Matters
Article X -
Reimbursement and Return of Property
Article XI - Using
Evidence
Article II -
Challenges and Sanctions
Article III-
Preserving Evidence
Article IV - Obtaining
Evidence: Interception & Surveillance
Article V - Undercover
Operations and Informants
Article VI - Obtaining
Evidence: Production Orders
Article VII -
Obtaining Evidence: Search and Seizure
Article VIII -
Post-Collection Procedures
Article IX -
Processing and Analyzing Evidence
A strategy for
testing hardware write block devices
Forensic
feature extraction and cross-drive analysis
md5bloom:
Forensic filesystem hashing revisited
Identifying
almost identical files using context triggered piecewise hashing
A
correlation method for establishing provenance of timestamps in digital
evidence
An
empirical study of automatic event reconstruction systems
Self-reported
computer criminal behavior: A psychological analysis
Categories
of digital investigation analysis techniques based on the computer history
model
Searching
for processes and threads in Microsoft Windows memory dumps
A survey of
forensic characterization methods for physical devices
FORZA –
Digital forensics investigation framework that incorporate legal
issues
A cyber
forensics ontology: Creating a new approach to studying cyber
forensics
Arriving at
an anti-forensics consensus: Examining how to define and control the
anti-forensics problem
XIRAF –
XML-based indexing and querying for digital forensics
Selective and
intelligent imaging using digital evidence bags
Detecting false
captioning using common-sense reasoning
Digital Forensics Tool Testing
Images (DFTT) - Introduction
Digital
Forensics Tool Testing Images (DFTT) - Extended DOS Partition Test
Digital
Forensics Tool Testing Images (DFTT) - NTFS Autodetect Test #1
Digital
Forensics Tool Testing Images (DFTT) - Basic Data Carving Test #1
Digital
Forensics Tool Testing Images (DFTT) - Basic Data Carving Test #2
Digital
Forensics Tool Testing Images (DFTT) - FAT Keyword Search
Digital
Forensics Tool Testing Images (DFTT) - NTFS Keyword Search #1
Digital
Forensics Tool Testing Images (DFTT) - EXT3FS Keyword Search #1
Digital
Forensics Tool Testing Images (DFTT) - FAT Daylight Savings Test
Digital
Forensics Tool Testing Images (DFTT) - FAT Undelete Test #1
Digital
Forensics Tool Testing Images (DFTT) - NTFS Undelete (and leap year) Test
#1
Digital
Forensics Tool Testing Images (DFTT) - JPEG Search Test #1
Digital
Forensics Tool Testing Images (DFTT) - FAT Volume Label Test #1
Domain Name
Forensics: A Systematic Approach to Investigating an Internet Presence
Forensic acquisition
and analysis of magnetic tapes
Generalizing
sources of live network evidence
Digital Forensics
using Linux and Open Source Tools
Improving evidence
acquisition from live network sources
The Role of Digital
Forensics within a Corporate Organization
Anti-Forensics
Degaussers
Ibas Computer
Forensics: A White Paper
Internet
and judicial investigation: difficulties in judicial practice
Analysis:
The Forensics of Internet Security
Design of a
Digital Forensics Image Mining System
Unleash
the Cyberhounds!
Ipod
Forensics: Forensically Sound Examination of an Apple Ipod
Development
of a zero skills forensic laptop registration and identification tool
Digital
Forensics: Exploring Validation, Verification & Certification
Disabling
Wireless Networks for Law Enforcement
Forensic
Analysis for Unix-Based Operating Systems
Forensic
Analysis of Mobile Phones
Hidden
or Hiding: Mac OS X’s Forensic Assets and Liabilities
Online
evidence gathering and the Evidence Bin
System
Documentation - The "RegistryExtractor"
Software
Engineering Project (Honours): ZSAT
Towards
a validation framework for forensic tools in Australia
ZSAP
(Zero Skill Analysis Program)
Computer
Forensics: How to be a Cybercrime Detective
Computer
Forensics
Network
Forensics Evasion: How to Exit the Matrix
Computer
Forensics: The Key to Solving the Crime
Cybercrime: The
Internet as a Crime Scene
Intrusion
Detection and Incident Response
Investigative
Responses (Email Tracing)
Digital
Evidence Collection and Handling
Forensic
Duplication and Analysis Using Encase
Computer
Forensics Course Syllabus
The File Extension Source (FILEXT)
An Improved
Protocol for the Examination of Rogue WWW Sites
Silicon Pathology?
Spam & Chips -
A Discussion of Internet Crime
An
introduction to Windows memory forensic
Digital
forensics of the physical memory
Physical
Memory Forensics
Forensic
Implications of Biometric Devices and future identification management
systems
Forensic
Computing Theory & Practice: Towards Developing a Methodology for a
Standardised Approach to Computer Misuse
The
Federal Court, the Music Industry and the Universities: Lessons for
Forensic Computing Specialists
Risks
and Solutions to problems arising from illegal or Inappropriate Online
Behaviours: Two Core Debates within Forensic Computing.
Intrusion
Detection: Forensic Computing Insights arising from a Case Study on
SNORT
Computer
Incident Investigations: e-forensic Insights on Evidence Acquisition
Bridging the
Divide:Rising Awareness of Forensic Issues amongst Systems
Administrators
Forensic
Computing: Developing a Conceptual Approach in the Era of Information
Warfare
Bridging
the Divide: Rising Awareness of Forensic Issues amongst Systems
Administrators
Forensic
Computing: Developing a Conceptual Approach for an Emerging Academic
Discipline
E-mail
and WWW browsers: A Forensic Computing Perspective on the Need for
Improved User Education for Information Systems Security Management
Recovering
Unrecoverable Data
Forensic
Disk Imaging Using Linux
Linux
Computer Forensics: Forensic Disk Imaging
Computer
Forensic Investigation for XYZ Company
Computer
Forensic Investigation Standard Operating Plan
System
Baselining - A Forensic Perspective
Basic
Media Analysis & The Sleuth Kit / Autopsy
Computer Forensics in
Litigation
Introduction to Computer
Forensics
Starting your own Computer
Forensics Company
Downloads -
Forms and Checklists
Computer
Forensic Resources
Chapter
6 - Modes of Data Insertion and Acquistion
Software
Write Block - Testing Support Tools Validation
Testing
BIOS Interrupt 0x13 Based Software Write Blockers
Forensic
Checklist
Digital
Warrants
Encase
Decryption System
Mac
Acquisition using Target Disk Mode
Computer
Forensics Analysis
Computer
Forensics Analysis
Electronic
Forensics
Ultimate
Guide to Mac OS Forensics
On
the Role of File System Metadata in Digital Forensics
Providing
Process Origin Information to Aid in Network Traceback
Computer
Forensics
Incident Response
& Evidence Management
Software
Forensics: Can We Track Code to its Authors?
Honeypots: Monitoring and
Forensics
Computer Forensics: What is
Metadata, Why is it Significant, and How do you Deal with it?
Forensic
Logging in Apache v1.3.30 and later (Module mod_log_forensic.c)
The Global
Enterprise - Forensic Audits Across the Large Scale Network
Computer
Forensics Primer
Best Methods
for Forensic Investigators when Encountering Windows Encrypted Content
Antiforensics:
Trends and Emerging Technology
Intro to
Computer Forensic Tools
Recognizing the
Importance of Network Enabled Computer Forensics
Covert
Channels: A Never Ending Challenge for Forensic Examiners
Starting a
Computer Forensic Lab
A Brief
Intro to End-to-End Digital Investigation
Virtual
Digital Evidence Lab: A Distributed Forensic Resource Network
Linux/UNIX
Security Response Cookbook
IT
Forensics: the collection of and presentation of digital evidence
An
Investigation into Computer Forensic Tools
Investigation
Into Computer Forensic Tools
Child
Abuse, Child Pornography and the Internet
System
Administration and Network Security Course
Computer
Forensics Analysis
Summer Workshop 2002
on Network Security
Day 3 :
Computer Forensics I (On-line inspection)
Day 4 :
Computer Forensics II (Off-line inspection)
Digital
Forensics Research in the United States
Academic
Search and Seizure: An Update
Computer
Forensics Search and Seizure: Challenges in the Academe -An Update
Computer
Forensics in the Academic Environment
Cybercop
Cracking
the Cracking
Learning
by Doing - Do's and Dont's of Building a Forensics Workstation
Learning
by Doing
Cybercrime:
Supporting Cyber Sleuths
Digital
Forensics: Crime Seen
Digital
Forensics: Storage Media Primer
Auditing
and Event Correlation
Unix
Tools Track Hackers
Auditing
Cyber Crime
Computer
Crime and Forensics
WACIRC -
Law Enforcement Guidelines for Reporting and Responding to Computer
Crimes
To
Catch a Thief: Computer Forensics in the Classroom
Information
Systems Forensics: A Practitioner's Approach
The types of
computer crimes in Hong Kong and the difficulties in prosecuting such
crimes
Cyber-Investigation
on Cyber-Crime
Digital
Evidence Standards
Automated
Reassembly of Fragmented Images
ForNet:
A Distributed Forensics Network
The
Digital Crime Scene: A Software Prospective
Cybercrime
in New Network Ecosystem: Vulnerabilities and New Forensic
Capabilities
"Transborder
Search" A new perspective in law enforcement?
Computer
Forensics in Virginia
Computer
Forensic Science: A Methodology
Forensic
Analysis of Digital Evidence from Palm Personal Digital Assistants
Computer
Forensics and the Law of Evidence (Hong Kong)
Anti-Forensics
Introduction
to Digital Forensics Procedure, Tools, and Techniques
Computing
forensics: a live analysis
Why Recovering a
Deleted Ext3 File Is Difficult . . .
Through the
Looking Glass: Finding Evidence of Your Cracker
A
Graphic Picture of Crime
Malware
Forensics by Automatic Experiments
Collecting
and Preserving Evidence after a System Compromise
Unix Security 101 - Forensic
Examples
A System for Collection,
Storage, and Analysis of Multi-platform Computer System Data
Unix
Security: Diagnostics and Forensics
Hands-On
Honeypot Technology - Analysis & Forensics
Project PFC -
Personal Filing Cabinet Converter
A Guide to Investigation
and Prosecuting cases involving Hacking and the Computer Underground
SMART
Anti-Forensics
Digital
"Evidence" May Not Be "Evidence" At All
The
Windows XP [DOS] Startup Disk - An Example in Basic Forensics / Data
Recovery
The
Windows XP Startup Disk [An Example in Basic Forensics / Data
Recovery]
Commonly Overlooked Audit
Trails on Intrusions
Finding and Analyzing
Trojans under Unix
Corporate
Forensics Toolkit
Computer
& Network Forensics; Best Practices and Lessons Learned
Wireless
Network Security and Forensic Analysis
Computer Forensics
for a Computer-based Assessment: The Preparation Phase
Forensics and
Privacy-enhancing Technologies - Logging and Collecting Evidence in
Flocks
Towards Hippocratic
Log Files
Dialing
for Evidence
Digital evidence
obfuscation: recovery techniques
Law Enforcement
and Digital Evidence
Computer
Forensics Procedures and Methods
Recovering Digital
Evidence from Linux Systems
IOCE
Computer
Forensics in the Inspector General Environment
IOCE
vs. G-8 Principles
A Brief
History of Computer Forensics
Guidelines
and Recommendations for Training in Digital & Multimedia Evidence
Proficiency
Test Program Guidelines
Recommended
Guidelines for Developing Standard Operating Procedures [for Digital
Forensic Examinations]
Recommended
Guidelines for Validation Testing
SWGDE
and SWGIT Glossary of Terms
Best
Practices for Computer Forensics
Data
Archiving
Data
Integrity Within Computer Forensics
Data
Evidence Findings
Identifying the
Owner of a Website
Digital
Discovery with Linux Bootable CDs
Craiger's
Cyberforensic Commandline Cheatsheet (C4)
Explanation of an IP
Address Tracing
IP Addresses and You
Digital
Sleuthing Uncovers Hacking Costs
Computers hinder
paper shredders
Report
on the Investigation into Improper Access to the Senate Judiciary
Committee's Computer System
Preserve and
Protect
Using Linux
VMware and SMART to Create a Virtual Computer to Recreate a Suspect's
Computer
Seizing
and Searching Computers and Computer Data
A
Graphical Representation of File Statistics for Computer Forensics
Methods
for evidencing illicit use of a computer system or device
Forensic
Computing: An Introduction to the Principles and the Practical
applications
The
DFRWS Framework Classes
Conducting
an Incident Post Mortem
Digital
Forensics - A Primer
DIPL:
The Digital Investigation Process Language
Ensuring
the Reliability and Admissibility of Digital Evidence
FARES:
Forensic Analysis of Risks in Enterprise Systems
Intro
to End-to-End Digital Investigation
A
New Approaches to Complex Digital Investigations
Detecting
Local Filesystem Changes with Perl
Ilook
Investigator
Destroying
Data ... is it possible
Ext2fs
and forensics
Using
ATA commands on hard disks ... why bother?
Knowledge
discovery and experience modeling in computer forensics media analysis
Digital
Forensics Laboratory Projects
Computer
Forensics: A Critical Need for Computer Science Programs
Computer
Forensics Laboratory and Tools
NGN
Network Security Forensics and the Data Retention Directive
An
Introduction to Computer Forensics: Gathering Evidence in a Computing
Environment
Encountering
Encrypted Evidence (potential)
Forensic
Discovery
Computer
Forensics
Hooking
IO Calls for Multi-Format Image Support (using PyFlag)
Hooking
IO Calls for Multi-Format Image Support
Keyword
Searching and Indexing of Forensic Images (using PyFlag)
Keyword
Searching and Indexing of Forensic Images
RAID
Reassembly - A forensic Challenge (using PyFlag)
Disk
Forensics (using PyFlag)
Log
Analysis (using PyFlag)
Forensic
and Log Analysis GUI
Forensic
and Log Analysis GUI Tutorial
RAID
Reconstruction - And the search for the Aardvark
"e-Evidence
Standard": Proving the integrity, reliability, and trust on electronic
records
Guidelines for
the Handling and Seizure of Digital Evidence
Computer-Forensic
Privacy Tools: A Forensic Evaluation
Counter-Forensic
Privacy Tools - A Forensic Evaluation
Criminal
Computer Intrusion Unit
Tools
for Discovering Credit Card and Social Security Numbers in Computer File
Systems
Computer
Forensics Search & Seizure: Challenges in Academe
Windows
Media Imaging
The
Technology of CSI and Computer Forensics
Designing
and Implementing a Computer Forensics Curriculum and Exercises
Retrieval
of Video Evidence and Production of Working Copies from Digital CCTV
Systems
Secure
Deletion and the Effectiveness of Evidence Elimination Software
After
Conversation - An Forensic ICQ Logfile Extraction Tool
Googling
Forensics
An
investigation into the efficiency of forensic erasure tools for hard disk
mechanisms
The
effectiveness of commercial erasure programs on BitTorrent activity
An
Analysis of the Integrity of Palm Images Acquired with PDD
Towards
Identifying Criteria for the Evidential Weight of System Event Logs
Tracing
E-mail Headers
An
Analysis of the Integrity of Palm Images acquired with PDD
Electronic
Crime - its not only the big end of town that should be worried
To
Revisit: What is Forensic Computing?
A
Preliminary Examination of Tool Markings on Flash Memory Cards
Digital
Evidence Integrated Management System
Generalising
Event Forensics Across Multiple Domains
Throwing
out the Enterprise with the Hard Disk
ECF
- Event Correlation for Forensics
Testing
the Date Maintenance of the File Allocation Table File System
Computer
Forensics in the Global Enterprise
Forensic
tools (Group Test)
Chapter
10:
Chapter
2:
UNIX
Computer Forensics
Intro
to forensics: Using the last command to track down changes
Practice
effective security log analysis
Part
2 - Make the most of your security log data
Investigating an
Attempted Intrusion
Automated
Analysis for Digital Forensic Science
Computer
Based Forensics - A Case Study - U.S. Support to the U.N.
Data
Forensics: "Analyzing the Tracks of an Intruder" or "Analyzing
Administrative Responses to Log Anomolies"
Automated
Analysis for Computer Forensics
Windows
NT/2000 Event Log Management and Intrusion Detection
Dissecting
Distributed Malware Networks
Working
with Law Enforcement to Abate Cybercrime
Disk
Cloning
FIRE:
Forensic & Incident Response Environment
Computer
Forensics 101
Computer
Forensics 101
Computer
Forensics 101
Computer
Forensics 101
An
Introduction to Knoppix-STD: Forensic Analysis of a Compromised Linux
Harddrive
Introduction
to Knoppix-STD: Forensic Analysis of a Compromised Linux Harddrive
Analysing
E-mail Text Authorship for Forensic Purposes
Salon On
Computer Forensics
Bootable
Linux Demo Distro - Knoppix
Linux
and Forensic Discovery
Computers
Forensics
Web
Application Forensics
Internet
Ballistics: Retrieving Forensic Data From Network Scans (Poster)
Digital
Evidence
Dave
Dittrich's Computer Forensics Links
Hack
and Counter-Hack - Active Forensics: Tracking that Intruder
Data
Recovery
Reporting
probes/intrusion attempts from an IP address
Responding
to a security incident on a Unix workstation
Basic
Steps in Forensic Analysis of Unix Systems
Intruder
Discovery / Tracking and Compromise Analysis
Incident
Response Procedures
Forensic
Analysis of Microsoft Internet Explorer Cookie Files
Forensic
Analysis of Microsoft Windows Recycle Bin Records
Evidence
Network
Forensic Traffic Reconstruction with Tcpxtract
Track
down lost data with the EnCase computer forensics tool
Begin a
forensics investigation with WinHex
Computer
Forensics - The Legal Side of Incident Response
How To
Permanently Erase Data from a Hard Disk
Compliance
and Computer Forensics
Unix
Forensics
Forensic
Analysis of Microsoft Internet Explorer Cookie Files
Forensic
Analysis of Internet Explorer Activity Files
Forensic
Analysis of Microsoft Windows Recycle Bin Records
Guidelines
for the Management of IT Evidence
Security
Forensic on E-commerce
Computer
Forensics - The FAQs, the Do’s and the Don’ts
Incident
Response - Preparedness is Essential in Today’s Computing Environment
IP
Tracing - A Primer in Tracing IP and Email Addresses
Forensic
Acquisition Utilities
Forensic
Analysis of File System Intrusions using Improved Backtracking
Byteprints:
A Tool to Gather Digital Evidence
Low-Intrusive
Consistent Disk Checkpointing: A Tool for Digital Forensics
Algorithms
to Enable Forensic Analysis of Computer and Network Intrusions
Virtual Training Environment (VTE)
CSI For The
Home PC
Forensic
Examination
EnCase
Test and Tutorial
Tutorial
- Forensics for Windows XP Clients
Laptop
Hard disk removal page
A
bit of help if you've just been broken into
A
bit of help recovering a deleted file under Unix
Chapter
6
The
Reality of Computer Forensics
Forensic
Analysis using FreeBSD - Part 1
Forensic
Analysis of a Compaq RAID-1 Array and Using dd with EnCase v3
Ghosts
in the Machine
Technology
Report: Forensic Security Tools
Design
and Development of a Distance Education Paradigm for Training Computer
Forensic Examiners
ENCASE
- A forensic computing utility that does it all
Drive
Translation (and second article AOL ART Files)
Cyber
detectives: Collecting evidence for web crimes
Tracking
Hackers with Cyber Forensics
An
Investigator’s Guide to File System Internals
Standardization
of Computer Forensic Protocols and Procedures
Memory
Imaging and Forensic Analysis of Palm OS Devices
The
Role of Computer Forensics in the Investigation of Network Intrusion
Activity
Incident
and Wiretap of a Real Case
Unix
Forensic Techniques for Incident Response
Computer
Discovery and Risk Control: What’s Lurking on Your Computer System?
Working
with Police
Computer
Forensics: Evidence Handling & Management
http://web.archive.org/web/20030530124911/http://www.rootshell.be/~anuradha/scrolls/forensics.txt
Chapter
11
Forensic
Techniques for Investigating Network Traffic
Computer
Crimes and Digital Evidence
FBI
Cyber Crime Program Philadelphia Division
Fight
Crime and Improve Security with Data Mining
Incident
Handling II
Incident
Handling I
Chapter
1
Defending
Cyber-Crime
Carvdawg's
Perl Page
Forensic
Readiness (Whitepaper)
Hidden
Date & Times - Forensic Analysis & Daylight Saving / Time Zone
Pitfalls
Independent
Review of Common Computer Forensics Imaging Tools
Digital
Evidence in Internet Time
Digital
Evidence in Internet Time
Cybercrime
– Challenges to Enforcement of IPR
The
Future of Forensic Computing
Incident
Response: A Primer on Prepartation and Resolution
Building
a Jump Kit
Investigation
of Cybercrime and Technology-related Crime
Cyber
Crime and the Courts - Investigation and Supervising the Information Age
Offender
Network
Forensics
Windows
Live Incident Response Volatile Data Collection: Non-Disruptive User &
System Memory Forensic Acquisition
Is
your data ready for its day in court?
Evidence
Discovery in a Digital World
Evidentiary
Considerations for Collecting and Examining Hard-Drive Media
Cyber
Crime: Labs and Investigations
Forensic
Computer and Cybercrime Investigations
Network
Forensics - Hacker, You cannot Escape!
The
Managers Role: Incident Response, Electronic Evidence and Forensics
Network
Forensics and Auditing
Forensic
Computing within the Crime and Misconduct Commission
Incident
Response Planning and Forensic Readiness
Building
a Linux-Based Computer Forensics Lab
Managing
your Evidence Problems associated with proper collection procedures
Find
the Email Header
Internet
Investigations - Finding the Suspect
An
Attorney’s Brief Guide to Dating (Computer File Dating That Is)
Forensic
Readiness - CanSecWest Conference
Error,
Uncertainty, and Loss in Digital Evidence
NTFS
compression white paper
RCFL
National Program
Evidence
Collection and Data Seizure
High Tech
Forensics
Honeypot
forensics
Recent
Advances in Computer Forensics
Electronic
Evidence in Criminal Defense
Computer
Forensics
Forensic
Vulnerability Discovery And Analysis
Honeytraps
As A Forensic Tools
The Economics of
Digital Forensics
GMU2005
presentations
Computer
and Network Forensics as an Integral Component of the Information Security
Enterprise
Forensics
and Active Protection
Honeytraps,
a Network Forensic Tool
Honeytraps
as Forensic Tools
Computer
and Network Forensics (CNF) Project Homepage
Handling
Crime in the 21st century
Network
Support For IP Traceback
Introduction
to Computer Forensics
Digital
Evidence & Computer Forensics
Computer
Forensics – An Introduction
Computer Crime Manual
(excerpt)
FATKit:
Detecting Malicious Library Injection and Upping the “Anti”
Trojan
Defence: A Forensic View (Part 1)
Trojan
Defence: A Forensic View (Part 2)
Phishing
and Federal Law Enforcement
Digital
Data in the Enterprise: Do You Have it Under Control?
Resurrecting
the Smoking Gun: How to Find and Recover Evidence
How
to Conduct On-Premises Discovery of Computer Records
How
to Conduct On-Premises Discovery of Computer Records
Registry
Quick Find Chart
AccessData
Certified Examiner Study Guide
Forensic
Computer Investigation Brings Notorious Serial Killer BTK to Justice
eDanger.com
Cyber-Criminals
and Data Sanitization: A Role for Forensic Accountants
Computer
Searches
The
Discipline of Internet Forensics
Mining
E-mail Content for Author Identification Forensics
Backtracking
Intrusions
Network
Forensics
Good
Practice Guide For Computer based Electronic Evidence
Evaluating
the Capacity to Respond to E-Crime
Seizing
Computers and other Electronic Evidence Best Practice Guide
MD5
collisions and the impact on computer forensics
Orphans
in the NTFS World
Thumbs
DB Files Forensic Issues
Automated
Analysis for Digital Forensic Science: Semantic Integrity Checking
Automatic
Reassembly of Document Fragments via Context Based Statistical Methods
Gender-Preferential
Text Mining of E-mail Discourse
Automated Analysis
for Digital Forensic Science: Semantic Integrity Checking
Automated Reassembly
of Document Fragments via Context Based Statistical Models
Building
Evidence Graphs for Network Forensics Analysis
Can You
Survive a Cybercrime?
AFF: The Advanced Forensic Format
AFIRM
Forensic
Analysis of a Compromised Mac OS X (Client) Machine
Review of Digital
Intelligence Firefly and Ultrablock products
Linux Forensics
Weekly
Developing
a Framework for Evaluating Computer Forensic Tools
High Tech Crime
Briefs
Investigative
Skills for the 1990s and Beyond
What is
Forensic Computing?
A
Typology of Online Child Pornography Offending
Impediments
to the successful investigation of transnational high tech crime
Criminal
forfeiture and restriction-of-use orders in sentencing high tech
offenders
Data Forensics:.
A Case for Routine Implementation
Introduction to
Cyber Forensics: Forensics Incident Response
Deleted files can be
recovered
Cybersleuthing:
A Guide to the Essentials of Computer Discovery
Report on
Defendant-Name vs. State-Name
Challenges
to Digital Forensic Evidence
Forensics:
Data Trails and Detection
The Byte
Stops Here: Duty and Liability for Negligent Internet Security
Microsoft
Word MetaData Forensics Tutorial
Technological
Aspects of Internet Crime Prevention
Digital
Forensics
Guidelines
for the Management of IT Evidence
How
Effective Cooperation with Law Enforcement Authorities Can Promote
Computer Security
Computer
Forensics as a Tool for Criminal Investigation
Computer
Forensics - The Need for Diverse Tools
Wireless
Intrusion Investigation
Chapter
11: Honeypot Data Analysis
Real-time
Forensic Evidence Collection
Forensic
Readiness
Setting
up a Cyber Crime Investigation Cell & Cyber Forensics Laboratory
Recovery
of Digital Evidence
Tracing
the Source of an Email
Expert Witness
Compression Format Specification
Computer
Forensics – Hiding in Plain Sight
An Exploration
of Future Anti-Forensic Techniques
Stand-alone
PC Examination Basic Forensic Guidelines
Not
Just a Game Anymore
Collection and
Control of Electronic Evidence
Surplus
Disk Drive Vulnerability – Information leakage
Australian
Computer Crime and Security Survey
Collecting
Electronic Evidence After a System Compromise
Evidence
on the Internet
AGEC
Issues Paper: Evidence and the Internet
E-Mail
Discovery in Civil Litigation: Worst Case Scenarios vs. Best Practices
Anti
Forensics
Linux
Forensics
PC-Based
Partitions
Case
Studies
Chapter 1:
Windows Live Response
Meeting the
Challenge: E-Mail in Civil Discovery
Shadowcrew:
Web Mobs
A
Crash Course in Digital Forensics
Client-side
Exploits: Forensic Analysis of a Compromised Laptop
Forensics
Fighting
Online Software Piracy
Safe-KIDS -
Known Image Database System
Combating
Online Software Piracy in an Era of Peer-to-Peer File Sharing
Fighting
Online Software Piracy—What Works in 2005
Data
Forensics: In Search of the Smoking Gun
BCS
Comments on Proposals for Registration of Digital Evidence Specialists
The
electronic autopsy - digital forensics Part 1
Looking
for foul play - digital forensics Part 2
Wading
in Alternate Data Streams
What
Does a Disk Wiper Wipe when a Disk Wiper Does Wipe Disks?
Additional
Information
Basic
Considerations in Investigating Computer Crime, Executing Computer Search
Warrants and Seizing High Technology Equipment
Computer-Mediated
Communications and Criminal Evidence
Operation
CyberSweep
Operation
Websnare
Computer
Forensics Reveals a Whole New Universe of Discoverable Information
Intrusion
Detection and Network Forensics
Computer
Forensics - Tracking the Cyber Vandals
Computer
Forensics: Tracking the Cyber Vandals
Forensic
Tools and Processes for Windows XP Clients
Computer
Forensics
Digital
Information, User Tokens, Privacy and Forensics Investigations: The Case
of Windows XP Platform
New
Directions in Disk Forensics
FragFS:
An Advanced Data Hiding Technique
The
Need For Forensic Capabilities In The Commercial Sector
Solving
Network Mysteries
Computer
Forensics: A Critical Process in Your Incident Response Plan
Cisco
Router Forensics
Cisco
Router Forensics Checklist
Security
Event Correlation – Security's Holy Grail?
The
Need for an 802.11b Toolkit
Scene
of the Cybercrime: Assisting Law Enforcement in Tracking Down and
Prosecuting Cybercriminals
Forensic
Dead-Ends: Tracing Anonymous Remailer Abusers
Forensic
Dead-Ends: Tracing Users Through Anonymous Remailers
WebMail
Forensics
Forensics
with Linux 101 - or - How to do Forensics for Free
Nobody’s
Anonymous — Tracking Spam and Covert Channels
The
Evolution of Incident Response
Catch
Me If You Can: Exploiting Encase, Microsoft, Computer Associates, and the
rest of the bunch...
Performing
Effective Incident Response
Finding
Gold in the Browser Cache
You
Are What You Type: Non-Classical Computer Forensics
Web
Application Incident Response & Forensics: A Whole New Ball Game!
Intrusion
Auditing with NTLast
A
Brief Introduction to Cyber Forensic Analysis
Investigating
Internet Security Incidents: A Brief Introduction to Cyber Forensic
Analysis
Computer
Forensics: The Investigator's Perspective
Forensic
Tools and Processes for Windows XP
Without
a Trace: Forensic Secrets on a Windows Server
Data
Hiding on a Live System
Nobody's
Anonymous - Tracking Spam
Windows
Forensics: Have I been Hacked?
Evidence With
A Byte
Forensic
Investigation Case Studies and Results
The
Essentials of Computer Discovery
Searchtools,
Indexed searching in forensic images
Computer
Forensics - Digging with the Digital Shovel
Forensic
Computer Examinations for Small to Medium Size Businesses
Computer
Forensics - Digging with a Digital Shovel
IP
& Cybercrime
Analysing
Privacy-Invasive Software Using Computer Forensic Methods
Forensics
in Fifteen
Practical
Windows Forensics
Architectural
Innovations for Enterprise Forensics
Remote
physical device fingerprinting
The Necessity for
Computer Forensics
Router
Forensics - DDOS/Worms Update
CyberCrime
Search and
Seizure of Canadian Computer Environments
Honeypot
Forensics - No stone unturned or: logs, what logs?
Hidden
Data in Internet Published Documents
Chapter
3
Tracing
Activity on a Windows-Based Laptop
Setting
the Rules on Digital Evidence
Recent
Federal Opinions on the Search and Seizure of Computer Files
Digital
Search and Seizure
Responding to
Cybercrime in the Post-9/11 World
The FBI and the
Internet
Performing
an Autopsy Examination on FFS and EXT2FS Partition Images:
Defining
Digital Forensic Examination and Analysis Tools
Security
Incident Investigation
A
Digital Investigation Process Model (Poster)
Logs
& Forensics
Log
Analysis in Windows
SIRT
& Forensics
Botnets as a
Vehicle for Online Crime
2005
E-CrimeWatch Survey
First
Responders Guide to Computer Forensics
Installing
The Coroner's Toolkit and using the mactime utility
Using
The Coroner's Toolkit : Harvesting information with grave-robber
Using
The Coroner's Toolkit : Rescuing files with lazarus
Analyze
all available information to characterize an intrusion.
How the
FBI Investigates Computer Crime
Steps
for Recovering from a Unix or NT System Compromise
Introduction
to Forensics 101
Computer
Forensics
Helping
Your Users by Spying On Them
Computer
& Network Forensics
Cyber
Forensics - Windows Remnants
Cyber
Forensics - Intermediate Topics
Forensic
Analysis of Volatile Data Stores
Computer
Forensics and Electronic Discovery
Cyber
Forensics - The Basics
Computer
Forensics: Are Your Computers Free from Attacks and Problems?
The
Computer Forensics Process and Conducting Web-Based E-mail Searches
Solving
Crimes Through Digital Forensics
The
Basics of Digital Evidence Recovery
Computer Forensics Tool Testing
(CFTT) Project
Computer
Forensics Tool Testing at NIST
Notes
on dd and Odd Sized Disks
Computer Forensic
Tool Testing at NIST
Web
Application Forensics: The Uncharted Territory
The Exchange
Principle
Cryptography and
Evidence
Analytic
& Forensics Technologies
FOSS Digital
Forensics
Encase
Version 5 Presentation
Challenges
of Forensic Investigations Under Corporate Environment
X-Ways
Software Technology AG
Computer
Search and Seizure Guidelines
Linux
Forensics
IT
Autopsy
Time is of the
Essence
Watching
the Detectives
CIO
Cyberthreat Response & Reporting Guidelines
Best Practices
For Seizing Electronic Evidence version 2.0
NYECTF
Homeland Defense Document
NYECTF's
Approach to Cybercrime
Computer
Forensics - (What You Don’t Know Can Hurt You!)
Email and Web
Site Tracing
Default
Usernames/Passwords for selected Vendor Products (Search)
Law
Enforcement Challenges in Digital Forensics
Forensic
Computing: Developing Specialist Expertise within the CS Curriculum
Alternate
Data Streams in Forensic Investigations of File Systems Backups
Forensic
Investigation of Data in Live High Volume Environments
Computer
Forensics Lab Investigation Report
National
Security, Forensics and Mobile Communications
Law
Enforcement, Forensics and Mobile Communications
Digital
Evidence: Emerging Problems in Forensic Computing
IT
Forensic Investigation
Applying
Advanced Technology to Digital Evidence
Forensic
Inspection of Hard Disks
Computer
Forensic - A Technological Perspective
Forensic
analysis of Windows hosts using UNIX-based tools
Forensic
examination of mobile phones
Malware
analysis for windows administrators
The
unique challenges of collecting corporate evidence
The
Windows Registry as a forensic resource
Time
and Date Issues in Forensic Computing - A Case Study
Trusted
computing and forensic investigations
Unification
of relative time frames for digital forensics
What
evidence is left after disk cleaners?
Xbox
security issues and forensic recovery methodology (utilising Linux)
The
joys of complexity and the deleted file
Internal
Response Teams versus External Consultants - A Decision Matrix
Setting
up an Electronic Evidence Forensics Laboratory
Forensic
evidence testimony — some thoughts
Computer
Forensic Investigations
Computer
Forensic Investigations
Computer
Forensics "Top 10 List" - Things to Avoid
Intro
to Computer Forensics
On-line
Fraud
On-line
Investigations
File
Deletion in MS FAT Systems
How
Windows stores information about the User
Windows
Explorer Properties
Possession
of Child Pornography
Internet
Browsing (and the question of intent)
Kazaa Hash
values and their use as criminal 'proof'
True
Expertise
Torn
Pieces
Automated
Analysis for Digital Forensic Science
Forensic
Process and Tricks
Computer
Misuse Act of 1990 cases
Beware:
Computer Evidence Quicksand
Computer
Evidence
Registered
Forensic Practitioner: A New Breed of Expert
Cell
Phone Forensics
The
Trojan Horse Defence
Computer
Forensics article (No title given)
Computer
Forensics article
An
Explanation of Computer Forensics
Forensic
Detectives
Hunting
Hackers: How to Fight Back
Manager
Offers Primer On Computer Forensics
Cybersleuthing
solves the case
Cybersleuthing
Solves the Case
Computer
Forensics and Cyber Investigations
The
Impact of Forensic Computing on Telecommunications
IACIS
Forensic Examination Procedures
Investigating
E-Mail Activities
Inforensics
101
Hiding
Crimes in Cyberspace
Examination
of Computer-Resident Evidence
EnCase:
A Case Study in Computer-Forensic Technology
Forensic
Examination of Internet Activity
Electronic
evidence discovery: From high-end litigation tactic to standard
practice
Hidden
Text in Computer Documents
Computer Forensics for
Lawyers Who Can't Set the Clock on their VCR
Finding the Right
Computer Forensic Expert
Dodging the Bullet:
Cross-Examination Tips for Computer Forensic Examiners
Discovery
of Electronic Mail: The Path to Production
The
Plaintiffs' Practical Guide to E-Discovery
Cross-Examination
of the Computer Forensics Expert
Getting to
the Drive: Gaining Access to your Opponent's Digital Media
Beyond Data about
Data: The Litigator's Guide to Metadata
Cybersleuthing
for People Who Can't Set the Clock on Their VCR
DD and Computer
Forensics
Examples of using DD
within Unix to create Physical Backups
DD and Computer Forensics
- Deuce
And You Thought DELETE
Meant DELETE!
Using
Linux for Today's Data Forensics
Next
Generation Data Forensics & Linux
Building a Linux
Super Kernel for Data Forensics
Building a Super
Kernel for Data Forensics
Next
Generation Data Forensics & Linux
Using
Linux for Incident Response & Data Forensics
Independent
Validation & Verification of SMART for Linux
Independent
Validation & Verification of SMART for BeOS
Independent
Validation & Verification of Storage Media Archival Recovery Toolkit
(SMART) for BeOS
Poor Man's Guide to
Multi-Booting
Evidence Seizure
Methodology for Computer Forensics
Analysis
of Microsoft's AutoComplete Function within Internet Explorer
The Digital
Evidence in the Information Era
Initial
investigating actions related to detecting cyber crimes
Tactical
Features of Inquiry Actions at Computer Crime Investigation
Problems of
Investigation of Crimes in the Field of Banking Computer Systems
Computer
Forensics Processing Checklist
Criminal
Investigations in an Automated Environment
Cyberstalking
Investigation and Prevention
EnCase
Forensic Evidence Acquision and Analysis
Handling
Digital Evidence
IBM
OS/400 - AS/400 – Recognizing and Securing the System
Investigating
Cyber Crime/Hacking and Intrusion
Procedures
for Seizing Computers
Removing
hard drives from computer systems for direct drive-to-drive imaging
Tracing
an E-mail Address to an Owner
Unix
Investigations
Computer
Evidence
Digital
Imaging Procedure v1.0
The
Eavesdropper’s Dilemma
New
Approaches to Digital Evidence
Computer
Forensics Education
Computer
Forensics: Training and Education
How
Windows encrypts .PWL files
Secure
Deletion of Data from Magnetic and Solid-State Memory
Statistical
Tools for Digital Image Forensics
Statistical
Tools for Digital Forensics
Higher-order
Wavelet Statistics and their Application to Digital Forensics
Hacking,
Learning to Prevent it by Knowing more About it
Policies
to Enhance the Forensic of Computer Security (complete presentation, 63
slides)
Overview
of Computer Forensics
Policies
to Enhance Computer and Network Forensics
Linux as
Forensic Platform of Choice
Data
Hiding and Recovery
Linux as
Forensic Platform of Choice
Software
Forensics Overview
Computer
Forensics
Database
Forensics
Policies to
Enhance Computer and Network Forensics
Honeytraps,
A Network Forensic Tool (Paper Draft)
Policies
to Enhance the Forensic of Network Security
Extending the
Coroner's Toolkit via Aggregate Database
A
Recursive Session Token Protocol For Use in Computer Forensics and TCP
Traceback
Cases
Involving Encryption in Crime and Terrorism
Hiding
Crimes in Cyberspace
Computer
Forensics (presentation slides and notes)
Computer
Forensics
Digital
Forensics
The
Use of Random Forest to Develop an Intelligent Computer Forensic Tool
High Tech
Forensics: Serving as a Police Reserve Specialist
Case
Study of Insider Sabotage: The Tim Lloyd/Omega Case
Forensics
Backtracking
Intrusions
Collecting
Digital Evidence from Intrusion Detection Systems
The
Coroner's Toolkit (TCT)
The
Law Enforcement Paradigm in DoD Environments
Overview
of fcopy
PDAs
and Forensic Science
PDAs
and Forensic Science
Practical
Network Support For IP Traceback
Computer
Forensics
Policies
to Enhance Computer and Network Forensics
Solving
Computer Crime: An Introduction to Digital Forensics
Content-Based
Image Retrieval for Digital Forensics
Digital
Forensics: A Case Study
Digital
Forensics
Defining Digital
Forensic Examination & Analysis
A Lessons Learned
Repository for Computer Forensics
Recovering,
Examining and Presenting Computer Forensic Evidence in Court
Improving
Computer Forensics Media Analysis with Modeling Languages
Issues
in Computer Forensics
Cyber
Forensics
Win32
- Evidence Gathering
Win32
– Evidence Gathering
Hard
disk ATA Security
Live
Solaris Evidence Gathering Instructions (V 1.0)
Live
Solaris Evidence Gathering Instructions (V 1.2)
Best
method of preserving volatile evidence in RAM
Tools of
Evidence
E-mailed
Death Threats: A Case Study...
Forensic
Computer Analysis
Cyber
Security - the Laws that Protect your Systems and Govern Incident
Response
Tracking
Down the Criminal in Cyberspace
Intrusion
Detection: Issues and Challenges in Evidence Acquisition
Privacy and
Online Investigation by Copyright Management Bodies
The Weight of
Electronic Traces
Forensic IT
Investigations
Formalisation of
the Processing of Electronic Traces
Overview of
Legal Aspects, E-Evidence and Data Protection
The Legal Duty
of IAP's to Preserve Traffic Data : a Dream or a Nightmare?
Legal
Constraints for the Protection of Privacy and Personal Data in E-evidence
Handling
CTOSE Project
Results
XIRAF:
Ultimate Forensic Querying
Correlation of
complex evidences and link discovery
High
Tech Investigations: It Ain't Just Forensics...
High
tech investigations: It ain’t just forensics
Investigating
Wireless
Computer Crime and Intellectual
Property Section (CCIPS) of US DoJ
Searching
and Seizing Computers and Obtaining Electronic Evidence in Criminal
Investigations
Tracking a
Computer Hacker
Introduction
to Cyber Forensics
Anti-Forensics
Cyber
Forensics: Are We There Yet?
What is
Computer Forensics?
Getting
Started in Computing Security and Computer Forensics
INFO2
Recycle Bin File - A Primer
Forensic
investigation and its relationship with information assurance and
corporate governance
Deploy
Computer Forensics Early to Find the Smoking Gun
Save
It! Rethinking Retention Policies
Scrub,
Scrub, Scrub
Smoking
Microchip Tells It All
Unlocking
E-Evidence. Know How to Discover Computerized Information
Using
Computer Forensics to Manage Electronic Evidence
Raging
Debate: Who Should Pay for Digital Discovery?
SmartMedia,
CompactFlash & Memory Stick Data Recovery
IT
Security and Forensics: A Complementary Approach
Best
Practices for Handling of Electronic Evidence
Introduction
to Digital Evidence Seizure
Standard
Operation Procedures for Electronic Evidence Handling
Department of Defense, Cybercrime
Center
Child Pornography
and the Net
Understanding the
Computer and How Child Pornography Cases are Made
Reacting
to Cyberintrusions: Technical, Legal and Ethical Issues
Computer
Forensics: An Issue of Definitions
Network
Forensics and Covert Channels Analysis in Internet Protocols
Forensic
Challenges - Windows Encrypted Content
The
Essential Conflict Between "Computer" and "Forensics"
Forensic Computer Analysis: An
Introduction
What Are MACtimes?
Strangers In the Night
File Recovery Techniques
Bring Out Your Dead
Discovering Relationships in
Context: Inductive tools for forensic computing
Forensic
Computing
Forensic
Computing...
Data
Recovery Software Tools: Today and the Future
Forensic
Computing: What is it?
Forensic
Computing: "Catch Me if you can"
Reproducibility
of Digital Evidence in Forensic Investigations
Static Linking
Under Solaris
Extreme
IP Backtracing
Layer
2, Routing Protocols, Router Security & Forensics
Hidden
data in popular office file formats
Forensic
Readiness
The
"Art" of Log Correlation
Microsoft
Windows Eventlogs in der Forensischen Analyse
Digital Forensic Research Workshop
(DFRWS)
A Road Map for
Digital Forensic Research
Analyzing
the Difficulties in Backtracking the Onion Router's Traffic
Preservation
of Fragile Digital Evidence by First Responders
Preservation
of Fragile Digital Evidence by First Responders
Can
Digital Evidence Endure the Test of Time?
Can
Digital Evidence Endure the Test of Time?
Language
and Gender Author Cohort Analysis of E-mail for Computer Forensics
Forensic
Network Analysis Tools - Strengths Weaknesses, and Future Needs
File
Classification Using Sub-Sequence Kernels
ForNet: A
Distributed Network Forensics System
Building
Theorethical Underpinnings for Digital Forensics
Cross-Validation
of File System Layers for Computer Forensics
A
Hierarchical, Objectives-Based Framework for the Digital Investigations
Process
An
Event-Based Digital Forensic Investigation Framework
A
Framework for Digital Forensic Science
A
Framework of Distributed Agent-Based Network Forensic System
A
Framework of Distributed Agent-based Network Forensics System
The
Enhanced Digital Investigation Process Model
Adversary
Modeling to Develop Forensic Observables
Honeynet
Data Analysis: A technique for correlating sebek and network data
Automating
Forensics (Honeynets and Digital Forensics)
Forensics,
Fighter Pilots and the OODA Loop: The Role of Digital Forensics in Cyber
Command and Control
Breaking
the Performance Wall: The Case for Distributed Digital Forensics
Secure
Digital Camera
Forensics
for Critical Information Infrastructure Protection
Proposal
to Formalize Test and Evaluation Activities Within the Forensic and Law
Enforcement Communities
How
to Reuse Knowledge about Forensic Investigations
Stego
Intrusion Detection System
Automatically
Creating Realistic Targets for Digital Forensic Investigation
Preparing
for Large-Scale Investigations with Case Domain Modeling
Design
and Implementation of Zeitline: a Forensic Timeline Editor
Automated
Digital Evidence Target Definition using Outlier Analysis and Existing
Evidence
Automated
Target Definition using Existing Evidence and Outlier Analysis
Data
Hiding in Journaling File Systems
Evaluating
Commercial Counter-Forensic Software
Evaluating
Commercial Counter-Forensic Tools
File
Hound: A Forensics Tool for First Responders
File
Hound: A Law Enforcement First Response Tool
Realizing
- Risk Sensitive Evidence Collection
Risk
Sensitive Digital Evidence Collection
Reproducibility
of Digital Evidence in Forensic Investigations
Scalpel:
A Frugal, High Performance File Carver
Scalpel:
A Frugal, High Performance File Carver
Monitoring
Access to Shared Memory-Mapped Files
Unification
of Digital Evidence from Disparate Sources (Digital Evidence Bags)
Unification
of Digital Evidence from Disparate Sources
Forensic
Discovery
Network
Forensics Analysis with Evidence Graphs
Survey
of Disk Image Storage Formats
Operation
Ore – The Tip of the Iceberg?
NTFS
Alternate Data Streams
Good
Practice Guide for Computer based Electronic Evidence
Volume
Serial Numbers & Format Verification Date/Time
Authenticating
Evidence of Internet Chat Room Logs Recovered From A Hard Drive
Performing
an Autopsy Examination on FFS and EXT2FS Partition Images - An
Introduction to TCTUTILs and the Autopsy Forensic Browser
Open
Source Digital Forensics Tools: The Legal Argument
A
Hardware-Based Memory Acquisition Procedure for Digital Investigations
A
Hardware-Based Memory Acquisition Procedure Procedure for Digital
Investigations
Is
that a Felony on Your Computer?
The
Metasploit Framework - A DigitalDefence Technical Note
Computer
Forensics: An Approach to Evidence in Cyberspace
Principles,
Practices and Procedures: an Approach to Standards in Computer
Forensics
Data
Reduction - Refining the Sieve
Enterprise
Investigations: Tools and Techniques
Digital
Fraud Examination
Developing
Computer Forensics Solutions for Terabyte Investigations
What
is a Forensic Network?
Where
Data Resides – Data Discovery from the Inside Out
Unofficial F.I.R.E.
FAQ
The
Forensic Chain-of-Evidence Model: Improving the Process of Evidence
Collection in Incident Handling Procedures
Design
of a Network-Access Audit Log for Security Monitoring and Forensic
Investigation
FIRESTORM:
Exploring the Need for a Forensic Tool for Pattern Correlation in Windows
NT Audit Logs
Incident
Handling: Where the Need for Planning is often not Recognised
Forensic
Computing from a Computer Security Perspective
Can
digital detectives undo paper shredding?
What
Forensic Analysts should know about NT Alternate Data Streams
Database
Record Extracting
What
Time Is It? The Problem (MAC File Times)
What
Time is it? The Problem
Data
Integrity: How to Authenticate Your Electronic Records
Forensic
Analysis with F.I.R.E.
Digital
Forensic
An
Introduction to Computer Forensics
Forensic
Overview
Computer
Evidence - Collection and Preservation and Submission
DERBI: Diagnosis, Explanation and Recovery from Computer
Break-ins
Robots,
Wanderers, Spiders and Avatars: The Virtual Investigator and Community
Policing Behind the Thin Digital Blue Line
Policing
Cyberspace
CIOIM
Supplement: Digital Officer Safety
Incident
Response Checklist
Computer
Forensics Applied to Windows NTFS Computers
Statement
on the Budget Leak Investigation
Defensive
Battle Stations In Network-Centric Warfare: Rapid-Response Cyber
Forensics
The Electronic Evidence
Information Center
Strengthening the
collaboration between the Investigator and the Information System Manager
Through Methodical Computer Traces Management
E-Sleuthing and the
Art of Electronic Data Retrieval - Uncovering Hidden Assets in the Digital
Age: Part III
Good to the Last
Byte
E-Sleuthing and the
Art of Electronic Data Retrieval - Uncovering Hidden Assets in the Digital
Age: Part I
E-Sleuthing and the
Art of Electronic Data Retrieval - Uncovering Hidden Assets in the Digital
Age: Part II
Helix 1.7
for Beginners
Methodologies
for the use of VMware to boot cloned/mounted subject hard disk images
eBanking
Forensics
Real-Time
and Forensic Network Data Analysis Using Animated and Coordinated
Visualization
Covert
Channel Forensics on the Internet: Issues, Approaches, and Experiences
Authorship
Analysis in Cybercrime Investigation
Behavior
Profiling of Email
Whodunnit?
Data
Security -
Security
Awareness -
Incident
Handling/Incident Response -
Intrusion
Detection and Prevention -
Logging and
Monitoring -
Security
Architecture -
Monitoring
and Network Forensics at the University of Chicago
Open Source
Security Tools at Maricopa Community Colleges
Data
Security -
Incident
Handling/Incident Response -
Intrusion
Detection and Prevention -
Computer
Forensics Tool Testing (CFTT) Project
http://www.educause.edu/LibraryDetailPage/666?ID=CSD3383
International
Association of Computer Investigative Specialists
Computer
forensics: Techniques for catching the 'perp' protect company data
Forging an
Anti-terrorism Search Tool
Antiforensic
Tools
Effective
Incident Response Teams: Two Case Studies
Forensic
Overview
Kick-Starting
Forensics at Your School
Detection
and Investigation of Compromised Hosts on Campus Networks
System-Wide
Strategies for Achieving IT Security at the University of California
Cyber
Forensics: Find Out What You Are Missing
Logging
and Monitoring -
Security
Awareness -
Forensics
in Fifteen
Acquisition
& Seizure Procedure
Identification
of Appropriate Technologies, Procedure for Handling & Analysing
Digital Evidence
Cyber
Forensics Tools
Cyber
Forensics - Challenges and Tools
Cyber
Forensics - Challenges, Techniques and Tools
Cyber
Forensics and C-DAC’s Forensic Tools
Forensix:
A Robust, High-Performance Reconstruction System
Information
Leakage and Computer Forensics
Backtracking
Intrusions
Forensic
Plan - A technical guide to aid in the preservation of digital evidence
following a computer security incident
Incident
Response Plan - A technical guide to aid in preparing for, detecting and
responding to computer security incidents
Planning
for Failure: Developing an Effective Incident Response Plan for HIPPA
Compliance
Computer
Forensics - A digital approach to Investigating Computer Crime
Warning!
Microsoft Word stores hidden information about you
A
Comprehensive Approach to Digital Incident Investigation
Conducting
Incident Post Mortems
Forensic
Analysis of Risks in Enterprise Systems
Structured
Investigation of Digital Incidents in Complex Computing Environments
Computer
Forensics as an Integral Component of the Information Security
Enterprise
Digital
Privacy Considerations with the Introduction of EnCase Enterprise
Evidentiary
Authentication within the EnCase Enterprise Process
Inside
EnCase Enterprise Edition (EEE) - The EnCase Enterprise Security
Protocol
FastBloc
Validation
Grant
Funding for Computer Forensics Software and Training
Comments
on NIST Test Results for Disk Imaging Tools: EnCase 3.20
Validation
Testing of the EnCase Restore Process in Windows
Internal
Computer Investigations as a Critical Control Activity Under
Sarbanes-Oxley
Date,
Time, and Zone Examination
Can
Computer Investigations Survive Windows XP?
Hash Sets for
Hacker Tools
Creating
Hash Sets Manually
Hash
Sets and Their Proper Construction
Be
Prepared for Computer Forensics
Developing
a Response Plan for Computer Forensics
Sawing
Linux Logs with Simple Tools
Investigating
Internet Histories with Internet Explorer 6
Investigating
Internet Histories with Netscape Navigator 6
Investigation
Internet Usage
A
case study in security incident forensics and response (Part 1)
A
case study in security incident forensics and response (Part 2)
Shell
Game
Best
Practices: Collecting Computer Forensic Evidence
Honeypot-based
Forensics
Regional
Computer Forensic Laboratories
Do's and
Don'ts of Forensic Computer Investigations
Part
Two: A Forensics Inquiry, Step by Step
Cyber
Crimes & Cyber Forensics
5
Common Mistakes in Computer Forensics
Forensik
Toolkits
Guidelines for
Evidence Collection and Archiving
FBI Criminal Justice
Information Services Division - LEO (Law Enforcement OnLine)
Digital
Evidence: Standards and Principles
An
Overview of Steganography for the Computer Forensics Examiner
Recovering
and Examining Computer Forensic Evidence
Information
Assurance Applied to Authentication of Digital Evidence
Forensic
Science Communications Magazine
Handbook of
Forensic Services
Downloading:
Using Computer Software as an Investigative Tool
Investigative
Uses of Computers: Analytical Time Lines
Law
Enforcement Training Manual
Digital
Evidence Impact on Investigations and Audits
Forensic
Implications of Identity Management Systems
File Extensions
Windows/OS2/Apple/UNIX
Using
Computer Forensics When Investigating System Attacks
No
Thanks for the Memories
Computer
Intrusion Investigation Guidelines
Computer
Forensics Gear
Inquiry into
Terrorism Detention Powers
Computer
Forensics - As part of a security incident response plan
Online
Forensics of Win32 System Guide
Computer Forensics
Analysis Class Handouts
Forensics
of a Windows system
Cyber
Crime and Cyber Terrorism
Computer
Forensics and the ATA Interface
Live
Forensics on a Windows System: Using Windows Forensic Toolchest (WFT)
Forensic
Analysis: Windows Forensic Toolchest (WFT)
Windows
Forensic Toolchest
Computer
Forensics for ISPs (20MB PDF file)
Digital
Investigation FAQ
Extracting forensic
evidence from biometric devices
Forensics
(Procedures)
Building
a Computer for Forensics
Cracking
Windows 2000 And XP Passwords With Only Physical Access
Making
sense of Windows Install Dates and Times
Windows
Installation Timestamps
Forensic
Accounting - the recorded electronic data found on Computer Hard Disk
Drives, PDAs and numerous other Digital Devices
Data
Forensics - The smoking gun may be a click away
Computer
forensics software, an introduction
Dissecting
NTFS Hidden Streams
The Farmer's
Boot CD
Analysis
of hidden data in NTFS file system
Forensic
Analysis of the Windows Registry
Using the
Forensic Server Project
Evidentiary
Value of Link Files
Analyzing
Exchange and mbox e-mail files using Free and Open Source Software
VMWare as
a forensic tool
Digital
Evidence Acceditation
Digital
Evidence Acceditation: Part 2
Compelling
Production of Hard Drives
A
Triad of Collaboration: Internet-Related Investigative Considerations
Prior to the Computer Forensic Application
Virtual
- Reality: A Preliminary Forensic Assessment Relating to Child Pornography
in the Prosecutorial/Defense Effort
Computer Evidence
Processing - Good Documentation Is Essential
Good Documentation
Is Essential
Data Validation
using the MD5 Hash
Hard Disk Drives -
Bigger Is Not Better: The Computer Forensics Dilemma
Hard Disk Drives -
Bigger is Not Better
Shadow Data - The
Fifth Dimension of Data Security Risk
Processing Flash
Memory Media
Processing Flash
Memory Media
Identity Theft -
Computer Forensics To The Rescue
Electronic
Monitoring: How Far Can You Go?
Computer Evidence
Comes Of Age
Electronic
Fingerprints - Computer Evidence Comes Of Age
Defending Against
Junk Science Attacks
Forensic Computing
as applied to the current practice of Medicine
Law Enforcement
Liabilities with Computer Evidence
Law Enforcement and
the Internet - A New and Powerful Resource for Law Enforcement
Agencies
Computer Evidence
Processing
Law Enforcement
Computer Evidence Seizure
Preservation of
Computer Evidence
The Third Step -
Preserve the Electronic Crime Scene
Electronic Document
Discovery - A Powerfull New Litigation Tool
Electronic Document
Discovery: A Powerful New Litigation Tool
Identifying
Internet Activity - Computer Forensics Goes To Cyberspace
Junk Science Legal
Challenge Explained
Computer
Evidence Processing Steps
Classified Data
Identification & Data Elimination Guidelines
Collecting And
Preserving Electronic Media
Effective
Data Searches
The
Essentials of Computer Based Discovery
Everything You
Wanted to Know About Email Discovery, But Were Afraid to Ask
The Expert's
Role in Computer Based Discovery
Where
Litigation Support Ends and Electronic Discovery Begins
Lost? No.
Found? Yes. Those Computer Tapes and Emails are Evidence
Building
a Computer Forensics Laboratory
Building
a Business Case for Computer Forensics
Forensic
Fieldwork: Experience Is the Best Teacher
Forensic
Methodologies: A Computer Forensic Professional’s Compass!
Learning
the Computer Forensic Way
Animated Hard Drive Recovery
& Physical Rebuilds
Forensics
Wiki
The
Forensic Lifecycle
CSI:
Cyberspace Investigations, Evidence, And Forensics in the Digital
World
TOC,
Introduction, and Chapter 8
Initial Response
to Windows NT/2000
Forensic
Analysis of Internet Explorer Activity Files
Design
and Implementation of a Remote Forensics System
Computer Forensics for
Attorneys
Cyber
Investigations
Forensic
and Anti-Forensic Computing
Computer
Forensic Text Analysis with Open Source Software
How
to use Helix to conduct a Basic Incident Response on a Windows XP
Professional SP2 Computer
The
Critical Challenges from International High-Tech and Computer-Related
Crime
Digital
Forensics and Corporate Investigations
Computer
Forensics: The Issues and Current Books in the Field
File
Signatures Table
Gary
Kessler's Cybercrime and Cyberforensics-related URLs
Sam
Spade: A Multifunction Information Toolkit
Linux Magic
Numbers (Red Hat)
The
challenge of electronic evidence: the European response
Computer
Forensics - Integrating Technical and Procedural Tasks
GIAC
Certified Forensic Analysts (GCFAs) Practical Assignments - Approved
Papers
Forensic
Analysis of a Windows 95 System
ISObuster
as a Forensic Tool
GCFA
Practical Assignment
A
Forensic Tool Validation of the Coroner's Toolkit's mactime
Norton
Ghost 2003 as a Forensic Image Acquisition Tool
Analysis
of LOKI2, Using mtree as a Forensic Tool, and Sharing Data with Law
Enforcement
Becoming
a Forensic Investigator
Oracle
Database Forensics using LogMiner
Forensic
UNIX Initial Response Script and CDROM – Collect the evidence that will be
lost by disconnection or shutdown
Responding
and Investigating a Unix Incident with Risk Analysis and Steps to Secure
the System
How
to use Forensic Toolkit v2.0 on Windows NT 4.0 Server
Computer
Security Incident Response Procedures: Do You Need One? You Bet You
Do!
Techniques
for Identifying the Threat to your Systems from Researching the Apparent
Source of an Attack
The
Coroners Toolkit: A Handy Suite of Utilities
Incident
Handling: The Art of Containing Compromised Information
Disaster
Recovery Planning with a Focus on Data Backup/Recovery
Incident
Reporting & Automation
Computer
Forensics - An Overview
Computer
Incident Response and Computer Forensics Overview
Computer
Forensics
Legal
Aspects of Collecting and Preserving Computer Forensic Evidence
Internal
Investigations - Procedures and Techniques: An Overview
Windows,
NTFS and Alternate Data Streams
Maintaining
the Forensic Viability of Logfiles
Unix
Secure File Deletions
Computer
Forensics
Investigating
One Incidence of Anomalous Network Traffic
Analysis
of Computer Forensics
Computer
Forensics
Biatchux:
A New Tool for Incident Response
First
Responders: Training Scene of Computer Crime Investigators
Obtaining
And Protecting Electronic Information For Prosecution Purposes
An
Introduction to The Coroners Toolkit
Network
Forensics Analysis Tools: An Overview of an Emerging Technology
Running
an IT Investigation in the Corporate Environment
Making
a case for reporting and prosecution of a cyber incident
Windows
Forensic How-to: Incident Response Plan for Abuse of Corporate Assets
Steganalysis:
Detecting hidden information with computer forensic analysis
Computer
Forensics: An Emerging Practice in the Battle Against Cyber Crime
A
Case for Forensics Tools in Cross-Domain Data Transfers
Forensic
acquiring and analysis
Computer
Forensic Software in a Corporate Environment
Electronic
Discovery and Computer Forensics
Defending
Against Misuse of Forensic Analysis Tools on Windows Systems
Where
Data Hides and Resides - Understanding Hidden Data in Windows
Criminal
Forensic Investigations Use of Supportive Presentation Tools In a
Successful Investigation
Keystroke
Logging Investigation
Downloads,
Logs and Captures: Evidence from Cyberspace
Innovation
and Legal Acceptability in Computer Forensics
Intrusion
Detection Systems as Evidence
Digital
Footprints: Assessing Computer Evidence
State
Machine Theory of Digital Investigations
State Machine Theory
of Digital Forensic Analysis
PC Forensics
Analysis
The
Certified Computer Examiner Certification
Is
That Data Gone Forever?
Computer
Evidence Processing
Evidence
Processing: Computer Autopsy
Handheld
Forensics: Palm and Beyond
Mobile
Device Insecurity
pdd:
Memory Imaging and Forensic Analysis of Palm OS Devices
Mobile
Device Security page - small collection of tools
Time: the
Currency of Computer Crime
System
Rescue with Knoppix
Digital
Media Investigations
Starting your own
Computer Forensics Company
Computer
Forensics as an Integral Component of the Information Security
Enterprise
Digital
Privacy Considerations With the Introduction of EnCase Enterprise
Evidentiary
Authentication Within the EnCase Enterprise Process
FastBloc
(Guidance Software) Validation Document
New
Incident Response Best Practices
Steganography-based
Forensic Techniques Using EnCase® 4.0
Date,
Time, and Time Zone Examination
Can
Computer Investigations Survive Windows XP?
How
to Image RAIDS
Audit
trails are vital for post-compromise investigations
Identifying
a deleted account
Handbook
of Computer Crime Investigation
Computer
Forensics [and Divorce]
Protocols
for the Recovery, Maintenance and Presentation of Motor Vehicle Event Data
Recorder Evidence
Event Data Recorder
Case Law
List of
all vehicles with EDRs
Free
Tools for Investigating PC Hacks
Using
Helix for Recovering from PC Hacks
Using hash values to
identify fragments of evidence
The use of Levenshtein
distance in computer forensics
A Police
Officer’s Guide: Seizure, Handling and Storage of Computer Evidence
Quick Reference
Guide: [Disclosure of] Stored Wire and Electronic Communications
Email
Forensics - Who has user X been communicating with
Challenges Posed by
Digital Evidence
Forensic
Analysis of Hacking Cases
Forensic
Analysis of Hacking Cases
Cyber Crime and E
Cyber Crime and E-commerce
'Cyber-Crime
& Digital Evidence' Seminar Materials
Forensic
Computing and Digital Evidence
Mobile
Phone Forensic Examination - Basic Workflow & Preservation
Good Practice Guide
for Mobile Phone Seizure & Examination
The Honeynet
Project's Forensic Challenge
Playing Hide
and Seek, Unix style
Scan of the month -
Scan 24
Scan of the month -
Scan 26
Filesystem
Integrity Tools
Intrusion Detection
Resources at Honeypots.net
Evidentiary
Benefits of Write Once-Read Many ("WORM") Optical Disk Storage for Records
Management
http://www.htcia-mountainstates.org/palmosacquisition.pdf
Search, Seizure and
Production Orders Considering the Privacy Environment
Key
Registry Locations
Detecting
& Collecting Whole Disk Encryption Media
The Art, Science &
Practice of Digital Evidence
High Technology Crime Investigation
Association
Directors
and Corporate Advisors’ Guide to Digital Investigations and Evidence
Directors
& Corporate Advisors' Guide to Digital Investigations and Evidence
Forensic
Procedures
Legal
Methods of Using Computer Forensics Techniques for Computer Crime Analysis
and Investigation
High
Technology Crimes
Collecting
Forensic Evidence
Collecting
Forensic Evidence
Internet Crime Complaint Center
(IC3)
Forensic
Footprints: Investigations in Cyberspace
Electronic
Evidence - Gathering and Presenting Electronic Data for Evidentiary
Purposes
Basics
of Computer Forensics
Issue of
newsletter devoted to 'Computer Crime'
High-Tech
Evidence Gathering: Tapping into the Computer Criminals
Forensic
extraction of electronic evidence from GSM mobile phones
FLUX:
A Forensic Time Machine for Wireless Networks
FLUX:
A Forensic Time Machine for Wireless Networks
Simple
Law Enforcement Monitoring
The New
De-Tech-Tives
Intrusion
Detection as a Network Forensic Tool
Conducting
Investigations in Today's Electronic World
Computer
Forensics
International Information Systems
Forensics Association (IISFA)
The
Enemy Without.. The Enemy Within.. ‘Poisoned’ e-mails can be traced back
to their creators
Forensic
Examination of Log Files
What to
Do After the Break-in: Preparing an Incident Report for Law
Enforcement
Security
Essentials Toolkit: Forensic Backups
Security
Essentials Toolkit: Forensic Backups
The
Role of Computer Forensics in Stopping Executive Fraud
Security
Reference Guide
Maintaining
The Digital Chain of Custody
The
Evidential Value of Email
Creating
an Incident Response Team
Incident
Response and Analysis
Bucking
Conventional Forensics Wisdom
Analyze
This!
Antiforensics:
The Looming Arms Race
So
Much Evidence... So Little Time
A
Novel Approach to Computer Crime
Autopsy
of a successful intrusion (well, two actually)
Cookie
Dethroning.::DEMYSTIFIED Part A
Cookie
Dethroning.::DEMYSTIFIED Part B
Magnetic
Data Recovery – The Hidden Threat
Fundamentals
of Storage Media Sanitation
Computer
Forensics For Law Enforcement
The
Dark Side of NTFS (Microsoft’s Scarlet Letter)
How to
Investigate Computer Intrusions: A Checklist
Handling
Digital Evidence
Advanced
Forensic Concepts
Network
Forensics Primer
Computer
Forensics
Computer
Crime Investigations: A Lo-Tech Practical Approach
Computer
Sleuth - Beating down the evidence trail with computer forensics
Principal
Current Data Types
Report
on Digital Evidence
Report
on Digital Evidence
Best
Practice Guidelines for Examination of Digital Evidence
Conference
Proceedings: 1999 - 2002
Computer-Based
Discovery and Risk Control
Computer
Forensics
Auditing Tools for
Use in Forensic Investigations
Incident
Response and Digital Forensics
Computer
Forensics
Computer
Forensics 101
Incident
Response and Network Forensics
Forensic
Computing
The
Computer Forensics and Cybersecurity Governance Model
IS
Auditing Guideline: Computer Forensics
Computer
Forensics 101 & Incident Response
Incident
Response and Computer Forensics
Forensic
Computer Investigations & Data Recovery
Probing
into Digital Image Tampering
Computer
Forensics
Hacking,
Handling and Investigation Experience Sharing
Computer
Forensics Glossary
Computer
Forensics Part 1: An Introduction to Computer Forensics
Computer
Forensics Part 2: Best Practices
Forensic
Computing and Coroner's Tools
An
open architecture for digital evidence integration
Security
Tools for the Budget Conscious ISP, Part III: Analysis and Forensics
Incident
Response and Forensics
Computer
Security Incident Response Planning
Performing
a Forensic Investigation
Law
Enforcement Tools and Technologies for Investigating Cyber Attacks: Gap
Analysis Report
Law
Enforcement Tools and Technologies for Investigating Cyber Attacks
Cyber
Attack Investigative Tools and Techniques
Computer
Forensics Lecture Handouts
Basic
Windows Intrusion Detection and Forensics
Timestamps in Digital
Forensics
An
Investigation of Computer Forensics
Improving
Government-Wide Emergency Response to Cyber Incidents
Packet
Sniffing for Automated Chat Room Monitoring and Evidence Preservation
Efficient
log authentication for Forensic Computing
Real-Time
and Forensic Network Data Analysis Using Animated and Coordinated
Visualization
Fileprints:
Identifying File Types by n-gram Analysis
The
Need for a Technical Approach to Digital Forensic Evidence Collection for
Wireless Technologies
Embedding
Forensic Capabilities into Networks: Addressing Inefficiencies in Digital
Forensics Investigations
File
Type Identification of Data Fragments by Their Binary Structure
Foundations
for Visual Forensic Analysis
Introduction
to Computer Forensics
Halcrow Group
Ltd MIS Computer Forensic Procedures
Ethereal:
Analysis on a Budget
Distributed
Cyber Forensics (pages 10-13)
Handling
evidence after an 'incident'
Joint Council on Information Age Crime
(JCIAC)
Combating High-Tech
Crime in California: The Task Force Approach
Computer-Related
Crime Impact: Measuring the Incidence and Cost
Creating a
National Framework for Cybersecurity: An Analysis of Issues and
Options
Report
on the Digital Evidence Needs Survey Of State, Local and Tribal Law
Enforcement
Computer
& Insider Crime: Problems & Solutions
Open
Source in Computer Forensics
Simple
but Sound Tools for First Responders
Web
Forensics
Inappropriate
use of computers - the technical investigation process
Inappropriate
Use of Computers - The Technical Investigation Process
The
Fight against Cyber-Crime: The Need for Special Training on Digital
Evidence
Evidence
Preservation
Examine
a Unix Box for Possible Compromise
Rethinking Computer
Management of Sex Offenders Under Community Supervision
Use of
Dates and Times in Forensic Exams/Investigations
Principles of Digital
Forensics as applied to Law Enforcement
Digital
Photographs (in the courtroom)
Handling
Digital Photographs for Use in Criminal Trials
System
Forensics
Electronic
Data Discovery Unleashed
Examining
the Data - A beginners guide to computer-based evidence
Two Views
from the Data Mountain
An
Emerging Challenge For Law Enforcement
Real-Time
Forensics Strategies: An Executive Briefing
Pre-Forensic
Setup Automation for Windows 2000
Electronic Data
Discovery Primer
Bringing
the Cyber-Criminal to Justice: An Essay for the Technologically
Impaired
Computer
Forensics
Computer
Forensics & Electronic Discovery
Learning
from what Intruders Leave Behind
Formalizing
Computer Forensic Analysis: A Proof-Based Methodology
Knoppix
Bootable CD Validation Study for Live Forensic Preview of Suspect's
Computer
Using
Linux, VMware and SMART to create a Virtual Computer to Recreate a
Suspect's Computer
Intro
to Linux for Cyber Crime Investigators and Computer Forensic Examiners
Knoppix
First Responders Guide
KNOPPIX
Bootable CD Validation Study for Live Forensic Preview of Suspects
Computer
The
Law Enforcement and Forensic Examiner Introduction to Linux - A Beginner's
Guide
The
Penguin Sleuth Kit
The
Coroner’s Toolkit
Sleuthkit, the
Digital Forensic Toolkit
Autopsy
and Sleuthkit, the Digital Forensics Toolkit - The Tracker Dog’s Guide
Undeleting Files in
the Linux OS
Responding to a
Security Incident
A
Palmtop For The Prosecution
Expert
vs. Expertise: Computer Forensics and the Alternative OS
Making
It Big: Large Scale Network Forensics (Part 2 of 2)
Making
It Big: Large Scale Network Forensics (Part 1 of 2)
Linux
Data Hiding and Recovery
FTP
Attack Case Study Part I: The Analysis
FTP
Attack Case Study Part II: The Lesson
First
Responder's Manual
FAQ:
Firewall Forensics (What am I Seeing?)
LINX
Best Current Practice - Traceability
Working With Obsolete
Data
Computer
Forensics
Cybercrime and
Computer Related Forensic Investigations
Enscript v3
Tutorials
Your Pal,
Enscript
Incident
Analysis of a Compromised RedHat Linux 6.2 Honeypot
Methods of Data
Transportation
Macintosh
Forensics
Electronic
Crime: Trends, Collection, Analysis
Computer
Forensics; What You Need to Know
Beginners
Guide to Linux Forensics
Introduction
to The Sleuth Kit (TSK)
Introduction
to Linux Forensics
Investigation into
the Removal of Records and Erasure of Computer Files from the Former
Mayor's Office
Ten
Forensics Toolkit
The Coroner's
Toolkit
Presentations/Forms/Publications
- Internet Safety page
Several
presentations and publications
Defeating
Forensic Analysis
Bleeding-Edge
Anti-Forensics
Hackers,
Crackers, E-Fraud & Forensics
Frequently
Asked Questions about The Coroner's Toolkit
Cyberspace
Detectives Employ Intrusion Detection Systems and Forensics
Automated
diagnosis for computer forensics
Maintaining
Forensic Evidence for Law Enforcement Agencies from a Federation of Decoy
Networks: An Extended Abstract
Using
Computer Forensics in Investigating Internal Abuse
When When
things goes wrong: Digital Forensics Essential
Computer
Crime and Computer Fraud
Computer
Crime Investigation & Computer Forensics
Importance
of a Standard Methodology in Computer Forensics
Step
Away from the Keyboard!
Challenges
for Law Enforcement in Forensics
Hard
Challenges for Digital Forensics
Computer
Forensics
Incident
Response and Forensics: A Look Inside a Hacked Box
Computer
Searches and Seizures: Some Unresolved Issues
Logging
and Log Analysis - The Essential
The
Fallacy of Software Write Protection in Computer Forensics
More Than CSI: High-Tech
Crime Investigation
Computer
Crime Point-of-Contact (CCPC) list
Cyber
Evidence Collection..a Major Challenge to Law Enforcement in India
Data
Capture..key challenge in Cyber Evidence Management
Reasons
to Challenge Digital Evidence and Electronic Photography
Interception
Technology
A
Computer Forensic Methodology for Ireland
Computer
Forensics
Documents and Meeting
Materials
Part 2
Part 1
Designing
a Computer Forensics Course for an Information Assurance Track
Electronic
Forensics Education Needs of Law Enforcement
Teaching
Computer Forensics: Uniting Practice with Intellect
Crime Scene
Investigation: A Reference for Law Enforcement Training
Electronic
Crime Scene Investigation - A Guide for First Responders
Forensic
Examination of Digital Evidence: A Guide for Law Enforcement
Test Results
for Disk Imaging Tools: EnCase 3.20
Test Results
for Disk Imaging Tools: SafeBack 2.18
Test Results
for Disk Imaging Tools: dd Provided with FreeBSD 4.4
Test Results
for Software Write Block Tools: RCMP HDL V0.8
Search
and Seizure in Cases of Computers and Child Pornography
Steganography:
Implications for the Prosecutor and Computer Forensics Examiner
"Computers
are like Filing Cabinets…" Using Analogy to Explain Computer Forensics
Some
Golden Rules for Investigating On-Line Child Sexual Exploitation
Burglar
Alarms for Detecting Intrusions
Investigating
Network Intrusions
The Top EnCase Tech
Support Questions & What’s new at Guidance Software?
Linux OS, Networking
and Forensics
Linux OS, Networking
and Forensics
Search
Warrants Computers & Digital Evidence
Internet
Undercover Operations
Bootable
CD-Rom Linux Security Toolkits
Forensic
Computing
Forensic
Computing
Distributed
Attacks and CISCO Net Flow Logs
Correlating
Evidence
Forensic
Computer Investigations
Mobile
Forensic Platform
Computer
and Network Investigations
Netmon forensic
tools and tips
Security
Information Management Tools: NetForensics Leads a Weary Fleet
Network
Forensics - CSI: Enterprise
Network
Forensics Tools
Workshop:
Recovering From an Attack
Emerging
Technology: Taking A Byte Out Of Crime
Digital
Forensics Curriculum Consortium
Email
traffic patterns can reveal ringleaders
Incident
Response & Computer Forensics
Computer
Forensics
An
Introduction to Forensic Readiness Planning
Computer
Forensic Tools
Innovative
Techniques to Manage Sex Offenders in the Community
Implementing
Policies and Procedures for Effectively Supervising CyberOffenders: U.S.
Probation Department-EDNY
Sex
Offender Computer Examinations
NIJ’s
Electronic Crime Program: An Overview
Project
Internet Forensics
Computer
Forensics and the Arrest of BTK
Hidden Data
Instant
Messaging: Newest E-Discovery Frontier?
Computer Crime and
Security Survey 2004
Challenges
in Forensic Computing
Computer
Forensics Course Material: Note Sets
Identification
of Known Files on Computer Systems
Unique
File Identification in the National Software Reference Library
Update to
"Using File Hashes to Reduce Forensic Analysis"
Effectiveness
of Hash Sets
Selection of
Hashing Algorithms
Digital
Forensics Using Hashsets - National Software Reference Library
Digital
Forensics - Using Perl to Harvest Hash Sets
Computer
Crime, Response and Investigation
Incident
Response
Computer
& Network Forensics
National White Collar Crime Center
(NW3C)
Security
Warrior: How to Tell if you Unix System is Hacked
Computer
Forensics Methodologies
Computer
Forensics for Litigation Support
Internal
Investigation Case Studies
Computer
Forensics
A
Palmtop for the Prosecution
Responding
to Security Incidents on a Large Academic Network: A Case Study May 2003 –
October 2005
Forensics and
the Emerging Importance of Electronic Evidence Gathering
The
Role of Computer Forensics in Law Enforcement
Cyber Crime Evidence
(Computers)
How to Use iLook
Investigator v7.0
The
New Zealand Hacker Case: A Post Mortem
The
SMS Murder Mystery: The dark side of technology
Incident
Response Toolkit
NIJ
Technology Program Publication Collection: Electronic Crime
Use A Linux Bootable
CDROM to Image Your Hard Drive
Checking
System Integrity with Tripwire
Data
Mining Email
Policing the
Digital Frontier
Incident
Response: Chapter 7 - Tools of the Trade
Network
Forensics: Tapping the Internet
“Every
Contact Leaves a Trace”: Computers Forensics and Electronic Textuality
Cybercrime at
Packet-Level Part 1
Cybercrime at
Packet-Level Part 2
Advanced
Packet Analysis
Case
Studies in Implementing Packet-Level Analysis-based Security Solutions
Introduction
to Network and Local Forensics
Analysis of a Compromised
Honeypot
Email
Forensics
Discovering
passwords in the memory
Incident Handling /
Forensics FAQ
Filesystem Hierarchy
Standard
Sherlock
in Linux
Sherlock is
Back
Data
Reduction For Streamlining E-Discovery
Computer
Forensics: Chain of Evidence Collection Tools Does Matter (page 3)
Defeating
Forensic Analysis on Unix
Advanced
Antiforensics
Computer Cop
Prophile
Forensic Computer
Examination
First
Responder - Collection and preservation of evidence
Basic
Computer Forensic Concept
Technology
Crime and Computer Forensics
Honeypot: Hacker
Tracking and Computer Forensics
Technology
Crime Investigation in Hong Kong
Pinpointing
and Locating Data on Digital Media
Got
a Virus? Don’t Call a Doctor, Call a Cop
Computer Forensics
Analysis
Forensic
Discovery
Forensic
Discovery - Online version
Computer
Forensics Analysis Class Handouts
Guide for the
preservation of computer based evidence following an unauthorised
intrusion
Electronic
Data Discovery and Data Forensics - The Identification and Collection of
Electronic Files
Electronic
Data Discovery and Data Forensics
Sharing
Network Logs for Computer Forensics
Incident
response and fraud investigation – the role of the information technology
auditor
Computer
Forensics & Ethical Hacking
Resolve Corrupted Cache
Problem
Index.Dat Files and
Primary I.E. Folders
Problem Clearing
Internet Explorer's History Data
Inside
the e-Nigma
RAC
Computer Forensic Institute Annual Report
The
Application of Intrusion Detection Systems in a Forensic Environment
(Extended Abstract)
Wonders
of 'dd' and 'netcat' :: Cloning Operating Systems
RCFL: Regional Computer Forensics
Laboratory
Building
FBI computer forensics capacity: one lab at a time
Hard
Drive Secure Information Removal and Destruction Guidelines
Chapter
11. Incident Response
Proactive
& Reactive Forensics
Reto
de Análisis Forense
Digital
Forensic Reconstruction and the Virtual Security Testbed ViSe
Electronic
Fingerprints: Computer Evidence Comes of Age
Here's How to Avoid
Nasty Bytes
XMeta:
a Bayesian approach for computer forensics
Network
Monitoring and Forensics
Guidelines
for Evidence Collection and Archiving
Forensic
Examination of a RIM (BlackBerry) Wireless Device
Lakewood
PD Digital Policy
The
Coroner's Toolkit
Computer
Forensics - Handling an Incident
Anti-Forensic
Rootkits
Hit
by a Bus: Physical Access Attacks with Firewire (and its use for Computer
Forensics)
Language
and Gender Author Cohort Analysis of E-mail for Computer Forensics
Emerging
Problems in Forensic Computing
Introducing
Digital Forensics
Digging
for computer dirt
Tales from
the Abyss: UNIX File Recovery
Recovering
Deleted Files in Linux
The
Foremost Open Source Forensic Tool
Linux
Memory Forensics
Linux
Memory Forensics
NTFS
Compression - A Forensic View
Network
Forensics Analysis
Intrusion
Detection FAQ
Catching
Intruders with SNARE [Honeypot]
A Case for
Forensics Tools in Cross-Domain Data Transfers
MacIntosh
Forensic Analysis Using OS X
Detailed
Forensic Procedure for Laptop Computers
Logfile
Analysis: Identifying a Network Attack
Writing a
Computer Forensic Technical Report
Windows
Responder’s Guide
Developing a
Computer Forensics Team
Identify
Intrusions with Microsoft Proxy Server, Web Proxy Service and WinSock
Proxy Service Log Files
Secure
File Deletion, Fact of Fiction?
Nailing
the Intruder
Successful
Partnerships for Fighting Computer Crime
Adventures in
Computer Forensics
Investigating
an Internal Case of Internet Abuse
An
Overview of Disk Imaging Tool in Computer Forensics
Combating
Computer Crime
From
Events to Incidents
Computer
Forensics: Introduction to Incident Response and Investigation of Windows
NT/2000
Computer
Forensic Legal Standards and Equipment
The
Coroners Toolkit - In depth
The
Coroners Toolkit - In depth
Computer
Forensics - We've had an accident, who do we get to investigate?
What You
Don't See On Your Hard Drive
A
Break-in Analysis on a Red Hat Linux 6.2 Machine
Forgetting to
Lock the Back Door: A Break-in Analysis on a Red Hat Linux 6.2 Machine
Building
a Low Cost Forensics Workstation
Security
Applications of Bootable Linux CD-ROMs
Linux
RootKits for Beginners - From Prevention to Removal
Deleting
Sensitive Information - Why Hitting Delete isn't Enough
Non-Malicious
Destruction of Data
Using
Fport on Windows NT to Map Applications to Open Ports
Beyond
Conventional Terrorism: The Cyber Assault
netForensics® – A
Security Information Management Solution
Interfacing with
Law Enforcement FAQ - For Incident Handlers
Interfacing with
Law Enforcement FAQ
5 Ways
to FIRE up Your Incident Response and Forensic Environment
Contacting Host
Owners
Examine a Unix Box for
Possible Compromise
Geeks with Guns, or How I
Stopped Worrying and Learned to Love Computer Evidence
Beyond the
Usual Suspects - Finding Data in Secret Spots
Caught in the
'Net' - How Law Enforcement Uses Computer Forensics in Modern
Investigations
Cyberclues -
Making the Case for Using Computer Evidence
Forensic
Preparation
Questions
About the Future
Should
a Corporation Report a Breach to Law Enforcement?
Preparing
for the Unexpected: Is it Possible?
Secure Audit
Logs to Support Computer Forensics
Foundations
of computer forensics: A technology for the fight against computer
crime
A
Structured Approach to Harddisk Encryption
The Continuing
Evolution of Computer Forensics
CATCH
Project Description
Forensics
For System Administrators
Principles-Driven
Forensic Analysis
Coroner's
Toolkit: An Introduction
Creating
a Cell Phone Investigation Toolkit: Basic Hardware and Software
Specifications
Collecting
Evidence from a Running Computer: A Technical and Legal Primer for the
Justice Community
Creating
A Forensic Computer System: Basic Hardware and Software Specifications
Viewing
Email Headers
Setting up an
Online Investigative Computer: Hardware, Connectivity and Software
Recommendations
Digital
Anti-Forensics: Emerging trends in data transformation techniques
Digital
Anti-Forensics: Real World Identification, Analysis & Prevention
Interpreting
Network Traffic: A Network Intrusion Detector's Look at Suspicious
Events
Best
Practices for Seizing Electronic Evidence
Industrial Espionage -
The Secret Agents of Fortune
Computer
Evidence Processing Steps
Incident
Response and Forensics in Higher Education Environment
Fighting
Cyber Crime in a Post-9-1-1 World: Yesterday, Today and Tomorrow
Computer
Forensics Course Development
Forensic
Lab Development
Teaching
Computer Forensics Using Student Developed Evidence Files
Defeating
Live Forensics in the Windows Kernel
Part 1: An
Introduction to the Field Guide for Investigating Computer Crime
Part 2: Overview
of a Methodology for the Application of Computer Forensics
Part 3: Search and
Seizure Basics
Part 4: Search and
Seizure Planning
Part 5: Search and
Seizure Approach, Documentation, and Location
Part 6: Search and
Seizure - Evidence Retrieval and Processing
Part 7:
Information Discovery - Basics and Planning
Part 8:
Information Discovery - Searching and Processing
Calling the
CyberCops: Law Enforcement and Incident Handling
Digital Media
Forensics
Digital Media
Forensics
Know Your Enemy: A
Forensic Analysis
NT/2K Incident
Response Tools
Freeware Forensics
Tools for Unix
Freeware Forensics
Tools for Unix
Incident
Management with Law Enforcement
Win2K First
Responder's Guide
Detecting and
Removing Trojans and Malicious Code from Win2K
Footprints in the
Sand: Fingerprinting Exploits in System and Application Log Files
Maintaining
Credible IIS Log Files
Windows Forensics
- A Case Study: Part One
Forensics on the
Windows Platform, Part Two
IDS Logs in
Forensic Investigations: An Analysis of a Compromised Honeypot
Incident Response
Tools For Unix, Part One: System Tools
Forensic Log
Parsing with Microsoft's LogParser
Maintaining System
Integrity During Forensics
Maintaining System
Integrity During Forensics
Incident Response
Tools For Unix, Part Two: File-System Tools
Banking Scam
Revealed
Forensic Analysis
of a Live Linux System, Part One
Forensic Analysis
of a Live Linux System, Part Two
Malware Analysis
for Administrators
Detecting Rootkits
and Kernel-Level Compromises in Linux
Windows NTFS
Alternate Data Streams
A Method for
Forensic Previews
A Method for
Forensic Previews
Web Browser
Forensics, Part 1
Introduction to
Spyware Keyloggers
Web Browser
Forensics, Part 2
Packet Forensics
using TCP
Digital trail led to
accused spy
Creating
a Computer System Incident Response Team
NT
Information Gathering Commands
Search
and Seizure of Computers: Key Legal and Practical Issues
The
Computer Caper
Tips
for Tracking the E-Mail Trail
High-Tech
Holmes
Vulnerability
Identified in Fax Machines and Printers
Linkin' Logs
To Fraud
Dos
and Don’ts for Digital Evidence
Law
Enforcement Tools and Technologies for Investigating Cyber Attacks - A
National Needs Assessment
Playing
in the Devil's Playground
First
Responders Guide to Computer Forensics: Advanced Topics
All
Publications
Digital
Forensics
Digital
Forensics - Finding information that has been lost...
Exploring
Data Generated by Computer Forensic Tools with Self-Organising Maps
Computer
Forensics, Investigations and Security
Compliance,
Response, and the Technology that Drives Them
Investigating and Prosecuting
Network Intrusions
Forensic Computing: A look at
evidence and how to handle it
Apprehending
The Computer Hacker: The Collection and Use of Evidence
Knoppix Data
Recovery Howto
Recovering
Computer-Generated Evidence
Email
Tampering - This Time, The Good Guys Won
Hard-Disk
Risk
A
Web Service for File Fingerprints: The Goods, the Bads, and the
Unknowns
AFF:
A New Format for Storing Hard Drive Iamges
Cross-Drive
Analysis and Forensics
Disk
Sanitization and Cross Drive Forensics
"Complete
Delete" and other Patterns for Information Eradication
The Advanced
Forensics Format Library and Tools
One Big File Is
Not Enough: A Critical Evaluation of the Dominant Free-Space Sanitization
Technique
New Directions
in Disk Forensics
Forensic
Feature Extraction and CrossDrive Analysis
Clean
Delete
Everything
You Need to Know About the Destruction of Information on Computer Hard
Drives
An Advanced
Forensics Format: An Open, Extensible Format for Disk Imaging
Disk Imaging
with the Advanced Forensics Format, Library and Tools
Computer
Forensics
The Sleuth Kit
Informer
Autopsy
Data
Disposal - Gone for Good
To
Catch a Thief: Digital Forensics in Storage Networks
Data
Disposal - Gone for Good
Forensics
& Data Recovery
Forensics
and Data Recovery
An
Example of Mobile Forensics
ICT
Abuse & Digital Forensic Investigations
Unix DD command
and image creation
Windows
Filesystems Recovery
Working
with Images
Intercept
and Intelligence Hopefully Lawful
Image is Everything
Digital
Incident Response, Forensics and Sanitization
Forensic
Analysis
An Experiment in
Forensics Reveals Attacker's Techniques
Forensics
and Privacy-Enhancing Technologies
Forensics:
What to do after the Break-In
Building
a Computer Forensics Education Program
Various File Formats
and How to Deal With Them
Law
enforcement uses high-tech tools to spot Internet crime
Seizing
Computers - Important Considerations
Submitting
Computers for Forensic Examination
Digital Media
Storage -- Facilities and Procedures
The
Computer Forensics Expert Witness - CV, Preparation, Testimony
Computer
Forensics 101
Basic Computer
Forensic for the Private Investigator
Incident
Detection, Recovery and Forensics, Plus a Few Selected Threat Remarks
Live
forensics: diagnosing your system without killing it first
Standardizing
digital evidence storage
21st
Century Forensics: Searching for the 'Smoking Gun' in Computer Hard
Drives
Ambiguities
in US law for investigators
Digital
Forensics: Sleuthing on Hard Drives and Networks
Investigating
Sophisticated Security Breaches
Tool
review – remote forensic preservation and examination tools
Choosing
Hardware for a Computer Forensics Lab
Copy,
Paste and Reveal
Real
Evidence, Virtual Crimes: The Role of Computer Forensic Experts
Network
Traffic as a Source of Evidence: Tool Strengths, Weaknesses, and Future
Needs
To
Cache a Thief: How Litigants and Lawyers Tamper with Electronic Evidence
and Why They Get Caught
Tool
review - WinHex
Dusting for
digital fingerprints
Tool Review -
WinHex
A
Mechanism for Automatic Digital Evidence Collection on High-Interaction
Honeypots
Processing
Flash Memory Media
Using Digital Evidence
To Ferret Out The Dishonest Employee
The
Solaris Fingerprint Database - A Security Tool for Solaris Operating
Environment Files
Incident Response and
Computer Forensics
The
Network-Centric Incident Response and Forensics Imperative
Cybercrime
in Canada
Cyber
Crimes
Cybercrime and
Computer Forensics
Fingerprinting
Your Files
Implementing
a Forensic Response Unit
Advances
in Data Hiding Effects on Computer Forensics
Bates
Numbering - What’s in a number anyway?
Developing
Corporate Policies in Support of Computer Forensics
Auditing
Cisco Routers
Risk
Sensitive Evidence Collection
Digital
Discovery: It’s more than email
Drive
Math
Exchangeable
Image File Format (ExIF)
Windows
File Header Signatures
Case
Study: Using Security Audits as an adjunct to Computer Forensics
Computer
Forensics; Collection, Analysis and Case Management using ProDiscover
Hexadecimal
Flags for Partition Types
Procedural
Aspects of Obtaining Computer Evidence with Highlights from the DoJ Search
& Seizure Manual
Analysis
of the ATA Protected Area
Obtaining
Computer Evidence
The
Art of Key Word Searching
Handheld
Forensics
Mobile
Forensics: Bridging the Gap between Cops and Examiners
Digital
Investigations and the Modern Legal Landscape
LiveWire
Investigator
Fat/NTFS
- The Wily Internals of Windows’s File Systems
Open
Resources to Improve Your Forensic Analysis
Computer
Forensics in Private Industry
Enterprise
Forensics - Changing the Forensic Paradigm…
Wireless
Forensics
Macintosh
Forensics
Intrusion
Detection Tools
The
Future of Network Digital Evidence
Building
a Forensic PC
Wrong
Conclusions, Bad Testimony
eDiscovery
Combining Forensics with Data Management: Applying the “Key Players”
concept of Zubulake
Our
Perspective of Computer Forensics and Electronic Discovery in Our
Corporate Environment
VM
Forensics – Dealing with Funky Data
Mobile
Device Forensic Software Tools
Computer
Forensics in the 21st Century
Everything
Your Mother Should Have Told You About Write Blockers
Forensic
Software Tools for Cell Phones
Forensics
in the Field – The art of developing a computer forensics field deployment
kit
The
Latest in Live Remote Forensics Examinations
Digital
Forensics Research
Computer
Forensics - Problems and Solutions
Computer
Forensics
Realtime
Intrusion-Forensics - A First Prototype Implementation
Freeware
Forensics Tools
Forensic
Auditing: The Role of Computer Forensics in the Corporate Toolbox
Computer
Forensics: A Valuable Audit Tool
The
Difficulty of Data Annihilation from Disk Drives: or Exnihilation Made
Easy
http://www.tigertools.net/contest.htm
Disk
Encryption Howto
Computer
Forensics Security Presentation
Stego
Forensic Techniques
Collecting
Evidence from Providers
Computer
Forensics - Detecting the Imprint
Forensic
Software Maker Gets Tough on Computer Crime
Introducing
the Metaspolit Antiforensics Project
Tracking the
hackers
Process
Dump Analyses - Forensical acquisition and analyses of volatile data
Tripwire
for Servers in a Forensics Environment
Computer Forensics:
Overview
There
is Something Fishy About Your Evidence… or How to Develop Inconsistency
Checks for Digital Evidence Using the B Method
Formal
Specification and Refinement of a Write Blocker System for Digital
Forensics
What's on that Hard
Drive?
Checking
Microsoft Windows Systems for Signs of Compromise
Computer
Investigations Computer Investigations in the UC System
Computer
Forensics Methodologies for Fraud Investigations
Police Posing as
Juveniles Online to Catch Sex Offenders: Is It Working?
Setting
up for Forensics
Intro in IT
Forensics Mgmt
Handhelds
give up secrets
Computer
Forensics
Digging Into
Unlawful Email Messages
What
is Computer Forensics?
Cyber Security Tips
CSI/FBI
Computer Crime and Security Survey
Searching
and Seizing Computers and Obtaining Electronic Evidence in Criminal
Investigations
Federal
Guidelines for Searching and Seizing Computers
Remembrance
of Data Passed: Used Disk Drives and Computer Forensics
Combining
Cisco NetFlow Exports with Relational Database Technology for Usage
Statistics, Intrusion Detection, and Network Forensics
Secure
Data Deletion for Linux File Systems
Data
Remanence in Semiconductor Devices
Cops
Are from Mars, Sysadmins Are from Pluto: Dealing with Law Enforcement
Unleashing
the Power of JumpStart: A New Technique for Disaster Recovery, Cloning, or
Snapshotting a Solaris System
Tracing
Anonymous Packets to Their Approximate Source
Tracking
Hackers on IRC
Correlating
Log File Entries
13th
Annual Computer Security Incident Handling Conference (FIRST)
Incident
Response: Performing Investigations on a Live Host
FORENSICS
- Loadable Kernel Modules
Forensics
Lite
Computer
Forensics: Beyond the Buzzword
Computer
Forensics
Automated
Log Processing
Evidence
Enhancing Technology - Bridging the Techno-Legal Gap with Secure Audit
Logging
Hiding
within the Trees
Using
Memory Dumps in Digital Forensics
Incident
Response and Handling
Best
Practices For Seizing Electronic Evidence version 1.0
Intrusion
Investigation and Post-Intrusion Computer Forensic Analysis
Data
Forensics for Legal Professionals
The
Difference Between Paper and Electronic Files
Network
Forensics - An Example of a Virtual Crime that Needs Computer Forensic
Expertise
Digital
Forensics and Information Assurance - Education and Research
International
Journal of Digital Evidence (IJDE)
Forensic
Analysis in a Digital World
Digital
Evidence: The Moral Challenge
An
Historical Perspective of Digital Evidence: A Forensic Scientist's
View
Forensic
Analysis in the Digital World
Proving
the Integrity of Digital Evidence with Time
Error,
Uncertainty and Loss in Digital Evidence
Error,
Uncertainty, and Loss in Digital Evidence
Shrinking
the Ocean: Formalizing I/O Methods in Modern Operating Systems
Cyber
Forensics: A Military Operations Perspective
Dynamic
Time & Date Stamp Analysis
Dynamic
Time & Date Stamp Analysis
A
Lessons Learned Repository for Computer Forensics
An
Examination of Digital Forensic Models
Analyzing
the Difficulties in Backtracing Onion Router Traffic
Practical
Approaches to Recovering Encrypted Digital Evidence
NIST
CFTT: Testing Disk Imaging Tools
Defining
Digital Forensic Examination and Analysis Tools Using Abstraction
Layers
Identifying
Significant Features for Network Forensic Analysis Using Artificial
Intelligent Techniques
Forensics
and the GSM Mobile Telephone System
New
Accounting Reform Laws Push for Technology-Based Document Retention
Practices
MFP:
The Mobile Forensic Platform
Getting
Physical with the Digital Investigation Process
An
Evaluation of Image Based Steganography Methods
The
Debtor's Digital Reckonings
Modeling
of Post-Incident Root Cause Analysis
Examining
the Encryption Threat
A
Ten Step Process for Forensic Readiness
Decoy
Systems: A New Player in Network Security and Computer Incident
Response
Using
Extended File Information (EXIF) File Headers in Digital Evidence
Analysis
The
Trojan Made Me Do It: A First Step in Statistical Based Computer Forensics
Event Reconstruction
Forensic
Relative Strength Scoring: ASCII and Entropy Scoring
Digital
Forensic Analysis of E-Mails: A Trusted E-Mail Protocol
Bluepipe:
A Scalable Architecture for On-the-Spot Digital Forensics
Evaluation
of Intelligent Intrusion Detection Models
Application
Of Formal Methods To Root Cause Analysis of Digital Incidents
Process
Forensics: A Pilot Study on the Use of Checkpointing Technology in
Computer Forensics
An
Extended Model of Cybercrime Investigations
Computer
Forensics: The Need for Standardization and Certification
A
Formalization of Digital Forensics
The
Linux Kernal and the Forensic Acquisition of Hard Discs with an Odd Number
of Sectors
Toward
Defining the Intersection of Forensics and Information Technology
Who's
At The Keyboard? Authorship Attribution in Digital Evidence
Investigations
Finite
State Machine Analysis of a Blackmail Investigation
Case-Relevance
Information Investigation: Binding Computer Intelligence to the Current
Computer Forensic Framework
TULP2G
– An Open Source Forensic Software Framework for Acquiring and Decoding
Data Stored in Electronic Devices
Ipod
Forensics
Formalising
Event Time Bounding in Digital Investigations
Exploiting
the Rootkit Paradox with Windows Memory Analysis
Hidden
Disk Areas: HPA and DCO
Google
Desktop as a Source of Digital Evidence
Digital
Forensics at a University
Performing
a Security Forensics Review
The Technical
Side of Internet & Computer Crime
Computer
Forensics & Electronic Evidence
Computer
Forensics: an introduction
The Future
of High Tech Crime
Gentoo
Linux Quick Install Guide for a Forensic Workstation
Virtual
War's Computer Forensic page
Incident
Response Procedure for Account Compromise
Gatekeeping
Out Of The Box: Open Source Software As A Mechanism To Assess Reliability
For Digital Evidence
The
Enemy Within - Investigating Computer Crime in the 21st Century
Loudoun's
AOL Detective Finds Clues in E-mail
Analyzing
Log Files
Trace-Back:
A Concept for Tracing and Profiling Malicious Computer Attackers
Data
Forensics
Biometrics
and Digital Evidence
Malware Detection
- Known File Filtering
Detecting
Subtle System Changes using Digital Signatures
Time-Lining
Computer Evidence
Computer
Crime & the Use of Computers in Crime
Computer
Forensics and First Response
Electronic
Discovery
Understanding
Computer Forensics
Digital
Audit Trails and Their Importance in Computer Crime Investigations
Chapter 8: Using the
Forensic Server Project
Registry key list
Testifying
in a Computer Crimes Case
Intrusion
Detection Systems and A View To Its Forensic Applications
Do
You Leave Sensitive Data Lying Around?
How
damaging is that trunk mounted radio to computer evidence?
Computer
Crime Investigator's Toolkit
Encryption:
Impact on Law Enforcment
Forensics
and Linux
How to duplicate a
complete PC via network
How to duplicate a Linux
PC or partition via network
Computer
Forensics
Police
Tighten the Net
Forensics
for Advanced UNIX File Systems
Profiling
Computer Criminals - Methodology or Myth
Forensic
examination of log files
Cybercrime
forensics
An
Automatic System for Collecting Crime Information on the the Internet
Audit
Trails in Evidence: Analysis of A Queensland Case Study
Cyber
Crime: Theft of a Trade Secret
Properly
Obtaining and Securing Evidence in a Computer Crime Investigation
Saving
Your Data After a Head Crash: An Inside Look at a Disk Recovery
Service
Data
Mining Used Hard Drives
Chasing
Headers - Tracking the Origin of Email Through Header Data
A
Recursive TCP Session Token Protocol For Use in Computer Forensics and
Traceback
The
Future of Computer Forensics: A Needs Analysis Survey
Defining
Event Reconstruction of Digital Crime Scenes
Providing
Process Origin Information to Aid in Computer Forensic Investigations
On
the role of file system metadata in digital forensics
Ipod
Forensics
Computer
Forensics: Meeting the Challenges of Scientific Evidence
A
Hypothesis-Based Approach to Digital Forensic Investigations
Digital
Music Device Forensics
Computer
Forensics: Toward Creating a Certfication Framework
Guidelines
for the Best Practice in the Forensic Examination of Digital
Technology
Securing
Evidence and Preparing it for Court
5
Ways to FIRE up Your Incident Response and Forensic Environment
Router
Forensics DDOS/worm Updates
EWF
Specification
|
