|
Return to Main
Menu
Audit - Detect
Network Intrusions
Anonymity &
Privacy
ATM - Asynchronous
Transfer
Biometrics
Business
Continuity Planning
Cellular
Communications
Computer Crime
& Investigations
Computer Hardware
Tutorial
Corporate
Violence in Workplace
Crypto &
Encryption - Part I
Crypto &
Encryption - Part II
Crypto &
Encryption - Part III
Disaster Recovery
Planning
Downloads - -
Public Domain
Downloads - Packet
Storm
Downloads - Hacker
Domain
Employment and Job
Opportunities
Ethics Law and
Security Policy
Firewalls
Frame Relay
Tutorials
FreeBSD -
Berkeley Unix Clone
FreeBSD -
OnlineBooks to Read
General Security
Related Links
Hacking - How its
done Guides
Hacked Web
Sites
Information
Warfare
Internet
Telephony & Protocols
Intrusion
Detection Library
Investigations and
Courtrooms
Java Security
Resources
Jobs &
Employment Opportunities
Legal Resources -
Legal Basics
Linux Resources -
Basics
Linux Resources -
Online Books
Mailing List -
For Newsletters
Magazine
Articles - SEARCHER
Magazine Store -
CheapPrices
Military &
Govt Security Docs
Networking -
Internet Protocols
Novell Networking
Security
Online Courses
-Boost Your Skills
Pager Hardware
Reprogramming
Penetration
Testing -Intrusions
Physical and
Facility Security
Privacy &
Anonymity on the Net
Programming
Tutorials
Protocols -
Networking - Internet
Resume and
Interview Resources
Security Magazines
Online
Security Reference
Library I
Security Reference
Library II
Security Policy
Library
Security
Standards & Guidelines
Smart
Cards
Telecommunication
& Internet
Telecommunications
Tutorials
Threat Risk
Assessments
Unix Security
Resources
Unix Security
Online Books
VPN's - Virtual
Private Networks
Virus Worms
Trojans Hoaxs
Voice / IP
Protocols and Standards
WIN NT Assorted
Files
WIN
NT Security Files
WIN 2000 Operating
System
Workplace
Violence
Y2K Year 2000
Information
|
Computer Forensics - Network
Forensics - Tutorials,
Guides, Articles, FAQs & Reviews
Definition of: computer
forensics
The investigation of a computer system
believed to be involved in cybercrime. Forensic software provides a
variety of tools for investigating a suspect PC. Such programs may include
a function that copies the entire hard drive to another system for
inspection, allowing the original to remain unaltered.
Another
utility compares file extensions to the data content in order to determine
if files have been camouflaged with phony file extensions. For example, an
image file might be renamed as a text document and vice
versa.
Network Forensics
In order to
identify attacks, "network forensics" deals with the capture and
inspection of packets passing through a selected node in the network.
Packets can be inspected on the fly or stored on disk for later analysis.
See forensically
clean, slack
space, write
blocker, file
wipe, IDS
and security
event management software.
NIST
Phases
The National Institute of Standards and
Technology "Guide to Integrating Forensic Techniques into Incident
Responses" covers four phases, which are briefly summarized below. For the
complete 121-page NIST publication, download draft SP 800-86 at
http://csrc.nist.gov/publications/nistpubs.
1 - Collection:
Identify, label, record and acquire data from possible sources, while
preserving the integrity of the data.
2 - Examination: Use manual
and automated methods to assess and extract data of particular interest,
while preserving the integrity of the data.
3 - Analysis: Use
legally justifiable methods and techniques to derive useful
information.
4 - Reporting: Describe actions used, explain how
tools and procedures were selected, determine what other actions need to
be performed, including forensic examination of additional data sources,
securing identified vulnerabilities and improving existing security
controls. Recommend improvements to policies, guidelines, procedures,
tools and other aspects of the forensic process.
FORENSIC ARTICLES, PAPERS and
PRESENTATIONS - The Big List....
Monitoring
and Network Forensics at the University of Chicago
(2003-12-22)
Cyber
Forensics: Find Out What You Are Missing
(2005-02-23)
Computer
Forensics Tool Testing (CFTT) Project (2004-07-23)
Computer
forensics: Techniques for catching the 'perp' protect company
data (2005-02-07)
http://www.educause.edu/LibraryDetailPage/666?ID=CSD3383 (2004-09-09)
Antiforensic
Tools (2005-06-09)
Forensic
Overview (2006-04-18)
System-Wide
Strategies for Achieving IT Security at the University of
California (2006-04-18)
Forging an
Anti-terrorism Search Tool (2005-06-06)
International
Association of Computer Investigative Specialists
(2004-10-05)
Open Source
Security Tools at Maricopa Community Colleges
(2004-01-13)
Security
Awareness - (2006-10-18)
Logging and
Monitoring - (2006-10-18)
Data
Security - (2006-10-18)
Security
Awareness - (2006-10-18)
Data
Security - (2006-10-18)
Logging
and Monitoring - (2006-10-18)
Intrusion
Detection and Prevention - (2006-10-18)
Security
Architecture - (2006-10-18)
Effective
Incident Response Teams: Two Case Studies
(2005-04-07)
Incident
Handling/Incident Response - (2006-10-18)
Intrusion
Detection and Prevention - (2006-10-18)
Incident
Handling/Incident Response - (2006-10-18)
[MY CONTENT STARTS HERE AND CONSTITUTES THE REST OF THE PAGE]
Evaluation
of Intelligent Intrusion Detection Models [PDF] Summer 2004
Event
Sequence Mining to Develop Profiles for Computer Forensic Investigation
Purposes [PDF] 2006
Windows
Forensics: Have I been Hacked?February 2004
Basic Computer
Forensic for the Private Investigator [PP Presentation]
Computer
Forensics 101 [PP Presentation] May 2004
AccessData
Certified Examiner Study Guide [PDF] June 2006
Registry
Quick Find Chart [PDF] August 2005
AGEC
Issues Paper: Evidence and the Internet [PDF] September 2000
Live
forensics: diagnosing your system without killing it first [PDF]
February 2006
MFP:
The Mobile Forensic Platform [PDF] Spring 2003
Mobile
Forensic Platform [PP Presentation] January 2004
Standardizing
digital evidence storage [PDF] February 2006
Automatically
Creating Realistic Targets for Digital Forensic Investigation [PDF]
August 2005
Automatically
Creating Realistic Targets for Digital Forensic Investigation [PDF
Presentation] August 2005
Detection
and Investigation of Compromised Hosts on Campus Networks [PDF
Presentation] April 2006
Intrusion
Detection Systems and A View To Its Forensic Applications [Available
as Postscript download] February 2000
Computer
& Network Forensics; Best Practices and Lessons Learned [PP
Presentation]
The
Forensic Chain-of-Evidence Model: Improving the Process of Evidence
Collection in Incident Handling Procedures [PDF]
Improved
event logging for security and forensics: developing audit management
infrastructure requirements [PDF] April 2003
FIRESTORM:
Exploring the Need for a Forensic Tool for Pattern Correlation in Windows
NT Audit Logs [PDF] November 2002
Design
of a Network-Access Audit Log for Security Monitoring and Forensic
Investigation [PDF] November 2003
Towards
Identifying Criteria for the Evidential Weight of System Event Logs
[PDF] 2004
Cisco
Router Forensics [PP Presentation] July 2002
Cisco
Router Forensics Checklist [Zipped file] July 2002
WebMail
Forensics [PDF Presentation] July 2003
Tracing
E-mail Headers [PDF] 2004
Computer
Searches
XIRAF:
Ultimate Forensic Querying 2006
XIRAF –
XML-based indexing and querying for digital forensics [PDF] August
2006
Collecting
Digital Evidence from Intrusion Detection Systems [PP Presentation]
Spring 2002
Digital Media
Forensics May 2000
Audit
Trails in Evidence: Analysis of A Queensland Case Study [RTF document]
December 2003
Automated
Log Processing [PDF] December 2002
Forensic
analysis of Windows hosts using UNIX-based tools [PDF] July 2004
Using
Extended File Information (EXIF) File Headers in Digital Evidence
Analysis [PDF] Winter 2004
Unleashing
the Power of JumpStart: A New Technique for Disaster Recovery, Cloning, or
Snapshotting a Solaris System 2000
Recovering,
Examining and Presenting Computer Forensic Evidence in Court [Word
document] 2004PP
Presentation
Law
Enforcement Training Manual [PDF]
Computer Evidence
Comes Of Age
Computer Evidence
Processing
Computer
Evidence Processing Step 1 -- Seizure of the Computer
Electronic Document
Discovery: A Powerful New Litigation Tool
Evidence
Processing: Computer Autopsy
Good Documentation
Is Essential
Hard Disk Drives -
Bigger is Not Better
Identifying
Internet Activity: Computer Forensics Goes To Cyber Space
The Third Step -
Preserve the Electronic Crime Scene
Forensics
(Procedures)
Ilook
Investigator [PP Presentation] 2005
EnCase
Test and Tutorial (from archive.org)
Computer
& Insider Crime: Problems & Solutions [PP Presentation]
February 2004
Report
on the Digital Evidence Needs Survey Of State, Local and Tribal Law
Enforcement [PDF] March 2005
Best
Practices for Handling of Electronic Evidence [PDF Presentation]
September 2003
Trace-Back:
A Concept for Tracing and Profiling Malicious Computer Attackers [PDF]
2002
Developing
a Framework for Evaluating Computer Forensic Tools [PDF] March 2003
Teaching
Computer Forensics: Uniting Practice with Intellect [PDF] June 2004
Electronic
Forensics Education Needs of Law Enforcement [PDF] June 2004
Computer
Forensics - Detecting the Imprint [PDF] August 2002
Digital
Forensic Reconstruction and the Virtual Security Testbed ViSe 2006
Investigation
Into Computer Forensic Tools [PDF] September 2004
An
Investigation into Computer Forensic Tools [PDF] July 2004
Setting
up a Cyber Crime Investigation Cell & Cyber Forensics Laboratory
2004
Legal
Constraints for the Protection of Privacy and Personal Data in E-evidence
Handling [PP Presentation] May 2003
Overview of
Legal Aspects, E-Evidence and Data Protection [PP Presentation] May
2003
The Investigation of Computer Crime and Crime Scene ComputersLesson Sample
[PDF]
Good
Practice Guide For Computer Based Evidence [PDF] v.2 - June 1999
Good
Practice Guide For Computer based Electronic Evidence [PDF] v.3 -
September 2003
Local
Copy
Some
Golden Rules for Investigating On-Line Child Sexual Exploitation 2001
Australian
Computer Crime and Security Survey [PDF] May 2005
The
Digital Crime Scene: A Software Prospective [PDF] March 2004
Designing
and Implementing a Computer Forensics Curriculum and Exercises [PDF
Presentation] September 2005
Case
Forms [PDF]
To
Catch a Thief: Digital Forensics in Storage Networks [PDF
Presentation] Spring 2006
Seizing
Computers and other Electronic Evidence Best Practice Guide [PDF]
February 2003
Forensic
Plan - A technical guide to aid in the preservation of digital evidence
following a computer security incident [PDF] July 2004
Incident
Response Plan - A technical guide to aid in preparing for, detecting and
responding to computer security incidents [PDF] July 2004
High Tech Crime
Briefs January 2005 New series, issues 1-9
PDA
Forensic Tools: An Overview and Analysis [PDF] August 2004
Cell Phone
Forensic Tools: An Overview and Analysis [PDF] October 2005
Intro
to Linux for Cyber Crime Investigators and Computer Forensic Examiners
[PP Presentation] 2003
KNOPPIX
Bootable CD Validation Study for Live Forensic Preview of Suspects
Computer [PDF] 2003
Using Linux
VMware and SMART to Create a Virtual Computer to Recreate a Suspect's
Computer [PDF] October 2002
Intercept
and Intelligence Hopefully Lawful [PDF] 2001
Simple
Law Enforcement Monitoring [PDF] July 2003 Discusses Lawfully
Authorized Electronic Interception
Checking
Microsoft Windows® Systems for Signs of Compromise [PDF] October 2004
Searchtools,
Indexed searching in forensic images September 2004
Security
Applications of Bootable Linux CD-ROMs [PDF] November 2001
Honeynet
Data Analysis: A technique for correlating sebek and network data [PP
Presentation] August 2004
Extreme
IP Backtracing [PP Presentation]
Network
Monitoring and Forensics [PDF] May 2004
6 on Forensics [PDF]
2002 - 2005
Six articles on Computer Forensics for Lawyers
Computer Forensics for Lawyers Who Can’t Set the Clock on their VCR
Cross-examination of the Computer Forensic Expert
Getting to the Drive: Gaining Access to your Opponent’s Digital Media
Meeting the Challenge: E-mail in Civil Discovery
Finding the Right Computer Forensics Expert
Picking Up the Slack: A Peek Behind the Curtain of Computer Forensics
Beyond Data about
Data: The Litigator's Guide to Metadata [PDF] 2005
Cross-Examination
of the Computer Forensics Expert [PDF] 2004
Accompanying PP
Presentation
Cybersleuthing
for People Who Can't Set the Clock on Their VCR [PDF] 2003
Discovery
of Electronic Mail: The Path to Production [PDF] 2005
Dodging the Bullet:
Cross-Examination Tips for Computer Forensic Examiners [PDF] 2005
Finding the Right
Computer Forensic Expert [PDF] May 2004
Getting to
the Drive: Gaining Access to your Opponent’s Digital Media [PDF]
Meeting the
Challenge: E-Mail in Civil Discovery [PDF] 2004
The
Plaintiffs' Practical Guide to E-Discovery [PDF] 2004
Workshop:
Recovering From an Attack November 2004
Computer
Forensic Investigations [Presentation in PDF] 2002
Digital
Evidence Acceditation Winter 2004
Digital
Evidence Acceditation: Part 2 February/March 2005
Windows Forensics:
A Case Study, Part One December 2002
Windows Forensics:
A Case Study, Part Two March 2003
Catching
Intruders with SNARE [Honeypot] [PDF Presentation] April 2003
Honeypots: Monitoring and
Forensics [LINK to Site]
Compliance,
Response, and the Technology that Drives Them [PDF Presentation]
October 2004
Computer
Investigations Computer Investigations in the UC System [PDF] February
2005
The
Enhanced Digital Investigation Process Model [PDF] May 2004Related
PowerPoint Briefing May 2004
Implementing a Forensic
Response Unit [PDF Presentation] June 2004
Computer
Forensics - Electronic Evidence
Techniques for Now, Problems for the
Future October 2000
File
Deletion in MS FAT Systems April 1999 (updated September 2002)
Internet
Browsing (and the question of intent) February 2003
Kazaa Hash
values and their use as criminal 'proof' April 2006
Possession
of Child Pornography July 2001 (updated September 2002)
Torn
Pieces
True
Expertise April 2003
Windows
Explorer Properties July 2001 (updated September 2002)
Secure
Data Deletion for Linux File Systems 2001
Combating
Online Software Piracy in an Era of Peer-to-Peer File Sharing [PDF]
August 2004
Fighting
Online Software Piracy—What Works in 2005 [PDF] 2005
Kick-Starting
Forensics at Your School [PP Presentation] April 2006
Recognizing the
Importance of Network Enabled Computer Forensics [Presentation in PDF]
November 2003
Forensic
Computing: Developing Specialist Expertise within the CS Curriculum
[PDF] June 2006
Best
method of preserving volatile evidence in RAM
A
Hierarchical, Objectives-Based Framework for the Digital Investigations
Process [PDF] August 2004
Related
PowerPoint Briefing
Tracking
Down the Criminal in Cyberspace [PP Presentation] May 2003
Interpreting
Network Traffic: A Network Intrusion Detector's Look at Suspicious
Events October 2002
Network
Forensics Primer [PP Presentation] August 2005
Network
Forensic Traffic Reconstruction with Tcpxtract January 2006
The
Network-Centric Incident Response and Forensics Imperative [PDF
Presentation] June 2006
Surplus
Disk Drive Vulnerability – Information leakage November 2003
Forgetting to
Lock the Back Door: A Break-in Analysis on a Red Hat Linux 6.2 Machine
[PDF] August 2002
Alternate
Data Streams in Forensic Investigations of File Systems Backups [PDF]
May 2006
13th
Annual Computer Security Incident Handling Conference (FIRST) [PDF]
Two Views
from the Data Mountain [PDF] June 2003
Finding
Gold in the Browser Cache [PDF Presentation] August 2006
Netmon forensic
tools and tipsApril 2006
The
Discipline of Internet Forensics August 2003
Data
Hiding Tactics for Windows and Unix File Systems May 2006
Data
Mining Email April 2004
System
Documentation - The "RegistryExtractor" [PDF] October 2005
Computer
Forensics article (No title given) September 1997
How
damaging is that trunk mounted radio to computer evidence? [RTF doc]
Network
forensics in a post GE world [PDF Presentation] October 2005
Online
evidence gathering and the Evidence Bin [PDF] October 2005
Digital
Forensics: Crime Seen
Digital
Forensics: Storage Media Primer
Unix DD command
and image creation
Windows
Filesystems Recovery
Working
with Images
Computer
Forensics Gear August 2001
Defeating
Live Forensics in the Windows Kernel [PP Presentation] June 2006
An
Introduction to The Coroners Toolkit [PDF] January 2001
Software
Write Block - Testing Support Tools Validation [PDF Papers] March 2005
Testing
BIOS Interrupt 0x13 Based Software Write Blockers [Paper, PP
Presentation & Poster] March 2005
Forensic
Investigation of Data in Live High Volume Environments [Word doc] 2005
Data Loss
Causes
Securing Electronic Evidence
the Right Way [PP Presentation] 2001
Development
of a zero skills forensic laptop registration and identification tool
[PDF] July 2005
Secure
Digital Camera [PDF] August 2004
Related
PowerPoint Briefing
Improving
Computer Forensics Media Analysis with Modeling Languages [PP Poster]
2004
Knowledge
discovery and experience modeling in computer forensics media analysis
[PDF] 2004 (Registration required)
Preparing
for Large-Scale Investigations with Case Domain Modeling [PDF] August
2005
Selection of
Hashing Algorithms [Word Document] June 2000
Analysing
Privacy-Invasive Software Using Computer Forensic Methods [PDF]
January 2006
Computer
Forensic - A Technological Perspective [PDF] March 2002
Everything
Your Mother Should Have Told You About Write Blockers [PDF
Presentation] June 2006
Computer
Forensics [PDF Presentation] November 2005
Forensic
Techniques for Investigating Network Traffic [PP Presentation] July
2002
Forensics
in Fifteen [Flash Presentation] March 2006
Forensics
in Fifteen [PP Presentation] April 2006
Knoppix
First Responders Guide [PDF] July 2003
Downloading:
Using Computer Software as an Investigative Tool June 1996
The
Evidential Value of Email [PDF] 2003
Computer
Forensics Lab Investigation Report [Word doc] 2005
Towards
Proactive Computer System Forensics [PP Presentation]
Practice
effective security log analysis July 2005
Part
2 - Make the most of your security log data July 2005
Collecting
Electronic Evidence After a System Compromise April 2001
The
Computer Forensics and Cybersecurity Governance Model April 2003
High-Tech Crimes Revealed: Cyberwar Stories from the Digital
Front
Chapter
3: If He Had Just Paid the Rent [PDF] August 2004Alternate
Link
High
tech investigations: It ain’t just forensics [PDF Presentation] May
2005
Investigating
Wireless [PDF] 2005
Computer
Searches and Seizures: Some Unresolved Issues March 2002
Guidelines for
Evidence Collection and Archiving July 2000
Incident
Response Procedures
Playing
in the Devil's Playground [PP Presentation] July 1999 Discusses the
merit of using statically linked binaries for forensic applications
The
Need For Forensic Capabilities In The Commercial Sector [PP
Presentation] July 2000
Basic
Windows Intrusion Detection and Forensics September 2003
A cyber
forensics ontology: Creating a new approach to studying cyber
forensics [PDF] August 2006
BCS
Comments on Proposals for Registration of Digital Evidence Specialists
January 2004
How
to use Helix to conduct a Basic Incident Response on a Windows XP
Professional SP2 Computer March 2005
Forensic
Computer and Cybercrime Investigations [PDF] December 2001 (from
archive.org)
The
Federal Court, the Music Industry and the Universities: Lessons for
Forensic Computing Specialists [PDF] November 2003
Bridging
the Divide: Rising Awareness of Forensic Issues amongst Systems
Administrators [PDF] Abstract 2002
Bridging the
Divide:Rising Awareness of Forensic Issues amongst Systems
Administrators [Presentation in Adobe Acrobat] 2002
Computer
Incident Investigations: e-forensic Insights on Evidence Acquisition
[PDF] May 2004
E-mail
and WWW browsers: A Forensic Computing Perspective on the Need for
Improved User Education for Information Systems Security Management
[PDF] 2002
Forensic
Computing: Developing a Conceptual Approach for an Emerging Academic
Discipline [PDF] 2001
Forensic
Computing: Developing a Conceptual Approach in the Era of Information
Warfare [PDF] 2001
Intrusion
Detection: Forensic Computing Insights arising from a Case Study on
SNORT [PDF] 2003
Intrusion
Detection: Issues and Challenges in Evidence Acquisition [Word
document] May 2003
Risks
and Solutions to problems arising from illegal or Inappropriate Online
Behaviours: Two Core Debates within Forensic Computing. [PDF] 2001
Advances
in Data Hiding Effects on Computer Forensics [Zipped PDF] October 2002
Analysis
of the ATA Protected Area [PDF] July 2003
Auditing
Cisco Routers [PDF Presentation] 2004
Bates
Numbering - What’s in a number anyway? [PDF] July 2002
Case
Study: Using Security Audits as an adjunct to Computer Forensics [PDF
Presentation] 2004
Computer
Forensics; Collection, Analysis and Case Management using ProDiscover
[Presentation in PDF] 2003
Detecting
& Collecting Whole Disk Encryption Media [PDF Presentation] June
2005
Developing
Corporate Policies in Support of Computer Forensics [PDF] July 2003
Digital
Discovery: It’s more than email [Zipped PDF Presentation]
Drive
Math [Zipped Word Document] February 2002
Exchangeable
Image File Format (ExIF) [PDF] October 2004
Hexadecimal
Flags for Partition Types [Zipped Word Document] February 2002
Obtaining
Computer Evidence [Zipped PP Presentation] April 2002
Procedural
Aspects of Obtaining Computer Evidence with Highlights from the DoJ Search
& Seizure Manual [Zipped file] February 2002
Risk
Sensitive Evidence Collection [PDF Presentation] 2004
The
Art of Key Word Searching [PDF] October 2003
The
Latest in Live Remote Forensics Examinations [PDF Presentation] June
2006
Windows
File Header Signatures
PC Forensics
Analysis [PP Presentation] August 2003
A
case study in security incident forensics and response (Part 1) March
2001
A
case study in security incident forensics and response (Part 2)
[Author: John Desmond] April 2001
Solving
Crimes Through Digital Forensics July 2005
Innovative
Techniques to Manage Sex Offenders in the Community [PDF Presentation]
June 2005
'Cyber-Crime
& Digital Evidence' Seminar Materials [Several PDFs] November 2005
Forensic
Computing and Digital Evidence [PDF Presentation] November 2005
Auditing
Cyber Crime [Zipped PDF Presentation] March 2005
Design of a
Digital Forensics Image Mining System [PDF] October 2005
The
Difference Between Paper and Electronic Files [PDF] March 2006
Norton
Ghost 2003 as a Forensic Image Acquisition Tool (GCFA Practical) [PDF]
December 2002
Tracking
Hackers on IRC 1999
Hiding
within the Trees [PDF] 2004
How
to Reuse Knowledge about Forensic Investigations [PDF] August
2004
Related
PDF Briefing
Forensics
for Critical Information Infrastructure Protection [PP Briefing]
August 2004
Computer
Forensics in Virginia [PDF Presentation] September 2004
Design
and Implementation of Zeitline: a Forensic Timeline Editor [PDF]
August 2005
Providing
Process Origin Information to Aid in Computer Forensic Investigations
[PDF] September 2004
On
the role of file system metadata in digital forensics [PDF] December
2004
Recovering
Deleted Files in Linux April 2002
Issues
in Computer Forensics [PDF] May 2003
Accessing the
System BIOS on Various Computers
EnCase Base64
Processing
Log Parser
(Microsoft) June 2006
The "Swiss Army Knife" for Intrusion
Investigators and Computer Forensics Examiners
Registry
Processing: Determining What Files/Folders are Shared
Restore
Point Forensics May 2006
Searching
for Outlook Compressible Encryption (PST Data) in the Unallocated
Clusters January 2006
SERIES: DBB Kazaa Database File - 1st 9 Fields plus Kazaa Hash Decoded
Viewing the Kazaa
DBB File in EnCase
Using EnCase to
Decode DBB Record Field Values
Using Local
Loopback and Kazaa Port to View Kazaa Shared Files in Browser
Viewing
the Kazaa DBB File in EnCase - Meaning of the "Last Shared Date/Time"
Time Change
Captured in Event Log - Event 577 2005
Understanding
index.dat Files Part 1 2005
Understanding
index.dat Files Part 2 May 2006
UNIX
Time Stamp ID and Hotmail
EnCase Computer Forensics--The Official EnCE : EnCase Certified
Examiner Study Guide
Chapter
1: Computer Hardware [PDF] March 2006
Tracing
Anonymous Packets to Their Approximate Source 2000
An
introduction to Windows memory forensic [PDF] July 2005
Digital
forensics of the physical memory [PDF] March 2005
Finding
Digital Evidence in Physical Memory [PDF Presentation] January
2006
Zipped
Tools & Related docs
Forensic Analysis
of a Live Linux System, Part One March 2004
Forensic Analysis
of a Live Linux System, Part Two April 2004
Physical
Memory Forensics [PDF Presentation] July 2006
Additional
materials: Physical Memory Forensics Movies - 15 MB [Zipped]
Windows
Forensic How-to: Incident Response Plan for Abuse of Corporate Assets
[PDF] February 2003
An Introduction to Linux as a Tool for Digital Investigation and
Analysis
Part 1 [PDF
Presentation] July 2005
Part 2 [PDF
Presentation] July 2005
Maintaining
Credible IIS Log Files November 2002
Without
a Trace: Forensic Secrets on a Windows Server [Presentation in PDF]
January 2004
Related
Tools [Zipped file]
The
SMS Murder Mystery: The dark side of technology [PDF] September 2005
Forensic
Examination of a RIM (BlackBerry) Wireless Device [PDF] June 2002
Forensic
Examination of a RIM (BlackBerry) Wireless Device [PP Presentation]
September 2002
Criminal
Forensic Investigations Use of Supportive Presentation Tools In a
Successful Investigation [PDF] May 2004
Computer
Security Incident Response Procedures: Do You Need One? You Bet You
Do! [PDF] January 2005
Forensics:
What to do after the Break-In [PDF Presentation] May 2002
Data
Hiding and Recovery [PDF] April 2003
Linux as
Forensic Platform of Choice [Presentation in PDF] April 2003
Computer
Crime & the Use of Computers in Crime
Chapter 8 from electronic
booklet"Dealing
with White Collar Crime"
Encase
Version 5 Presentation [PDF Presentation] June 2006
The Global
Enterprise - Forensic Audits Across the Large Scale Network [PDF
Presentation] November 2003
CATCH
Project Description [PDF]
Security
Event Correlation – Security's Holy Grail? [PP Presentation]
Combating High-Tech
Crime in California: The Task Force Approach [PDF] June 1997
Computer Forensics and Privacy
Chapter
6 - Modes of Data Insertion and Acquistion [PDF] 2002
Digital
"Evidence" May Not Be "Evidence" At All [PDF - Scroll down] February
2004
Police
Tighten the Net September 1998
The Necessity for
Computer Forensics January 2002
Computer
Forensics; What You Need to Know [PDF Presentation] October 2004
Digital
Fraud Examination [PDF] 2005
A
Mechanism for Automatic Digital Evidence Collection on High-Interaction
Honeypots [PDF & PP Presentations] June 2004
Teaching
Computer Forensics Using Student Developed Evidence Files [PP
Presentation] March 2006
To
Catch a Thief: Computer Forensics in the Classroom [PDF] October 2005
eDiscovery
Combining Forensics with Data Management: Applying the “Key Players”
concept of Zubulake [PDF Presentation] November 2005
A
Critical Evaluation of the Treatment of Deleted Files in Microsoft Windows
Operation Systems [PDF] 2005
The
Enemy Within - Investigating Computer Crime in the 21st Century [PDF]
2005
The
Trojan Made Me Do It: A First Step in Statistical Based Computer Forensics
Event Reconstruction [PDF] Spring 2004
Child
Abuse, Child Pornography and the Internet [PDF] December 2003
A
Crash Course in Digital Forensics [PDF Presentation] June 2006
A
Hypothesis-Based Approach to Digital Forensic Investigations [PDF]
March 2005
An
Investigator’s Guide to File System Internals (From archive.org) [PDF
Presentation] June 2002
Basic
Media Analysis & The Sleuth Kit / Autopsy [PDF Presentation] 2004
Defining
Digital Forensic Examination and Analysis Tools [PDF] August 2002
Defining Digital
Forensic Examination & Analysis [PP Presentation]
Open
Source Digital Forensics Tools: The Legal Argument [PDF] October 2002
PC-Based
Partitions [PDF] March 2005
Sample Chapter from File System
Forensic Analysis
Performing
an Autopsy Examination on FFS and EXT2FS Partition Images: An
Introduction to TCTUTILs and the Autopsy Forensic Browser [PDF]
The Sleuth Kit
Informer
UNIX
Computer Forensics [PDF] April 2004
Sample Chapter 12 from Know
your enemy
Why Recovering a
Deleted Ext3 File Is Difficult . . . August 2005
A
Hardware-Based Memory Acquisition Procedure for Digital Investigations
[PDF] 2003
A
Recursive Session Token Protocol For Use in Computer Forensics and TCP
Traceback [PDF] 2002
A
Digital Investigation Process Model (Poster) [PDF] 2004
An
Event-Based Digital Forensic Investigation Framework [PP Presentation]
August 2004
Automated
Digital Evidence Target Definition Using Outlier Analysis and Existing
Evidence [PDF] August 2005
Categories
of digital investigation analysis techniques based on the computer history
model [PDF] August 2006
Defining
Event Reconstruction of Digital Crime Scenes [PDF] November 2004
Getting
Physical with the Digital Investigation Process [PDF] Fall 2003
Investigating
Internet Histories with Internet Explorer 6
Investigating
Internet Histories with Netscape Navigator 6
Investigation
Internet Usage [HTML-Frames Presentation] January 2002
Forensic
Computing [PDF Presentation]
Bringing
the Cyber-Criminal to Justice: An Essay for the Technologically
Impaired 1997
Architectural
Innovations for Enterprise Forensics [PDF] November 2003
The
Coroner's Toolkit (TCT) [PP Presentation] Spring 2002
Carvdawg's
Perl Page
A collection of perl scripts, some of which may have
forensic applications.
Chapter 8: Using the
Forensic Server Project [PDF] July 2004
Sample Chapter book
Data
Hiding on a Live System [PP Presentation] January 2004
Detecting and
Removing Trojans and Malicious Code from Win2K September 2002
GMU2005
presentations [Zipped PP Presentations] August 2005
Topics: The
Windows Event Log file format; Tracking USB storage devices across Windows
systems; File/document metadata.
Malware
analysis for windows administrators [Available by request] 2005
No Stone Unturned Series
Part 1
February 2002
Part 2 March
2002
Part 3 April
2002
Part 4 May
2002
Part 5 June
2002
Part 6 August
2002
NT/2K Incident
Response Tools August 2001
Registry key list
[Zipped excel spreadsheet] April 2005
The
Dark Side of NTFS (Microsoft’s Scarlet Letter)
Discusses Alternate
Data Streams
The
Windows Registry as a forensic resource [Available by request] 2005
Using the
Forensic Server Project November 2004
Win2K First
Responder's Guide September 2002
Creating
an Incident Response Team [PP Presentation] April 2003
Digital Evidence and Computer Crime (Sample Chapters)
Chapter
1 - Digital Evidence and Computer Crime [PDF] 2004
Chapter
16 - Digital Evidence on Physical and Data-Link Layers [PDF] 2004
Error,
Uncertainty and Loss in Digital Evidence [PDF] June 2002
Error,
Uncertainty, and Loss in Digital Evidence [PP Presentation] February
2003 (from archive.org)
Forensic
Computer Analysis [PP Presentation] April 2003
Handbook
of Computer Crime Investigation Sample Chapter [PDF]Additional Materials
Related to the Book
Incident
Response and Analysis [PP Presentation] April 2003
Incident
Response and Forensics in Higher Education Environment [PP
Presentation] April 2004
Investigating
Network Intrusions [PDF Presentation] June 2001
Investigating
Sophisticated Security Breaches [PDF] February 2006
Network
Traffic as a Source of Evidence: Tool Strengths, Weaknesses, and Future
Needs [PDF] December 2003
Practical
Approaches to Recovering Encrypted Digital Evidence [PDF] August 2002
Profiling
Computer Criminals - Methodology or Myth [PP Presentation] July 2002
Tool
review - WinHex [PDF] April 2004
Tool
review – remote forensic preservation and examination tools [PDF]
December 2004
What to
Do After the Break-in: Preparing an Incident Report for Law
Enforcement May 2001
Automating
Case Reports for the Analysis of Digital Evidence [Abstract & PDF]
September 2005
Incident
Handling I [PDF Presentation] May 2003 (from archive.org)
Incident
Handling II [PDF Presentation] May 2003 (from archive.org)
Digital
Evidence Standards [PP Presentation] November 1999
Survey
of Disk Image Storage Formats [PDF] September 2006
Discovering Relationships in
Context: Inductive tools for forensic computing [PDF] June 2006
Digital
Search and Seizure [PDF] February 2006
Maintaining
the Forensic Viability of Logfiles [PDF] May 2001
Analyze
all available information to characterize an intrusion.
Installing
The Coroner's Toolkit and using the mactime utility
Steps
for Recovering from a Unix or NT System Compromise
Using
The Coroner's Toolkit : Harvesting information with grave-robber
Using
The Coroner's Toolkit : Rescuing files with lazarus
This
documentation discusses the use of two TCT tools, unrm and lazarus, on the
Sun Solaris operating system, version 2.x. You can use this approach with
other UNIX operating systems and hosts.
Virtual Training Environment (VTE)
January 2006
Challenges
of Forensic Investigations Under Corporate Environment [PDF
Presentation] June 2006
Computer
Forensics [PDF] November 2002
Computer
Forensics
Advanced
Packet Analysis [PDF Presentation] October 2002
Case
Studies in Implementing Packet-Level Analysis-based Security Solutions
[PDF Presentation] October 2002
Cybercrime at
Packet-Level Part 1 [PDF Presentation] October 2002
Cybercrime at
Packet-Level Part 2 [PDF Presentation] October 2002
Ethereal:
Analysis on a Budget [PDF Presentation] May 2005
Introduction
to Network and Local Forensics [PDF Presentation] May 2005
Decoy
Systems: A New Player in Network Security and Computer Incident
Response [PDF] Winter 2004
Criminal
Computer Intrusion Unit [PDF Presentation] August 2005
Who’s
At The Keyboard? Authorship Attribution in Digital Evidence
Investigations [PDF] May 2005
The Digital
Evidence in the Information Era March 2004
ECF
- Event Correlation for Forensics [PDF] 2003
An
Automatic System for Collecting Crime Information on the the Internet
2000
Content-Based
Image Retrieval for Digital Forensics [PDF] February 2005
Freeware
Forensics Tools November 2001
Freeware Forensics
Tools for Unix November 2001
Step by step instructions for using
TCT
Reasons
to Challenge Digital Evidence and Electronic Photography June 2003
Computer
Forensics and the Law of Evidence (Hong Kong) [PP Presentation] May
2003
Forensic
Software Maker Gets Tough on Computer Crime July 2004
Defending
Against Misuse of Forensic Analysis Tools on Windows Systems [PDF]
January 2004
FTP
Attack Case Study Part I: The Analysis May 2002
FTP
Attack Case Study Part II: The Lesson June 2002
Linux
Data Hiding and Recovery March 2002
Security
Warrior: How to Tell if you Unix System is Hacked [PDF] March 2004
An
Extended Model of Cybercrime Investigations [PDF] Summer 2004
CIO
Cyberthreat Response & Reporting Guidelines [PDF]
First
Responders: Training Scene of Computer Crime Investigators [PDF] June
2002
A Police
Officer’s Guide: Seizure, Handling and Storage of Computer Evidence
[PDF]
Forensics:
Data Trails and Detection [PDF Presentation] February 2006
Technological
Aspects of Internet Crime Prevention February 1998
Computer
Forensics - Digging with a Digital Shovel [PDF] April 2005
PDF
Presentation
Computer
Forensics - Digging with the Digital Shovel [PP Presentation] 2006
Forensic
Computer Examinations for Small to Medium Size Businesses [PDF
Presentation] September 2005
Auditing Tools for
Use in Forensic Investigations [PDF Presentation] February 2005
LINX
Best Current Practice - Traceability May 1999
Evidence
gathering tools
Evidence
investigation tools
Supportive
tools
Forensics
[PDF Presentation] December 2003
Discusses The Coroners Toolkit
Forensic
Computing within the Crime and Misconduct Commission [PDF] 2004 (from
archive.org)
Evidentiary
Benefits of Write Once-Read Many ("WORM") Optical Disk Storage for Records
Management [PDF] August 2000
A Day of Cyber
Investigation [HTML Presentation] April 2000
Challenges
to Digital Forensic Evidence [PDF Presentation] February 2006
Report on
Defendant-Name vs. State-Name November 2001
In this case, the
prosecution claims that Mr. Defendant-Name knowingly possessed and
accessed specific contraband data. The question posed to Mr. Cohen in
regard to this matter is whether these assertions made by the prosecution
are supported by the evidence.
So
Much Evidence... So Little Time November 1999
Forensic
and Log Analysis GUI Tutorial [PDF Presentation] January 2006
Hooking
IO Calls for Multi-Format Image Support (using PyFlag) January 2005
RAID
Reconstruction - And the search for the Aardvark [PDF Presentation]
April 2005
Disk
Forensics (using PyFlag) January 2005
Keyword
Searching and Indexing of Forensic Images (using PyFlag) January 2005
Log
Analysis (using PyFlag) January 2005
RAID
Reassembly - A forensic Challenge (using PyFlag) February 2005
Retrieval
of Video Evidence and Production of Working Copies from Digital CCTV
Systems [PDF] March 2006
Intrusion
Detection Tools [PDF Presentation] November 2005
The
Future of Network Digital Evidence [PDF Presentation] November 2005
Security
Essentials Toolkit: Forensic Backups
Exercise 1: Disk Imaging with
Ghost
Security
Essentials Toolkit: Forensic Backups
Exercise 2: Forensics with dd
Forensic
and Log Analysis GUI [PDF Presentation] April 2005
Collecting
and Preserving Evidence after a System Compromise [PP Presentation]
2000
Intrusion
Investigation and Post-Intrusion Computer Forensic Analysis 2000
Issue of
newsletter devoted to 'Computer Crime' [PDF] Summer 1999
Searching
and Seizing Computers and Obtaining Electronic Evidence in Criminal
Investigations July 2002
An
Emerging Challenge For Law Enforcement December 1999 Article contains
a list of Computer Evidence Processing Steps.
CSI For The
Home PC [PDF] 2004
The Computer
Under the Microscope Images
The
Basics of Digital Evidence Recovery
Computer
Forensics and Cyber Investigations [PDF Presentation] 2004
CSI/FBI
Computer Crime and Security Survey [PDF] 2005
Internal
Investigations - Procedures and Techniques: An Overview [PDF] April
2001
Digital
Forensics: A Case Study April 2005
Computer
Forensics [PDF Presentation] August 2003
Computer
Forensics [PDF Presentation] 2003
Computer
Forensics in a LAN Environment [PDF] 1999
Operational
Computer Forensics - The New Frontier [PDF] 2000
Network
Forensics Analysis [PDF] 2002
Analysing
E-mail Text Authorship for Forensic Purposes [PDF] March 2003
Gender-Preferential
Text Mining of E-mail Discourse [PDF] 2002
Examination
of Computer-Resident Evidence [PDF]
Forensic
Examination of Internet Activity [PDF] July 2001
A System for Collection,
Storage, and Analysis of Multi-platform Computer System Data November
2003
Do's and
Don'ts of Forensic Computer Investigations September 2004
Part
Two: A Forensics Inquiry, Step by Step September 2004
Identify
Intrusions with Microsoft Proxy Server, Web Proxy Service and WinSock
Proxy Service Log Files [PDF] 2001
Computer
Forensics [PP Presentation]
Cybercrime and
Computer Related Forensic Investigations [PP Presentation]
Enscript v3
Tutorials
Your Pal,
Enscript [PP Presentation]
Computer
Forensics Procedures and Methods [PDF] 2005
Craiger's
Cyberforensic Commandline Cheatsheet (C4) [PDF] 2005
Digital
Discovery with Linux Bootable CDs [PDF Presentation] 2005
Recovering Digital
Evidence from Linux Systems [PDF] 2005
Virtual
Digital Evidence Lab: A Distributed Forensic Resource Network [PDF]
May 2006
Abstract
[Word doc]
Law Enforcement
and Digital Evidence [PDF] April 2005
Digital evidence
obfuscation: recovery techniques [PDF] 2005
Challenges
for Law Enforcement in Forensics [PDF Presentation] February 2005
Cracking
Windows 2000 And XP Passwords With Only Physical Access [Word doc]
The
Eavesdropper’s Dilemma [PDF] February 2006
Computer
Crime and Forensics [PP Presentation] February 2003
2005
E-CrimeWatch Survey [PDF] 2005
CTOSE Project
Results [PDF] October 2003
Computer
Forensics 101 & Incident Response [PDF] October 2003
An
Evaluation of Image Based Steganography Methods [PDF] Fall 2003
Electronic
Evidence in Criminal Defense [PDF Presentation] March 2006
Cyber
Crime: The Next Challenge An Overview of the Challenges Faced by Law
Enforcement While Investigating Computer Crimes in the Year 2000 and
Beyond [PDF] 2000
Source of graphichttp://www.pittsburghlive.com/images/static/newsextra/0113cyber.pdf
Computer
Forensics - Problems and Solutions [PDF Presentation]
The
Use of Random Forest to Develop an Intelligent Computer Forensic Tool
[PDF] 2004
A
Forensic Tool Validation of the Coroner's Toolkit's mactime [PDF] 2003
Building
a Computer Forensics Education Program [PDF Presentation] April 2004
Digital
Forensics Research in the United States [PDF] March 2006
Digital
Forensics [PDF Presentation] May 2006
Computer Forensics:
Overview [PDF Presentation] 2003
Setting up an
Online Investigative Computer: Hardware, Connectivity and Software
Recommendations [PDF] June 2004
Creating
a Cell Phone Investigation Toolkit: Basic Hardware and Software
Specifications [PDF] August 2006
Deleted files can be
recovered 2006
SmartMedia,
CompactFlash & Memory Stick Data Recovery 2001
Computer
Forensics - A digital approach to Investigating Computer Crime [PDF
Presentation] 2004
Methods
for evidencing illicit use of a computer system or device [A Patent
Application] April 2003
Digital
Evidence Impact on Investigations and Audits [PP Presentation]
December 2003
Computer
Forensic Resources
Downloads -
Forms and Checklists
Computer
Intrusion Investigation Guidelines January 2001
High
Technology Crimes (Sacramento Valley Hi-Technology Crimes Task Force)
[PDF Presentation] 2004
Data
Recovery [PP Presentation] May 2003
Handling
Digital Evidence [PP & PDF Presentation] May 2005
Language
and Gender Author Cohort Analysis of E-mail for Computer Forensics [PP
Presentation] August 2002
Mining
E-mail Content for Author Identification Forensics [PDF]
Language
and Gender Author Cohort Analysis of E-mail for Computer Forensics
[PDF] August 2002
An Exploration
of Future Anti-Forensic Techniques [PDF] 2005
Computer
Forensics [PP Presentation] June 2002
Data Validation
Using The Md5 Hash
Cases
Involving Encryption in Crime and Terrorism May 1997
Hiding
Crimes in Cyberspace [Word document] July 1999
Hiding
Crimes in Cyberspace [PP Presentation] March 2001
Digital
Evidence Collection Worksheet [RTF document]
First
Responder's Manual [PDF] May 2001
Evidentiary
Considerations for Collecting and Examining Hard-Drive Media [PDF]
November 2001 (from archive.org)
Network
Forensics - Hacker, You cannot Escape! [Presentation in PDF] February
2004 (from archive.org)
The
Difficulty of Data Annihilation from Disk Drives: or Exnihilation Made
Easy [PDF] December 2001
A
Triad of Collaboration: Internet-Related Investigative Considerations
Prior to the Computer Forensic Application [PDF] November 2004
Virtual
- Reality: A Preliminary Forensic Assessment Relating to Child Pornography
in the Prosecutorial/Defense Effort [PDF] November 2003
Enterprise
Forensics - Changing the Forensic Paradigm… [PDF Presentation]
November 2005
The
Metasploit Framework - A DigitalDefence Technical Note [PDF] April
2006
Privacy and
Online Investigation by Copyright Management Bodies [PP Presentation]
May 2003
ISObuster
as a Forensic Tool [PDF] September 2002
Authenticating
Evidence of Internet Chat Room Logs Recovered From A Hard Drive
Documents and Meeting
Materials 2004 - 2006
Scan of the month -
Scan 24
Scan of the month -
Scan 26
What
is a Forensic Network?
The Weight of
Electronic Traces [PP Presentation] May 2003
Incident
response and fraud investigation – the role of the information technology
auditor 2003
Nailing
the Intruder [PDF] July 2001
Basic
Steps in Forensic Analysis of Unix Systems
Dissecting
Distributed Malware Networks [PP Presentation]
Intruder
Discovery / Tracking and Compromise Analysis August 2000
Reporting
probes/intrusion attempts from an IP address 2000
Responding
to a security incident on a Unix workstation 2000
An
Introduction to Computer Forensics [PDF] April 2006
Identification
of Appropriate Technologies, Procedure for Handling & Analysing
Digital Evidence [PP Presentation] 2005
Building
a Forensic PC [PDF Presentation] November 2005
Macintosh
Forensics [PDF Presentation] November 2005
Macintosh
Forensics [PDF Presentation] September 2005
Open
Source Digital Forensic Acquisition and Analysis on Mac OS X [PDF
Presentation] October 2004
Hands-On
Honeypot Technology - Analysis & Forensics [PDF Presentation] July
2005
Part of their'Hands-On Honeypots' course
taught at Blackhats USA 2005
Standardization
of Computer Forensic Protocols and Procedures [PDF Presentation] 2002
(from archive.org)
Computer
Forensics [PDF] January 2001
Information
Assurance Applied to Authentication of Digital Evidence October 2004
Digital
Forensics [PDF Presentation] November 2003
Dialing
for Evidence [PDF] Jan/Feb 2006
Can
Digital Evidence Endure the Test of Time? [PDF] August 2002
Powerpoint
Briefing
Forensics,
Fighter Pilots and the OODA Loop: The Role of Digital Forensics in Cyber
Command and Control [PDF] August 2004
Powerpoint
Briefing
XMeta:
a Bayesian approach for computer forensics [PDF] November 2004
Gentoo
Linux Quick Install Guide for a Forensic Workstation [PDF] March 2004
Virtual
War's Computer Forensic page
Learning
from what Intruders Leave Behind December 2000
Guidelines
for the Best Practice in the Forensic Examination of Digital
Technology [Word document] October 2003
Computer
Forensics in the Classroom [PPT Presentation] 2006
Abstract [PDF]
Is
That Data Gone Forever? [PP Presentation] May 2001
eBanking
Forensics
Forensics
for Advanced UNIX File Systems [PDF] 2004
Data
Hiding in Journaling File Systems [PDF] August 2005
Dusting for
digital fingerprints [Word document] March 2005
Whodunnit?
March 2001
Tracking the
hackers
Computer-Mediated
Communications and Criminal Evidence [PDF] March 1999
Drive
Translation (and second article AOL ART Files) [From archive.org]
March 2000
Automated
diagnosis for computer forensics [PDF] August 2001
Responding to
Cybercrime in the Post-9/11 World [PDF]
Formal
Specification and Refinement of a Write Blocker System for Digital
Forensics [PDF] November 2005
Embedding
Forensic Capabilities into Networks: Addressing Inefficiencies in Digital
Forensics Investigations [PDF Presentation] June 2006
Designing
a Computer Forensics Course for an Information Assurance Track [PDF]
June 2004
The
New Zealand Hacker Case: A Post Mortem [PDF] September 2005
Running
an IT Investigation in the Corporate Environment [PDF] February 2003
Evidence
Collection and Data Seizure
Introduction
to Knoppix-STD: Forensic Analysis of a Compromised Linux Harddrive [PP
Presentation] March 2004
Computer
Forensics: Training and Education [PDF]
CyberCrime
[HTML-framed Presentation] September 2001
Cyber
Crimes [PP Presentation] May 2006
Evaluating
the Capacity to Respond to E-Crime [PDF] 2000
Network
Forensics Evasion: How to Exit the Matrix March 2006
Computer
Forensics in the Inspector General Environment [PDF Presentation
Electronic
Discovery and Computer Forensics [PDF] January 2004
No
Thanks for the Memories January 2001
Higher-order
Wavelet Statistics and their Application to Digital Forensics [PDF]
2003
A
bit of help if you've just been broken into (from archive.org) 2000
A
bit of help recovering a deleted file under Unix (from archive.org)
2000
Bring Out Your Dead January
2001
What Are MACtimes? July
2001
Forensic Computer Analysis: An
Introduction July 2001
Forensic
Discovery (The Book)
The final HTML drafts that were sent to the
publisher; minus the final formatting and a few minor changes
Forensic Discovery
Chapter
7: The Persistence of Deleted File Information [PDF] December 2004
Computer
Forensics Analysis Class Handouts August 1999
An Experiment in
Forensics Reveals Attacker's Techniques
Email
Forensics - Who has user X been communicating with April 2005
Email
Forensics [PP Presentation]
Stand-alone
PC Examination Basic Forensic Guidelines
Encryption:
Impact on Law Enforcment June 1999
Computer
Security Incident Response Guide December 2001
Computer
Security Incident Response Planning [PDF] May 2001
Data
Disposal - Gone for Good [PDF Presentation] Fall 2005
Exploring
Data Generated by Computer Forensic Tools with Self-Organising Maps
[PDF] February 2005
Collecting And
Preserving Electronic Media [PDF] 2004
Computer
Discovery and Risk Control: What’s Lurking on Your Computer System?
(Pages 10 - 18) [PDF] 2001
Cybersleuthing:
A Guide to the Essentials of Computer Discovery [PDF Presentation]
April 2005
Effective
Data Searches [PDF] 2001
Everything You
Wanted to Know About Email Discovery, But Were Afraid to Ask [PDF]
2001
Evidence With
A Byte [PDF] 2002
Lost? No.
Found? Yes. Those Computer Tapes and Emails are Evidence [PDF] 2001
Resurrecting
the Smoking Gun: How to Find and Recover Evidence [PDF] April 2003
The
Essentials of Computer Based Discovery [PDF] 2002
The
Essentials of Computer Discovery [Word document] 2002
The Expert's
Role in Computer Based Discovery [PDF] 2002
The
joys of complexity and the deleted file [PDF] July 2005 (Requires
registration)
Defending
Cyber-Crime [PP Presentation] (from archive.org)
Computer
Forensics: A Critical Need for Computer Science Programs (Requires
purchase) [PDF] 2005
Investigating Child Exploitation and Pornography
TOC
and Chapter 1 [PDF] 2004
Calling the
CyberCops: Law Enforcement and Incident Handling April 2000
Computers hinder
paper shredders February 2002
Online
Forensics of Win32 System Guide [Zipped] May 2004
Computer
Crimes and Digital Evidence [PP Presentation] 2002 (from archive.org)
Router
Forensics DDOS/worm Updates [PP Presentation] 2002
Layer
2, Routing Protocols, Router Security & Forensics [PP
Presentation] 2002
Computer
Forensic Guidance [PDF]
Incident
Response and Digital Forensics [PP Presentation]
The FBI and the
Internet [PDF Presentation] November 2005
Child Pornography
and the Net [PDF] 1999
Understanding the
Computer and How Child Pornography Cases are Made [PDF]
X-Ways
Software Technology AG [PDF Presentation] June 2006
Logfile
Analysis: Identifying a Network Attack [PDF] July 2001
Autopsy
of a successful intrusion (well, two actually) October 2002
Computer
Forensics - Handling an Incident [PDF Presentation] June 2005
Linux
Memory Forensics March 2004
Incident
Reporting & Automation [PDF] March 2001
Electronic
Data Discovery Unleashed [PDF]
Computer
forensics software, an introduction September 2004
Compelling
Production of Hard Drives [PDF] Spring 2006
The
Forensic Lifecycle [PDF] 2005
Time
and Date Issues in Forensic Computing - A Case Study [Available by
request] 2004
Analyzing
the Difficulties in Backtracking the Onion Router's Traffic [PDF]
Covert
Channels: A Never Ending Challenge for Forensic Examiners [PDF
Presentation] November 2003
The
"Art" of Log Correlation [PDF] July 2004
Catch
Me If You Can: Exploiting Encase, Microsoft, Computer Associates, and the
rest of the bunch... [PDF Presentation] July 2005
PP
Presentation
Process
Forensics: A Pilot Study on the Use of Checkpointing Technology in
Computer Forensics [PDF] Summer 2004
Inquiry into
Terrorism Detention Powers [PDF] January 2006
Forensic DiscoveryComputer
Aided Forensics (Poster) [PDF] 2004
Digital
Forensics Laboratory Projects [PDF] May 2006 [Free - Registration
Required]
Computer
Forensics Laboratory and Tools [PDF] June 2005 (Requires registration)
Computer
Forensic Investigation for XYZ Company [PDF] July 2005
Computer
Forensic Investigation Standard Operating Plan [PDF] September 2005
Forensic
Disk Imaging Using Linux [PDF] July 2005
Linux
Computer Forensics: Forensic Disk Imaging [PDF Presentation] July 2005
Digital
Audit Trails and Their Importance in Computer Crime Investigations
[PDF Presentation w/ notes] June 2003
The
Fight against Cyber-Crime: The Need for Special Training on Digital
Evidence
An
Analysis of the Integrity of Palm Images Acquired with PDD [PDF] 2004
To
Cache a Thief: How Litigants and Lawyers Tamper with Electronic Evidence
and Why They Get Caught [PDF] January 2004
TKS1 - An
anti-forensic, two level, and iterated key setup scheme [PDF] July
2004
The
Coroner’s Toolkit March 2005
The Coroner's
Toolkit [PDF Presentation] March 2005
Practical
Windows Forensics [HTML-framed Presentation] July 2001
Probing
into Digital Image Tampering [PDF] December 2004
Use of
Dates and Times in Forensic Exams/Investigations [PDF] 2003
Live
Solaris Evidence Gathering Instructions (V 1.0) [PDF] May 2006
Live
Solaris Evidence Gathering Instructions (V 1.2) [PDF] May 2006
Securing
Evidence and Preparing it for Court [PDF] July 2005
Bluepipe:
A Scalable Architecture for On-the-Spot Digital Forensics [PDF] Summer
2004
EnCase:
A Case Study in Computer-Forensic Technology [PDF] January 2001
Fight
Crime and Improve Security with Data Mining [PP Presentation] February
2003
Proactive
& Reactive Forensics [PDF Presentation] September 2005
Web
Forensics [PDF Presentation] February 2006
A
Web Service for File Fingerprints: The Goods, the Bads, and the
Unknowns [PDF] 2003
AFF:
A New Format for Storing Hard Drive Iamges [PDF] February 2006
Clean
Delete [PDF Presentation] April 2006
"Complete
Delete" and other Patterns for Information Eradication [PDF
Presentation] October 2005
Cross-Drive
Analysis and Forensics [PDF] November 2005
Disk
Sanitization and Cross Drive Forensics [PDF Presentation] September
2005
Everything
You Need to Know About the Destruction of Information on Computer Hard
Drives [PDF Presentation] May 2006
Forensic
Feature Extraction and CrossDrive Analysis [PDF] May 2006
Forensic
feature extraction and cross-drive analysis [PDF] August 2006
Forensics
Wiki February 2006
Hard-Disk
Risk 2003
Information
Leakage and Computer Forensics [PDF Presentation] February 2006
Network
Forensics: Tapping the Internet April 2002
New Directions
in Disk Forensics [PDF Presentation] January 2006
Remembrance
of Data Passed: Used Disk Drives and Computer Forensics [PDF
Presentation] 2004
Tools of
Evidence March 2003
One Big File Is
Not Enough: A Critical Evaluation of the Dominant Free-Space Sanitization
Technique [PDF] June 2006
An Advanced
Forensics Format: An Open, Extensible Format for Disk Imaging [PDF]
March 2006
The Advanced
Forensics Format Library and Tools [PDF Presentation] January 2006
Fingerprinting
Your Files August 2004
Forensic
Acquisition Utilities Revised August 2004
Regional
Computer Forensic Laboratories Nov/Dec 2003
DOE
Cyber Forensics Laboratory: Program Briefing [PP Presentation] 2003
Case
Study of Insider Sabotage: The Tim Lloyd/Omega Case [PDF]
A
detailed discussion of the investigation into the placement and analysis
of a 'logic bomb'.
CSI:
Cyberspace Investigations, Evidence, And Forensics in the Digital
World [PP Presentation] September 2005
Evaluating
Commercial Counter-Forensic Tools [PDF] August 2005
Computer-Forensic
Privacy Tools: A Forensic Evaluation [PDF] June 2005
Learning
by Doing April 2002
Intro
to forensics: Using the last command to track down changes January
2003
Extracting forensic
evidence from biometric devices [PDF] 2003
Forensic
Implications of Biometric Devices and future identification management
systems [PP Presentation] August 2005
Forensic
Implications of Identity Management Systems [PDF] January 2006
Shrinking
the Ocean: Formalizing I/O Methods in Modern Operating Systems [PDF]
June 2002
AFIRM
(Active Forensic Intelligent Response Method) [PDF]
The S.A.N.E.
approach to computer forensics
Guidelines
for the Management of IT Evidence [PDF] March 2004
Guidelines
for the Management of IT Evidence [PP Presentation] March 2004
SIRT
& Forensics [PDF Presentation] March 2005
File
Hound: A Forensics Tool for First Responders [PDF] August 2005
Computer
Forensic Science: A Methodology [Word Document] 2001
Cyber
Forensics: A Military Operations Perspective [PDF] Summer 2002
Vulnerability
Identified in Fax Machines and Printers August 2001
Excerpt from
the News and Trends column of Security Management Online
Where
Data Hides and Resides - Understanding Hidden Data in Windows [PDF]
April 2004
Finite
State Machine Analysis of a Blackmail Investigation [PDF] May 2005
State Machine Theory
of Digital Forensic Analysis 2004
State
Machine Theory of Digital Investigations [PP Presentation] 2005
There
is Something Fishy About Your Evidence… or How to Develop Inconsistency
Checks for Digital Evidence Using the B Method [PDF] June 2006
Formalising
Event Time Bounding in Digital Investigations [PDF] Fall 2005
Intrusion
Auditing with NTLast [PP Presentation]
Digital
Forensics [PDF Presentation] March 2006
Digital
Forensics - Finding information that has been lost... [PDF
Presentation] April 2004
FOSS Digital
Forensics [PDF Presentation] June 2006
Helix 1.7
for Beginners [PDF] Updated March 2006
Loudoun's
AOL Detective Finds Clues in E-mail August 2000
Managing
your Evidence Problems associated with proper collection procedures
[PDF]
netForensics® – A
Security Information Management Solution [PDF]
Forensix:
A Robust, High-Performance Reconstruction System [PDF] June 2005
Cyber
Crime: Theft of a Trade Secret [PDF Presentation] February
2004
Investigating The Fraud, Recovering Digital Evidence, and
Assessing Damages
Watching
the Detectives June 2002
Initial
investigating actions related to detecting cyber crimes
Tactical
Features of Inquiry Actions at Computer Crime Investigation May 2003
Problems of
Investigation of Crimes in the Field of Banking Computer Systems
Preserve and
Protect February 2004
Log files can make or break your case in
court. Here's how to preserve the evidence.
Forensic
extraction of electronic evidence from GSM mobile phones [PDF
Presentation] 2001
IP
& Cybercrime [PDF] February 2003
Planning
for Failure: Developing an Effective Incident Response Plan for HIPPA
Compliance [PP Presentation] September 2003
Emerging
Technology: Taking A Byte Out Of Crime February 2001
Computer
Incident Response and Computer Forensics Overview [PDF] March 2001
Forensic
Computer Investigations & Data Recovery [PDF Presentation] January
2003
Step
Away from the Keyboard! [PDF Presentation] Februsry 2004
FAQ:
Firewall Forensics (What am I Seeing?) June 2000
Computers
Forensics [PP Presentation] June 2002
Guide
to Computer and Network Data Analysis: Applying Forensic Techniques to
Incident Response [PDF] August 2005
Handheld
Forensics: Palm and Beyond [PDF Presentation] June 2005
Mobile
Device Insecurity [PDF Presentation] April 2005
pdd:
Memory Imaging and Forensic Analysis of Palm OS Devices [PDF] March
2002
Memory
Imaging and Forensic Analysis of Palm OS Devices [PDF Presentation]
June 2002
Mobile
Device Security page - small collection of tools
Seizing
and Searching Computers and Computer Data [RTF doc] 2000
Halcrow Group
Ltd MIS Computer Forensic Procedures June 2002
Law
Enforcement, Forensics and Mobile Communications [PDF] March 2006
National
Security, Forensics and Mobile Communications [PP Presentation] March
2006
Computer
Sleuth - Beating down the evidence trail with computer forensics [PDF]
April 2003
Our
Perspective of Computer Forensics and Electronic Discovery in Our
Corporate Environment [PDF Presentation] November 2005
The
Certified Computer Examiner Certification January 2004
Chapter
11: Honeypot Data Analysis [PDF] June 2005
Sample chapter from
Honeypots for Windows
Computer Cop
Prophile
Computer Forensics in
Litigation [PP Presentation] December 2005
Introduction to Computer
Forensics [PP Presentation] 2006
Starting your own Computer
Forensics Company [PP Presentation] 2005
Starting your own
Computer Forensics Company [Word doc]
eDanger.com
[PDF] Winter 2005
Computer Under
the Microscope Images
Bootable
CD-Rom Linux Security Toolkits [PDF Presentation] September 2003
Intro to Linux
for Data Forensics version 2.0.5 [NASA ftp site]
Alternate Download Site
Digital
Forensic [PDF] January 2004
Forensik
Toolkits [PDF] 2003 (in German)
Evidence
on the Internet [RTF doc]
Defend I.T.: Security by ExampleChapter 15 -
Executive Fraud (Select Sample Chapter) [PDF] May 2004
A case study
of computer forensics
Dissecting
NTFS Hidden Streams July 2006
Incident
Response & Computer Forensics [PP Presentation] September 2005
Digital
Forensic Analysis of E-Mails: A Trusted E-Mail Protocol [PDF] Spring
2004
"e-Evidence
Standard": Proving the integrity, reliability, and trust on electronic
records [PDF] June 2002
Data
Remanence in Semiconductor Devices August 2001
Paper presented at
USENIX. Discusses issues in static and dynamic RAM, CMOS circuitry, and
EEPROMs and flash memory.
How
Windows encrypts .PWL files November 1995
Secure
Deletion of Data from Magnetic and Solid-State Memory July 1996
Inappropriate
Use of Computers - The Technical Investigation Process December 2003
Trojan
Defence: A Forensic View (Part 1) [PDF] January 2005
Trojan
Defence: A Forensic View (Part 2) [PDF] January 2005
Computer
Forensics: Introduction to Incident Response and Investigation of Windows
NT/2000 [PDF] December 2001
Computer
Forensics & Electronic Evidence [PP Presentation] September 2005
Computer
Forensics in Private Industry [PDF Presentation] November 2005
INFO2
Recycle Bin File - A Primer September 2005
What is
Computer Forensics? September 2003
Setting
up for Forensics July 2003
Toward
Defining the Intersection of Forensics and Information Technology
[PDF] May 2005
Data
Reduction - Refining the Sieve [PDF] February 1996
Computer
Forensics Methodologies for Fraud Investigations [PP Presentation]
October 2005
Cybercrime
in Canada [PDF Presentation] February 2005
Unix Security 101 - forensic
examples [Javascript Slideshow]
To
Revisit: What is Forensic Computing? [PDF] 2004
Electronic
Crime - its not only the big end of town that should be worried [PDF]
2004
Forensic
Computing Theory & Practice: Towards Developing a Methodology for a
Standardised Approach to Computer Misuse [PDF] 2003
Refining the
Taxonomy of Forensic Computing in the Era of E-crime: Insights from a
Survey of Australian Forensic Computing Investigation (FCI) Teams
[PDF] November 2003
"Computers
are like Filing Cabinets…" Using Analogy to Explain Computer Forensics
2002
Geeks with Guns, or How I
Stopped Worrying and Learned to Love Computer Evidence [PDF] October
2005
Computer
Forensics [and Divorce] [Word document] 2002
Computer
Forensics 101 [PP Presentation] April 2004
Incident
Response and Network Forensics [PP Presentation]
Analyzing
Exchange and mbox e-mail files using Free and Open Source Software
December 2005
Electronic
Crime: Trends, Collection, Analysis [PP Presentation] 2005
Digital
Forensics and Information Assurance - Education and Research [PDF]
December 2003
Protocols
for the Recovery, Maintenance and Presentation of Motor Vehicle Event Data
Recorder Evidence [PDF] June 2003
Event Data Recorder
Case Law
List of
all vehicles with EDRs
Arriving at
an anti-forensics consensus: Examining how to define and control the
anti-forensics problem [PDF] August 2006
Computer
Forensic Tools [PP Presentation] June 2004
A Lessons Learned
Repository for Computer Forensics [PDF] August 2002
A Lessons Learned
Repository for Computer Forensics [PP Presentation] August 2002
High Tech
Forensics [PDF] July 2004
Computer
Forensics and Electronic Discovery [PDF Presentation] August 2006
5
Common Mistakes in Computer Forensics [PDF] January 2004
Pages 4-6
of 'Know Fraud'
Audit
trails are vital for post-compromise investigations November 2002
Identifying
a deleted account November 2002
Macintosh
Forensic Analysis Using OS X [PDF] October 2002
Coroner's
Toolkit: An Introduction [PP Presentation]
Digital
Forensics and Corporate Investigations [PDF Presentation & MP3]
March 2006
Is
that a Felony on Your Computer? [PDF] October 2003
Computer
Forensics [PDF Presentation] June 2003
The Continuing
Evolution of Computer Forensics (pages 18-25) [PDF]
Law Enforcement
Quarterly Winter 2005-2006
Inside
the e-Nigma [PDF] 2001
A Guide to Investigation
and Prosecuting cases involving Hacking and the Computer Underground
[Word doc] April 2004
Anti-Forensics
[PDF Presentation] April 2006
Using
Fport on Windows NT to Map Applications to Open Ports [PDF] April 2001
Forensic Computing
as applied to the current practice of Medicine September 2004
IT
Forensics: the collection of and presentation of digital evidence
[PDF] July 2005
Open
Resources to Improve Your Forensic Analysis [PDF Presentation]
November 2005
Police
Reserve Specialists - Local Application of Global Concept [PP
Presentation] March 2002
Quick Reference
Guide: [Disclosure of] Stored Wire and Electronic Communications [PDF]
Inappropriate
use of computers - the technical investigation process December
2003
PDF
version
An
Example of Mobile Forensics [PP Presentation] 2005
Forensic
Analysis Without an IDS: A Detailed Account of Blind Incident Response
[PDF] January 2002
Extracting
Email IDs from IM Clients September 2002
Proposal
to Formalize Test and Evaluation Activities Within the Forensic and Law
Enforcement Communities [PDF] August 2004
Powerpoint
Briefing
Unix
Forensics February 2004
Handling
Digital Photographs for Use in Criminal Trials [PDF] May 2004
Forensic IT
Investigations [PP Presentation] May 2003
Incident
Analysis of a Compromised RedHat Linux 6.2 Honeypot April 2002
Forensic Computer
Examination
Disk
Cloning [PDF] Revised January 2005
LiveWire
Investigator [PDF Presentation] November 2005
Proving
the Integrity of Digital Evidence with Time [PDF] Spring 2002
Time-Lining
Computer Evidence [PDF]
Biometrics
and Digital Evidence [PDF]
Ambiguities
in US law for investigators [PDF] April 2004
Digital
Forensics: Sleuthing on Hard Drives and Networks [PDF] December 2005
21st
Century Forensics: Searching for the 'Smoking Gun' in Computer Hard
Drives [PDF] 2003
Starting a
Computer Forensic Lab [PDF Presentation] July 2003
Forensics
in the Field – The art of developing a computer forensics field deployment
kit [PDF Presentation] June 2006
Best Methods
for Forensic Investigators when Encountering Windows Encrypted Content
[PDF Presentation] November 2003
Forensic
Challenges - Windows Encrypted Content [PDF Presentation] April 2006
Working
with Law Enforcement to Abate Cybercrime [PDF]
A
Preliminary Examination of Tool Markings on Flash Memory Cards [PDF]
2004
Incident
Response and Handling [PDF Presentation] March 2005
Cyber Crime and E
Cyber Crime and E-commerce [PDF] Discusses DESK : Digital Evidence
Search Kit
Orphans
in the NTFS World [PDF] 2005
Thumbs
DB Files Forensic Issues [PDF] 2005
Analysis
of Computer Forensics [PDF] March 2002
Policing the
Digital Frontier 2003
Forensic
Procedures
Botnets as a
Vehicle for Online Crime [PDF] December 2005
FORZA –
Digital forensics investigation framework that incorporate legal
issues [PDF] August 2006
Hacking,
Handling and Investigation Experience Sharing [PDF] January 2003
Recent
Advances in Computer Forensics [PDF Presentation] May 2005
Cyber-Investigation
on Cyber-Crime [PDF Presentation] July 2001
Introduction
to Digital Forensics Procedure, Tools, and Techniques [PDF
Presentation] April 2006
Computer Forensics Manual
Computer
Forensics Part 1: An Introduction to Computer Forensics [PDF] April
2004
Computer
Forensics Part 2: Best Practices [PDF] May 2004
Computer
Forensics Glossary [PDF]
Computer
Crime Investigation & Computer Forensics [PDF]
Secure
Deletion and the Effectiveness of Evidence Elimination Software [PDF]
Septemner 2005
Law
Enforcement Tools and Technologies for Investigating Cyber Attacks: Gap
Analysis Report [PDF] February 2004
Good Practice Guide
for Mobile Phone Seizure & Examination [Word doc] March 2006
Enforcement Techniques - Chapter 3 -Digital
Evidence Gathering [PDF] April 2006
Principal
Current Data Types [PDF] March 2003
Conference
Proceedings: 1999 - 2002
Computer
Forensics [Zipped PDF] September 2002
IS
Auditing Guideline: Computer Forensics
Fighting
Online Software Piracy [PDF] August 2004
Safe-KIDS -
Known Image Database System [PDF]
Computer
Forensics: An Emerging Practice in the Battle Against Cyber Crime
[PDF] May 2003
Begin a
forensics investigation with WinHex December 2004
Computer
forensics tips help you monitor investigations September 2002
Ghosts
in the Machine (from archive.org)
Computer
Forensics - The Need for Diverse Tools [PP Presentation] March 2004
Working With Obsolete
Data March 2006
Ibas Computer
Forensics: A White Paper [PDF]
Forensic
Software Tools for Cell Phones [PDF Presentation] June 2006
Mobile
Device Forensic Software Tools [PDF Presentation] November 2005
An
Overview and Analysis of PDA Forensic Tools [PDF] April 2005
Forensic
Software Tools for Cell Phone Subscriber Identity Modules [PDF] April
2006
Guidelines
on Cell Phone Forensics [Draft] [PDF] August 2006
Guidelines
on PDA Forensics [PDF] November 2004
Fingerprint
Identification and Mobile Handheld Devices: An Overview and
Implementation [PDF] March 2006
Extending the
Coroner's Toolkit via Aggregate Database [PDF] Spring 2004
The
Coroners Toolkit - In depth [PDF] February 2002
Cybercrime
forensics [Zipped PS] 2003
An
empirical study of automatic event reconstruction systems [PDF] August
2006
Incident
Response and Forensics: A Look Inside a Hacked Box [PDF Presentation]
February 2006
Computer
Forensic Text Analysis with Open Source Software [PDF] June 2003
Forensic
and Anti-Forensic Computing [PDF] December 2002
Autopsy [PDF]
January 2005 Computer Forensics Using Knoppix STD tool Autopsy
Disaster
Recovery Planning with a Focus on Data Backup/Recovery [PDF] January
2001
IT
Security and Forensics: A Complementary Approach [PDF Presentation]
2004
Computer-Related
Crime Impact: Measuring the Incidence and Cost [PDF] December 2003
What
evidence is left after disk cleaners? [PDF] 2004 Volume 1 Issue 3
[Registration required]
Real-time
Forensic Evidence Collection [PP Presentation] September 2005
Forensic
Analysis of a Compaq RAID-1 Array and Using dd with EnCase v3
September 2002 (from archive.org)
Forensic
Analysis of Internet Explorer Activity Files [PDF] Revised May 2003
Forensic
Analysis of Microsoft Internet Explorer Cookie Files [PDF] May 2003
Forensic
Analysis of Microsoft Windows Recycle Bin Records [PDF] Revised May
2003
Forensic
Analysis using FreeBSD - Part 1 October 2002 (from archive.org)
Incident
Response: Performing Investigations on a Live Host [PDF]
FORENSICS
- Loadable Kernel Modules [PDF]
Real Digital Forensics: Computer Security and Incident Response
Chapter 1:
Windows Live Response [PDF] August 2005 Select 'Sample Chapter'Alternate
Link
Case
Studies [PDF] August 2005
Web Browser
Forensics, Part 1 March 2005
Web Browser
Forensics, Part 2 May 2005
Anti-Hacker Toolkit
TOC,
Introduction, and Chapter 8 [PDF]
Working
with Police [PDF] January 2001 (from archive.org) Discusses ACPO's
Good Practice Guide for Computer-based Evidence
Internet Forensics[Sample]
Chapter 4: Obfuscation [PDF] October 2005
Software
Engineering Project (Honours): ZSAT [PDF] October 2004
Introduction
to Forensics 101 [PDF Presentation] August 2003
Where
Litigation Support Ends and Electronic Discovery Begins [PDF] November
2002
The
Computer Caper
Disabling
Wireless Networks for Law Enforcement [PDF] June 2005
Computer
Forensics - The Legal Side of Incident Response [PP Presentation]
April 2004
Incident Response and
Computer Forensics [PP Presentation] October 2003
Incident
Response and Forensics [PP Presentation] July 2003
Preparing
for the Unexpected: Is it Possible? [PDF] Secure Business Quarterly
2001
File
Type Identification of Data Fragments by Their Binary Structure [PDF
Presentation] June 2006
How
to Conduct On-Premises Discovery of Computer Records Part I: Obtaining
the Data
How
to Conduct On-Premises Discovery of Computer Records Part II:
Dectecting Altered Records
Computer
Forensics [PP Presentation] June 2005
Efficient
log authentication for Forensic Computing [PDF Presentation] June 2005
Implementing
Policies and Procedures for Effectively Supervising CyberOffenders: U.S.
Probation Department-EDNY [PDF Presentation] June 2005
Wrong
Conclusions, Bad Testimony [PDF Presentation] November 2005
Computer
Forensics [PP Presentation] 2002
Computer
Forensics: Beyond the Buzzword [PDF] August 2002
Evidence
Enhancing Technology - Bridging the Techno-Legal Gap with Secure Audit
Logging [PDF] December 2003
Gatekeeping
Out Of The Box: Open Source Software As A Mechanism To Assess Reliability
For Digital Evidence Fall 2001
Project
Internet Forensics [PDF Presentation] September 2004
The Byte
Stops Here: Duty and Liability for Negligent Internet Security [PDF]
2000
Realizing
- Risk Sensitive Evidence Collection [PDF Presentation] August 2005
Principles of Digital
Forensics as applied to Law Enforcement [PDF Presentation] July 2006
The
electronic autopsy - digital forensics Part 1 August 2006
Looking
for foul play - digital forensics Part 2 August 2006
The
unique challenges of collecting corporate evidence [Available by
request] 2005
An
Overview of Steganography for the Computer Forensics Examiner July
2004PDF
versionfrom Gary
Kessler's Homepage
File
Signatures Table
Sam
Spade: A Multifunction Information Toolkit May 2001
Steganography:
Implications for the Prosecutor and Computer Forensics Examiner April
2004
from
Gary Kessler's Homepage
Computer
Forensics: The Issues and Current Books in the Field January 2002
Cracking
the Cracking April 2002
Computer
Forensics - (What You Don’t Know Can Hurt You!) [PDF Presentation]
June 2003
Electronic
Evidence - Gathering and Presenting Electronic Data for Evidentiary
Purposes [PP Presentation] October 2002
A survey of
forensic characterization methods for physical devices [PDF] August
2006
Computer
Forensics: Tracking the Cyber Vandals [PDF] October 2002
P0st-M0rt3m
0f 4 R00tk1t 4tt4ck [PP Presentation] April 2001
Tracking
Hackers with Cyber Forensics [PDF] March 2002 (from archive.org)
Cyber
detectives: Collecting evidence for web crimes [PP Presentation] July
2002 (from archive.org)
Digitalevidence
Integrated Management System [PDF] 2004
Incident
Detection, Recovery and Forensics, Plus a Few Selected Threat Remarks
[PP Presentation] September 2005
Analyze
This! Network forensics analysis tools (NFATs) reveal insecurities,
turn sysadmins into systems detectives.
Backtracking
Intrusions [PDF] October 2003
Backtracking
Intrusions [PP Presentation] October 2003
Using hash values to
identify fragments of evidence [PDF] August 2004
“Every
Contact Leaves a Trace”: Computers Forensics and Electronic Textuality
[PDF] April 2005
Making
a case for reporting and prosecution of a cyber incident [PDF] January
2003
Advanced
Forensic Concepts [Zipped PP Presentation & Handouts] August 2005
Process
Dump Analyses - Forensical acquisition and analyses of volatile data
[Zipped PDF] July 2006
A
Case for Forensics Tools in Cross-Domain Data Transfers [PDF] August
2002
Investigation
of Cybercrime and Technology-related Crime March 2002 (from
archive.org)
Obtaining
And Protecting Electronic Information For Prosecution Purposes [PDF]
August 2001
Remote
physical device fingerprinting [PDF] 2005
Building
a Linux-Based Computer Forensics Lab [PDF Presentation] January 2004
(from archive.org)
Identifying
almost identical files using context triggered piecewise hashing [PDF]
August 2006
Open
Source in Computer Forensics [PDF Presentation]
Preservation
of Fragile Digital Evidence by First Responders [PDF] August 2002
Simple
but Sound Tools for First Responders [PDF Presentation] January 2003
The
Linux Kernal and the Forensic Acquisition of Hard Discs with an Odd Number
of Sectors [PDF] Fall 2004
Recovering
Computer-Generated Evidence
Correlation of
complex evidences and link discovery [PDF] January 2003
Linux OS, Networking
and Forensics [PDF]
Real-Time
and Forensic Network Data Analysis Using Animated and Coordinated
Visualization [PDF] June 2005
Real-Time
and Forensic Network Data Analysis Using Animated and Coordinated
Visualization [PDF Presentation] June 2005
You
Are What You Type: Non-Classical Computer Forensics [PDF Presentation]
August 2006
Apprehending
The Computer Hacker: The Collection and Use of Evidence
Search
and Seizure in Cases of Computers and Child Pornography April 1999
Nobody's
Anonymous - Tracking Spam [PDF Presentation] January 2004
Nobody’s
Anonymous — Tracking Spam and Covert Channels [PDF Presentation] July
2004
Cyber
Crimes & Cyber Forensics [PP Presentation] September 2005
A
Typology of Online Child Pornography Offending [PDF] July 2004
Computer
Forensics Primer [PDF Presentation] November 2003
Computer
Forensics "Top 10 List" - Things to Avoid [PDF Presentation]
Image is Everything
[PDF]
Intro to
Computer Forensic Tools [PDF Presentation] November 2003
Intro
to Computer Forensics [PDF Presentation]
On-line
Fraud [PDF Presentation]
On-line
Investigations [PDF Presentation] 2003
Computer Forensics: Incident Response Essentials 2001
Sample: Chapter 2;
Tracking the Offender [PDF]
Where
Data Resides – Data Discovery from the Inside Out [PDF]
Computer
Forensics in the Campus Environment [PP Presentation] October 2005
Inforensics
101 [PP Presentation] May 2004
Investigating
E-Mail Activities [PP Presentation] May 2004
What You
Don’t See On Your Hard Drive [PDF] April 2002
Evidence
Preservation
Examine
a Unix Box for Possible Compromise
Intrusion
Detection FAQ What are some acceptable procedures for documentation
and detective work that will result in court-admissible evidence?
Through the
Looking Glass: Finding Evidence of Your Cracker 1999
Discovering
passwords in the memory [PDF] November 2003
Wonders
of 'dd' and 'netcat' :: Cloning Operating Systems August 2001
Forensic
Inspection of Hard Disks August 2002
Computer
Crime and Computer Fraud [PDF] Fall 2004
PDF
Presentation
Incident
Response: A Primer on Prepartation and Resolution [Zipped PDF
Presentation] (from archive.org)
Building
a Computer Forensics Laboratory [PDF]
Building
a Business Case for Computer Forensics [PDF]
Forensic
Fieldwork: Experience Is the Best Teacher [PDF]
Forensic
Methodologies: A Computer Forensic Professional’s Compass! [PDF]
Learning
the Computer Forensic Way [PDF]
Expert
vs. Expertise: Computer Forensics and the Alternative OS July 2003
Making
It Big: Large Scale Network Forensics (Part 1 of 2) March 2003
Making
It Big: Large Scale Network Forensics (Part 2 of 2) March 2003
Lakewood
PD Digital Policy
The
Role of Computer Forensics in Stopping Executive Fraud October 2004
Sample chapter from "Defend IT: Security by Example"
Computer
Forensics Analysis October 2000 A step-by-step analysis of a
compromised Unix box, detailing commands and switches.
Find
the Email Header (from archive.org)
Internet
Investigations - Finding the Suspect (from archive.org)
Forensic
Computing: An Introduction to the Principles and the Practical
applications [PDF] April 2002
A
Graphic Picture of Crime September 2002
Design
and Development of a Distance Education Paradigm for Training Computer
Forensic Examiners December 1999 (from archive.org)
Dos
and Don’ts for Digital Evidence June 2005
Computer Forensics: What is
Metadata, Why is it Significant, and How do you Deal with it? [PDF]
September 2004
Here's How to Avoid
Nasty Bytes
An
Attorney’s Brief Guide to Dating (Computer File Dating That Is) 2005
(from archive.org)
Formalisation of
the Processing of Electronic Traces [PDF Presentation] June 2003
Strengthening the
collaboration between the Investigator and the Information System Manager
Through Methodical Computer Traces Management [PDF Presentation]
September 2003 (Local copy)
Computer Forensics
for a Computer-based Assessment: The Preparation Phase [Abstract &
PDF] June/July 2005
Network
Forensics June 2004
Forensic
acquiring and analysis [PDF] 2003
Resolve Corrupted Cache
Problem
Index.Dat Files and
Primary I.E. Folders
Problem Clearing
Internet Explorer's History Data
Forensic
Computing from a Computer Security Perspective [PDF] June 2004
A
Palmtop For The Prosecution October 2002
Keystroke
Logging Investigation [PDF] 2004
Incident
and Wiretap of a Real Case [Word Document - from archive.org]
Unix
Forensic Techniques for Incident Response [PP Presentation - from
archive.org] December 2000
Windows
Media Imaging (First 17 pages) [PDF] April 2002
Detecting false
captioning using common-sense reasoning [PDF] August 2006
Digital
Anti-Forensics: Real World Identification, Analysis & Prevention
[PDF Presentation] July 2005
Forensic
Analysis of a Windows 95 System [PDF] April 2002
Antiforensics:
Trends and Emerging Technology [PDF Presentation] November 2003
Digital
Information, User Tokens, Privacy and Forensics Investigations: The Case
of Windows XP Platform [PDF Presentation] May 2003
Forensic
Tools and Processes for Windows XP [PDF Presentation] 2003
Forensic
Tools and Processes for Windows XP Clients [PDF Presentation] October
2002
Overview and Impact on
21st Century Legal Practices: Digital Forensics and Electronic Discovery,
The Good, The Bad and The Ugly [PP Presentation] August 2004
The
Managers Role: Incident Response, Electronic Evidence and Forensics
[PP Presentation] October 2003 (from archive.org)
Tutorial
- Forensics for Windows XP Clients [PDF Presentation] June 2002 (from
archive.org)
Free
Tools for Investigating PC Hacks [PDF Presentation] November 2005
Using
Helix for Recovering from PC Hacks [PDF Presentation] November 2005
A
Formalization of Digital Forensics [PDF] Fall 2004
Computer
Forensics for Litigation Support [PDF Presentation] May 2005
Techniques
for Identifying the Threat to your Systems from Researching the Apparent
Source of an Attack [PDF] July 2000
Building
a Jump Kit [From archive.org] January 2002
This document describes
how to make a 'jump kit' for investigating Linux systems that are
potentially compromised.
Copy,
Paste and Reveal [PDF] February 2006
Hard
disk ATA Security [PDF Presentation] March 2006
Win32
– Evidence Gathering [PDF Presentation] April 2004
Computer
Forensics as a Tool for Criminal Investigation [PDF Presentation]
March 2004
Technology
Crime Investigation in Hong Kong [PDF Presentation]
The types of
computer crimes in Hong Kong and the difficulties in prosecuting such
crimes [PDF]
The New
De-Tech-Tives [PDF] Spring/Summer 1999
The Social Secuirty
Administration Office of the Inspector General's Experience (Page 39)
Forensic
Examination [PP Presentation] July 2002 (from archive.org)
Data
Forensics - The smoking gun may be a click away September 2004
Data
Forensics for Legal Professionals [PP Presentation] March 2006
Fileprints:
Identifying File Types by n-gram Analysis [PDF Presentation] June 2005
Forensic
Computing 2003
Forensic
Vulnerability Discovery And Analysis [PP Presentation] August 2002
Network
Forensics and Auditing [PDF Presentation] June 2003
Computer
Forensics Security Presentation [PP Presentation] November 2003
Steganography-based
Forensic Techniques Using EnCase® 4.0 [PDF] 2003
Stego
Forensic Techniques [PP Presentation] 2003
Internal
Computer Investigations as a Critical Control Activity [PDF
Presentation] April 2005
System
Forensics [PP Presentation] August 2004
ICT
Abuse & Digital Forensic Investigations [PP Presentation] December
2005
Introducing
the Metaspolit Antiforensics Project [PDF Presentation] September 2005
Bleeding-Edge
Anti-Forensics [PP Presentation] April 2006
Defeating
Forensic Analysis [PDF Presentation] May 2006
Network
Forensics and Covert Channels Analysis in Internet Protocols [PDF
Presentation] April 2006
Computer
Forensics & Electronic Discovery [PDF Presentation]
Using
Digital Forensics to Maintain the Integrity of our Nation’s Critical
Infrastructure [PDF Presentation] August 2005
Biatchux:
A New Tool for Incident Response [PDF] April 2002
Data Forensics:.
A Case for Routine Implementation [PDF Presentation] June 2005
Digital
Investigations and the Modern Legal Landscape [PDF Presentation]
November 2005
Enterprise
Investigations: Tools and Techniques [PDF Presentation] 2005
Unofficial F.I.R.E.
FAQ 2003
Computer
Forensics [PP Presentation] September 2003
VM
Forensics – Dealing with Funky Data [PDF Presentation] November 2005
Adversary
Modeling to Develop Forensic Observables [PDF] August 2004
Powerpoint
Briefing
Digital
Incident Response, Forensics and Sanitization [PDF Presentation] July
2004
Ext2fs
and forensics April 2006
Methods of Data
Transportation
Real
Evidence, Virtual Crimes: The Role of Computer Forensic Experts [PDF]
Fall 2005
Computer
Forensics - An Overview [PDF] February 2001
Cyber-Criminals
and Data Sanitization: A Role for Forensic Accountants [PDF] Summer
2005
A strategy for
testing hardware write block devices [PDF] August 2006
Computer Forensic
Tool Testing at NIST
Several PDF and PP Presentations
Notes
on dd and Odd Sized Disks [Word Document]
Email and Web
Site Tracing [PDF Presentation] August 2005
Network
Forensics - CSI: Enterprise December 2004
Network
Forensics Tools November 2004
The use of Levenshtein
distance in computer forensics [PDF] June 2005
PP Presentation
Computer
Forensics - Integrating Technical and Procedural Tasks [PDF
Presentation] November 2003
Becoming
a Forensic Investigator [PDF] August 2004
Writing a
Computer Forensic Technical Report [PDF] August 2004
Information
Systems Forensics: A Practitioner's Approach November 2004
Digital
Data in the Enterprise: Do You Have it Under Control? [PDF
Presentation] May 2006
Secure
File Deletion, Fact or Fiction? [PDF] July 2001
Good discussion of
clusters, temp. files, deleted files, SLACK, etc.
What's on that Hard
Drive? July 2001
Why Conduct Computer
Forensics Examinations? [PP Presentation] 2003
Electronic
Data Discovery and Data Forensics - The Identification and Collection of
Electronic Files [PDF Presentation] April 2005
Initial Response
to Windows NT/2000 [PDF]
Performing
Effective Incident Response [PDF Presentation] July 2005
The
Evolution of Incident Response [PDF Presentation] 2004
Robots,
Wanderers, Spiders and Avatars: The Virtual Investigator and Community
Policing Behind the Thin Digital Blue Line [PDF] March 1997
Computer
and Network Forensics (CNF) Project Homepage
Computer
and Network Forensics as an Integral Component of the Information Security
Enterprise [PP Presentation] 2003
Forensics
and Active Protection [PP Presentation] March 2003
Hacking,
Learning to Prevent it by Knowing more About it [Presentation] January
2000
Honeytraps
As A Forensic Tools [Presentation] February 2002
Honeytraps,
a Network Forensic Tool [PP Presentation] February 2002
Honeytraps
as Forensic Tools [PP Presentation] Fall 2001
Overview
of Computer Forensics [Presentation] Fall 1999
Policies
to Enhance the Forensic of Network Security April 2000 [Ghostscript
Reader Required]
Policies
to Enhance the Forensic of Computer Security (complete presentation, 63
slides) April 2000
Software
Forensics Overview [PDF Presentation] April 2003
Policies
to Enhance Computer and Network Forensics [PDF]
Cyber Forensics: A Field Manual for Collecting, Examining, and
Preserving Evidence of Computer Crimes.Table
of contents and introduction [PDF]
Chapter
3 The Liturgical Forensic Examination: Tracing Activity on a
Windows-Based Desktop[PDF]
Internet
Security & Incident Response: Scenarios & Tactics [PP
Presentation] 1998
What
Forensic Analysts should know about NT Alternate Data Streams
What
Time is it? The Problem
Beginners
Guide to Linux Forensics [PDF] June 2005
Introduction
to Linux Forensics [PDF] June 2005
Introduction
to Linux Forensics [PP Presentation] June 2005
Introduction
to The Sleuth Kit (TSK) [PDF] September 2005
An Improved
Protocol for the Examination of Rogue WWW Sites [PDF] July 2003
Digital
Evidence [PP Presentation] 2004
More Than CSI: High-Tech
Crime Investigation [PP Presentation] 2004PDF Format
Silicon Pathology?
[PDF] June 2003 The future of forensic computing
Spam & Chips -
A Discussion of Internet Crime [PDF] April 2002
Digital
Music Device Forensics [PDF or PS] May 2005
Ipod
Forensics [PDF] December 2004
Ipod
Forensics [PDF] Fall 2005
Not
Just a Game Anymore 1999
Windows,
NTFS and Alternate Data Streams [PDF] May 2001
Collecting
Forensic Evidence [PDF Presentation] May 2005
General
Guidelines for Seizing Computers and Digital Evidence
Introduction
to Digital Evidence Seizure [PDF Presentation] September 2003
Trusted
computing and forensic investigations [Available by request] 2005
FBI
Cyber Crime Program Philadelphia Division [PP Presentation] 2003 (from
archive.org)
Computer
Forensics: Are Your Computers Free from Attacks and Problems? July
2005
New
Approaches to Digital Evidence [PDF]
Forensic
Analysis for Unix-Based Operating Systems [PDF] October 2005
Forensic
Analysis of Mobile Phones [PDF] October 2005
ZSAP
(Zero Skill Analysis Program) [PDF] January 2006
Computer
Forensics: An Issue of Definitions [PDF] 2003
Shadowcrew:
Web Mobs March 2005
Hash
Sets and Their Proper Construction [PDF]
Forensic Computing: A look at
evidence and how to handle it October 1997
Forensic
Analysis: Windows Forensic Toolchest (WFT) [PDF] Updated May 2005 GCFA
Practical Discussing WFT
Live
Forensics on a Windows System: Using Windows Forensic Toolchest (WFT)
[PDF Presentation] June 2006
Windows
Forensic Toolchest [PDF Presentation] May 2005
Incident
Handling: The Art of Containing Compromised Information [PDF] December
2000
FLUX:
A Forensic Time Machine for Wireless Networks [PDF] April 2006
FLUX:
A Forensic Time Machine for Wireless Networks [PDF Presentation] April
2006
A
Computer Forensic Methodology for Ireland [Word document] July 2003
Computer
Forensics [PP Presentation] May 2005
What is
Forensic Computing? [PDF] June 1999
Contacting Host
Owners 2004
Basic
Considerations in Investigating Computer Crime, Executing Computer Search
Warrants and Seizing High Technology Equipment [PDF] March 1999
Search
Warrants Computers & Digital Evidence [HTML-framed Presentation]
November 2005
Importance
of a Standard Methodology in Computer Forensics [PDF] May 2000
Building
a Low Cost Forensics Workstation [PDF] April 2003
Secrets of Computer Espionage: Tactics and CountermeasuresChapter
1: Spies [PDF] June 2003
Forensic
Analysis of Digital Evidence from Palm Personal Digital Assistants
[PDF] Fall 2004
Unique
File Identification in the National Software Reference Library [PDF]
May 2006
Presentations/Forms/Publications
- Internet Safety page
Packet
Sniffing for Automated Chat Room Monitoring and Evidence Preservation
[PDF] June 2001
Linkin' Logs
To Fraud November 2002
Forensic
examination of mobile phones [PDF] 2004 Volume 1 Issue 4 -
Registration required
ForNet:
A Distributed Forensics Network [PDF Presentation] 2003
Computer
Crime Investigator's Toolkit January 2001 Parts I, II, III and IV
Incident
Management with Law Enforcement December 2001
The Art, Science &
Practice of Digital Evidence [PP Presentation] 2004
The
Fallacy of Software Write Protection in Computer Forensics [PDF] May
2004
Challenges
in Forensic Computing December 2005
Time is of the
Essence March 2000
EWF
Specification [PDF] 2006 Expert Witness Compression Format
specification
Investigative
Uses of Computers: Analytical Time Lines [PDF] August 2000
Computer
Forensics: Toward Creating a Certfication Framework [PDF or PS] May
2005
Computer
Forensics: Meeting the Challenges of Scientific Evidence [PDF]
December 2004
Computer
Forensics: The Need for Standardization and Certification [PDF] Fall
2004
Data
Forensics: In Search of the Smoking Gun March 2005
Adventures in
Computer Forensics [PDF] September 2001
An
Analysis of Disk Carving Techniques [PDF] March 2005
Computer
Forensics: A Critical Process in Your Incident Response Plan [PP
Presentation] July 2001
Creating
a Computer System Incident Response Team [PP Presentation] July 2001
(from archive.org)
GCFA
Practical Assignment [PDF] September 2002
A detailed forensic
analysis of a Mac OS X system using primarily open source forensic
utilities.
Hackers,
Crackers, E-Fraud & Forensics [PDF] May 2006
Electronic
Fingerprints: Computer Evidence Comes of Age
http://www.htcia-mountainstates.org/palmosacquisition.pdf
[PDF] 2004
Police Posing as
Juveniles Online to Catch Sex Offenders: Is It Working? [PDF] July
2005
The
challenge of electronic evidence: the European response [PDF
Presentation] November 2003
Computer
Forensics: The Investigator's Perspective [PP Presentation] September
2000
High Tech
Forensics: Serving as a Police Reserve Specialist [PDF]
Article I -
Preliminary Matters
Article II -
Challenges and Sanctions
Article III-
Preserving Evidence
Article IV - Obtaining
Evidence: Interception & Surveillance
Article V - Undercover
Operations and Informants
Article VI - Obtaining
Evidence: Production Orders
Article VII -
Obtaining Evidence: Search and Seizure
Article VIII -
Post-Collection Procedures
Article IX -
Processing and Analyzing Evidence
Article X -
Reimbursement and Return of Property
Article XI - Using
Evidence
Filesystem
and network acquisition and analysis tools [PDF Presentation] November
2005
Warning!
Microsoft Word stores hidden information about you May-June 2005
Digging
for computer dirt April 2002
Computer
Crime Investigations: A Lo-Tech Practical Approach [HTML and PP
Presentation versions] October 2000
FCCU
GNU/Linux Forensic Boot CD [PDF Presentation] October 2005
Alternate
Link & USB image used during the workshop
System
Baselining - A Forensic Perspective [PDF]
Computer
Evidence - Collection and Preservation and Submission [PDF
Presentation] October 2005
The Legal Duty
of IAP's to Preserve Traffic Data : a Dream or a Nightmare? [PP
Presentation] May 2003
High-Tech
Evidence Gathering: Tapping into the Computer Criminals 1999
Computer
Forensics [PDF Presentation]
Use A Linux Bootable
CDROM to Image Your Hard Drive August 2003
The Economics of
Digital Forensics [PDF] May 2006
Real-Time
Forensics Strategies: An Executive Briefing [Word document]
After
Conversation - An Forensic ICQ Logfile Extraction Tool [PDF] September
2005
Digital
Photographs (in the courtroom) [PP Presentation]
Tracking a
Computer Hacker May 2001
Forensics on the
Windows Platform, Part One January 2003
Forensics on the
Windows Platform, Part Two February 2003
Maintaining System
Integrity During Forensics August 2003
Incident
Handling/Forensics FAQ
Animated Hard Drive Recovery
& Physical Rebuilds [Flash Presentation] August 2006
Computer
Forensics Methodologies [PDF Presentation] May 2005
Database
Record Extraction
Email
traffic patterns can reveal ringleaders March 2003
Digital
Warrants Language for a proposed California law dealing with computer
search warrants.
Encase
Decryption System [PDF]
Forensic
Checklist [PDF]
Mac
Acquisition using Target Disk Mode
Honeypot: Hacker
Tracking and Computer Forensics AND
Honeynet: A Platform for
Studying Hacker Behaviors and Computer Forensics [Presentations in
PDF] August 2003
Linux/UNIX
Security Response Cookbook [PDF Presentation] June 2004
Using
ATA commands on hard disks ... why bother? April 2006
Search, Seizure and
Production Orders Considering the Privacy Environment [PP
Presentation] March 2005
Forensic
Readiness [PDF Presentation] February 2006
Network
Forensics (from archive.org)
Cell
Phone Forensics [PDF] February 2006
The
Trojan Horse Defence [PDF] December
Guide
to Computer and Network Data Analysis: Applying Forensic Techniques to
Incident Response [PDF] August 2005
NIST Special Publication 800-86
(Draft)
Guidelines
on PDA Forensics [PDF] November 2004
PDA
Forensic Tools: An Overview and Analysis [PDF] August 2004
Cyber
Evidence Collection..a Major Challenge to Law Enforcement in India
January 2003
Data
Capture..key challenge in Cyber Evidence Management January 2003
Recovery
of Digital Evidence
Tracing
the Source of an Email
Computer
Forensics – Hiding in Plain Sight [PDF Presentation] November 2005
Digital
Evidence & Computer Forensics [PDF Presentation] November 2004
Introduction
to Computer Forensics [PDF] August 2005
Computer
Crime Point-of-Contact (CCPC) list A list of people responsible for
investigating and prosecuting cybercrime in their particular
jurisdictions, and who can provide assistance to law officers seeking
electronic evidence stored outside their states.
NIJ
Technology Program Publication Collection: Electronic Crime
Combining
Cisco NetFlow Exports with Relational Database Technology for Usage
Statistics, Intrusion Detection, and Network Forensics 2000
Responding to a
Security Incident 2000
All
Publications
Several
presentations and publications
Mobile
Phone Forensic Examination - Basic Workflow & Preservation Select
options from drop-down menu at left
Forensics
[PP Presentation] 2001
Digital
Forensics Curriculum Consortium [Word docs] 2006
System
Administration and Network Security Course (2005)
Computer
Forensics Analysis
Summer Workshop 2002
on Network Security
Day 3 :
Computer Forensics I (On-line inspection)
Day 4 :
Computer Forensics II (Off-line inspection)
Malware
Forensics by Automatic Experiments [PDF] June 2005
IDS Logs in
Forensics Investigations: An Analysis of a Compromised Honeypot March
2003
Footprints in the
Sand: Fingerprinting Exploits in System and Application Log Files
October 2002
Internet
Undercover Operations [HTML-framed Presentation] February 2004
Guide for the
preservation of computer based evidence following an unauthorised
intrusion
Cyber
Crime and the Courts - Investigation and Supervising the Information Age
Offender [PDF] September 2001
Wireless
Intrusion Investigation [PP Presentation] 2005
Digital Forensics
using Linux and Open Source Tools [PDF Presentation] September 2005
Domain Name
Forensics: A Systematic Approach to Investigating an Internet Presence
[PDF] November 2004
Forensic acquisition
and analysis of magnetic tapes [PDF] February 2005
Generalizing
sources of live network evidence [PDF] February 2005
Improving evidence
acquisition from live network sources [PDF] May 2006
The Role of Digital
Forensics within a Corporate Organization [PDF Presentation] May 2006
Examining
the Data - A beginners guide to computer-based evidence [PDF]
Recovering
and Examining Computer Forensic Evidence October 2000
Issues
surrounding the need to develop laboratory protocols for computer forensic
science that meet critical technological and legal goals.
The
Coroner's Toolkit
First
Responders Guide to Computer Forensics [PDF] March 2005
CERT
Training and Education
First
Responders Guide to Computer Forensics: Advanced Topics [HTML &
PDF] September 2005
Setting
the Rules on Digital Evidence
Auditing
and Event Correlation [PDF]
NIJ’s
Electronic Crime Program: An Overview [PDF Presentation] 2004
Computer
Evidence Processing Steps
Helping
Your Users by Spying On Them [PDF] August 2005
Cyberspace
Detectives Employ Intrusion Detection Systems and Forensics
Wireless
Forensics [PDF Presentation] November 2005
Computer
Forensics Course Syllabus
Online lecture material/notes for the class
Cybercrime: The
Internet as a Crime Scene
Digital
Evidence Collection and Handling
Forensic
Duplication and Analysis Using Encase
Intrusion
Detection and Incident Response
Investigative
Responses (Email Tracing)
Cyber
crime and the Law; Where the Net meets the Node [HTML and PP
Presentation] March 2000
Cyber
Attack Investigative Tools and Techniques [PP Presentation] May 2003
Cyber Crime Evidence
(Computers)
5 Ways
to FIRE up Your Incident Response and Forensic Environment [Audio and
PDF] May 2003
Forensics and
Privacy-enhancing Technologies - Logging and Collecting Evidence in
Flocks [Abstract] 2005
Forensics
and Privacy-Enhancing Technologies [PDF] 2005
Pre-Forensic
Setup Automation for Windows 2000 [PDF] May 2002
Fundamentals
of Storage Media Sanitation [PDF] June 2006
Computer
& Network Forensics [PP Presentation] 2002
Computer
Crime, Response and Investigation [PP Presentation] 2002
Incident
Response [PP Presentation] 2001
Investigating an
Attempted Intrusion 1999
Tripwire
for Servers in a Forensics Environment [PDF]
Computer
Forensics: The Key to Solving the Crime [PDF] October 2001
Logging
and Log Analysis - The Essential [PDF Presentation] July 2004
Using
Computer Forensics in Investigating Internal Abuse [PDF Presentation]
May 2005
When When
things goes wrong: Digital Forensics Essential [PDF Presentation] May
2006
Reacting
to Cyberintrusions: Technical, Legal and Ethical Issues [Postscript
file
Automated
Reassembly of Fragmented Images [PDF] 2003
Incident Handling /
Forensics FAQ
Forensic
Analysis in a Digital World Spring 2002
The
Law Enforcement Paradigm in DoD Environments [PP Presentation] April
2002
Data
Recovery Software Tools: Today and the Future [PDF Presentation]
September 2005
Forensic
Computing [PDF] 2004
Forensic
Computing... [PP Presentation] April 2005
Forensic
Computing: "Catch Me if you can" [PDF Presentation] September 2004
Forensic
Computing: What is it? [PDF Presentation] August 2004
Reproducibility
of Digital Evidence in Forensic Investigations [PDF] August 2005
Reproducibility
of Digital Evidence in Forensic Investigations [PDF Presentation]
August 2005
First
Responder - Collection and preservation of evidence [PDF Presentation]
January 2005
Forensic
Analysis of Hacking Cases [PDF Presentation] September 2003
Computer
Forensics Course Development [PP Presentation] April 2005
Forensic
Lab Development [PP Presentation] March 2006
Cybercrime and
Computer Forensics [PDF Presentation] November 2005
Windows NTFS
Alternate Data Streams February 2005
Packet forensics
using TCP August 2005
Operation
Websnare [PP Presentation] September 2004
CIOIM
Supplement: Digital Officer Safety [PDF]
Internet
Ballistics: Retrieving Forensic Data From Network Scans (Poster) [PDF]
August 2004
Abstract
Computer
Forensics [PDF] March 2002
Forensic
tools (Group Test) August 2004
Tools Tested: AccessData Ultimate
Toolkit, EnCase Forensic Edition, Freeware and open-source tools,
NetWitness Professional Edition, ProDiscover Incident Response, Vogon
Investigation Software, Wiebetech Forensic ComboDock
Analytic
& Forensics Technologies [PDF Presentation] June 2006
Computer
Forensics [PDF Presentation] May 2005
Covert
Channel Forensics on the Internet: Issues, Approaches, and Experiences
[PDF] February 2006
The
Impact of Forensic Computing on Telecommunications [PDF] 2000
Computer
Forensics as an Integral Component of the Information Security
Enterprise [PDF]
Computer
Forensics Reveals a Whole New Universe of Discoverable Information
October 2001
Digital
Privacy Considerations With the Introduction of EnCase Enterprise
[PDF] 2003
Electronic
evidence discovery: From high-end litigation tactic to standard
practice [PDF] September 2000
Evidentiary
Authentication Within the EnCase Enterprise Process [PDF] June 2003
Maintaining
The Digital Chain of Custody [PDF] April 2003
New
Incident Response Best Practices [PDF] September 2003
Recent
Federal Opinions on the Search and Seizure of Computer Files [PDF]
Computer
Forensics in the Global Enterprise [PDF] 2003
Realtime
Intrusion-Forensics - A First Prototype Implementation [PDF Paper
& PP Presentation] February 2004
Computing
forensics: a live analysis [PDF Presentation] April 2005
Security
Reference Guide [See Data Forensics Section]
Forensics
For System Administrators [PDF] August 2005
Principles-Driven
Forensic Analysis [PDF] September 2005
The
Essential Conflict Between "Computer" and "Forensics" [PP
Presentation] April 2006
Cyber
Forensics [PP Presentation] February 2005
Methodologies
for the use of VMware to boot cloned/mounted subject hard disk images
[PDF] March 2005
Design
and Implementation of a Remote Forensics System [PDF] May 2005
Computer
Forensic Software in a Corporate Environment [PDF] June 2003
Digital
Anti-Forensics: Emerging trends in data transformation techniques
[PDF] May 2005
Cops
Are from Mars, Sysadmins Are from Pluto: Dealing with Law Enforcement
[PDF]
Introduction
to Computer Forensics [PP Presentation] April 2004
Forensic
examination of log files [PDF] January 2005
How to Use iLook
Investigator v7.0 [Zipped PP Presentation] November 2001
Computer
Forensics Processing Checklist [PDF]
Criminal
Investigations in an Automated Environment [PDF] 1997
Cyberstalking
Investigation and Prevention
EnCase
Forensic Evidence Acquision and Analysis [PDF] June 2000
Got
a Virus? Don’t Call a Doctor, Call a Cop Winter 2002
Handling
Digital Evidence [PDF]
IBM
OS/400 - AS/400 – Recognizing and Securing the System [PDF]
Investigating
Cyber Crime/Hacking and Intrusion [PDF]
Procedures
for Seizing Computers [PDF] May 2000
Removing
hard drives from computer systems for direct drive-to-drive imaging
[PDF]
Tracing
an E-mail Address to an Owner [PDF] January 2000
Unix
Investigations [PDF]
Web
Application Forensics [PDF Presentation] February 2003
From
Events to Incidents [PDF] November 2001
Security
Tools for the Budget Conscious ISP, Part III: Analysis and Forensics
February 2004
Properly
Obtaining and Securing Evidence in a Computer Crime Investigation
(bottom of page) [PP or PDF Presentations] February 2005
Advanced
Antiforensics [txt] August 2005
Playing Hide
and Seek, Unix style
An
Investigation of Computer Forensics 2004
Alternate
Link
Computer
Forensics for ISPs (20MB PDF file) [PDF Presentation] 2004
Honeypot
Forensics - No stone unturned or: logs, what logs? [PP Presentation]
December 2004
Hidden
or Hiding: Mac OS X’s Forensic Assets and Liabilities [PDF] October
2005
Internet
and judicial investigation: difficulties in judicial practice [PDF]
2001
E-Mail
Discovery in Civil Litigation: Worst Case Scenarios vs. Best Practices
[PDF] April 2004
Forensic
Footprints: Investigations in Cyberspace [PDF] 2004
Computer
Forensics article September 1997
Digital
Imaging Procedure v1.0 [PDF] March 2002
A Brief
History of Computer Forensics [PDF Presentation]
A
Framework for Digital Forensic Science [PP Presentation] August 2004
Computer
Forensics: an approach to evidence in cyberspace [PDF]
Digital
Evidence in Internet Time [Word Document] (from archive.org)
Digital
Evidence in Internet Time [PP Presentation] (from archive.org)
IOCE
[PDF Presentation]
IOCE
vs. G-8 Principles [PDF]
Principles,
Practices and Procedures: an Approach to Standards in Computer
Forensics [PDF] April 1995
Report
on Digital Evidence [PDF] October 2001
Ten
Forensics Toolkit November 2002
Static Linking
Under Solaris
Computer
Forensics [PP Presentation] September 2001
Computer
Forensics (presentation slides and notes) October 2000
Cybercrime
– Challenges to Enforcement of IPR [Word Document] (from archive.org)
Tips
for Tracking the E-Mail Trail January 2001
Statistical
Tools for Digital Image Forensics [PDF] 2005
Statistical
Tools for Digital Forensics [PDF] 2004
Computer
Forensics [PDF] December 2001
Computer
Forensics: Forensic Data Diving Using the Linux Operating System [PDF]
July 2001
Network
Intrusion and Attack Signatures [PDF Presentation] Spring 2002
PowerPoint
version
Honeypot-based
Forensics [PDF] May 2004
Digital trail led to
accused spy
Forensics
Lite [PDF] November 2001
The
Computer Forensics Process and Conducting Web-Based E-mail Searches
July 2005
Enforcement Techniques - Chapter 3 -RFID
Towards Digital Evidence [PDF Presentation] January 2006
Electronic
Data Discovery and Data Forensics [PDF Presentations] 2004
Incident Response: Investigating Computer Crime
Chapter
1 [PDF] Insiders and Outsiders: Examples from the FBI files
Chapter
6 Learning Network Protocols and Performing a Trap and Trace
Chapter
11 [PDF] Initial Response to Unix Systems
Incident Response & Computer Forensics, Second Edition
Chapter
2: [PDF] Introduction to the Incident Response Process
Chapter
10: [PDF] Computer System Storage Fundamentals
Ipod
Forensics: Forensically Sound Examination of an Apple Ipod [PDF]
November 2005
FastBloc
(Guidance Software) Validation Document [PDF] July 2001
Hash Sets for
Hacker Tools [bottom of page]
The
Reality of Computer Forensics [PDF] (from archive.org)
Computer
Forensics [PDF Presentation] February 2005
Investigation into
the Removal of Records and Erasure of Computer Files from the Former
Mayor's Office [PDF] June 2003
Guidelines for
the Handling and Seizure of Digital Evidence [PDF]
Hard
Drive Secure Information Removal and Destruction Guidelines [PDF]
October 2003
Cybersleuthing
solves the case January 2002
Firms
increasingly call on cyberforensics teams January 2002
Forensic
Detectives January 2002
Handling
Crime in the 21st century
The new field of computer forensics is
keeping security experts on the trail of cybercriminals - December 1998
Hunting
Hackers: How to Fight Back
Intro in IT
Forensics Mgmt [PDF] June 2004
FIRE:
Forensic & Incident Response Environment [PP Presentation]
November 2003
Acquisition
& Seizure Procedure [PP Presentation] 2005
Cyber
Forensics - Challenges and Tools [PP Presentation] 2005
Cyber
Forensics - Challenges, Techniques and Tools [PP Presentation] 2005
Cyber
Forensics Tools [PP Presentation] 2005
Cyber
Forensics and C-DAC’s Forensic Tools [Word doc] 2005
The Exchange
Principle [PDF] September 2004
System
Rescue with Knoppix [Presentation] September 2005
Burglar
Alarms for Detecting Intrusions [PDF] 2000
Intrusion
Detection and Network Forensics [PP Presentation] April 2000
Questions
About the Future Secure Business Quarterly 2001 [PDF]
What is the
meaning of evidence in an environment where crime scenes themselves are
mutable and can be altered, destroyed, or even created in milliseconds?
Semantic
Forensics: An Application of Ontological Semantics to Information
Assurance [PDF] July 2004
Incident
Response Toolkit [PDF Presentation] August 2003
Honeypot
forensics [PDF] JUne 2004
Performing
a Security Forensics Review [PDF Presentation] October 2005
Chapter
11. Incident Response
Maintaining
Forensic Evidence for Law Enforcement Agencies from a Federation of Decoy
Networks: An Extended Abstract [PDF] Fall 2002
Creating
Hash Sets Manually [PDF]
Analysis of a Compromised
Honeypot
Forensics
of a Windows system [PDF Presentation] September 2005
An
Examination of Digital Forensic Models [PDF] Fall 2002
Forensic
Analysis of a Compromised Mac OS X (Client) Machine May 2002
Incident
Response Planning and Forensic Readiness [PP Presentation] February
2002 (from archive.org)
Digital
Forensics [PP Presentation] October 2005
Solving
Computer Crime: An Introduction to Digital Forensics [PP Presentation]
November 2003
Scalpel:
A Frugal, High Performance File Carver [PDF] August 2005
Computer
Forensics & Ethical Hacking [PP Presentation] February 2004
Compliance
and Computer Forensics [PDF] September 2005
Steganalysis:
Detecting hidden information with computer forensic analysis [PDF]
April 2003
Responding
to Security Incidents on a Large Academic Network: A Case Study May 2003 –
October 2005 [PDF] February 2006
Making
sense of Windows Install Dates and Times [Word doc]
Windows
Installation Timestamps [Word doc]
Corporate
Forensics Toolkit [PP Presentation] April 2004
RAC
Computer Forensic Institute Annual Report [PDF] January 2006
Be
Prepared for Computer Forensics February 2002
Developing
a Response Plan for Computer Forensics February 2002
Cyber
Security Incident Response/Forensic Awareness for Managers [PP
Presentation] 2003
Cyber
Security Incident Response/Forensic Awareness for System
Administrators [PP Presentation] 2003
Cyber
Security Incident Response/Forensic Awareness for Users [PP
Presentation] 2003
U.S.
Department of Energy Cyber Incident Response Handbook [RTF document]
2003
E-mailed
Death Threats: A Case Study... [PDF]
PowerPoint
Presentation
Computer
Search and Seizure Guidelines [PDF] Fall 2000
Computer
Forensics - The FAQs, the Do’s and the Don’ts [HTML-framed
Presentation]
Incident
Response - Preparedness is Essential in Today’s Computing Environment
[HTML-framed Presentation]
IP
Tracing - A Primer in Tracing IP and Email Addresses [HTML-framed
Presentation]
Cryptography and
Evidence [PDF]
Information
Technology Security Part 6 Investigation and Forensics I [HTML
Presentation] March 2002
Seizing a Computer
System for Digital Forensic Systems Examination
Time Stamps and
Timing in Audit-Based Digital Forensic Systems Examination
Anti-Forensics
[PP Presentation] September 2005
Computer
Forensics [PDF Presentation] November 2002
Computer
Forensics: Evidence Handling & Management [PDF - from Archive.org]
September 2002
Cyber
Forensics: Are We There Yet? [PP Presentation] 2004
Hard
Challenges for Digital Forensics [PDF Presentation] February
2005
Incident Response
& Evidence Management [PDF Presentation] November 2002
Introduction
to Cyber Forensics [PDF Presentation] 2006
The
Future of Computer Forensics: A Needs Analysis Survey [PDF] 2003
Self-reported
computer criminal behavior: A psychological analysis [PDF] August 2006
Undeleting Files in
the Linux OS 2000
Cybercop
April 2002
Computer
and Network Investigations [PP Presentation] September 2005
PDF
version
Correlating
Evidence [PP Presentation] August 2000
Correlating
Log File Entries [PDF] November 2000
Distributed
Attacks and CISCO Net Flow Logs [PDF Presentation]
Forensic
Computing [PP Presentation] November 1999
Forensic
Computer Investigations [PDF] December 2000
Forensic
Computer Investigations [PP Presentation] January 2000
Very good
presentation describing in detail specific issues, and possible command
utilities that may be used to address them.
Stuff
[HTML or PP Presentation] January 2001
Is
your data ready for its day in court? [PDF] November 2002 (from
archive.org)
Internal
Investigation Case Studies [PDF] February 2005
From a Computer
Forensics & Incident Response Perspective
Windows
Live Incident Response Volatile Data Collection: Non-Disruptive User &
System Memory Forensic Acquisition (From archive.org)
Introduction
to Digital Evidence Seizure [PDF Presentation] September 2003
Expert Witness
Compression Format Specification
How to
Investigate Computer Intrusions: A Checklist
The Technical
Side of Internet & Computer Crime [PP Presentation] April 2003
Pinpointing
and Locating Data on Digital Media [PDF Presentation] September 2004
md5bloom:
Forensic filesystem hashing revisited [PDF] August 2006
Breaking
the Performance Wall: The Case for Distributed Digital Forensics [PDF]
August 2004
Powerpoint
Briefing
A
Ten Step Process for Forensic Readiness [PDF] Winter 2004
An
Introduction to Forensic Readiness Planning [PDF Presentation] May
2005
Sherlock
in Linux December 2003
How to identify and re-claim a compromised
Linux machine using TCT
Sherlock is
Back January 2004
SleuthKit: a collection of new forensic tools
And You Thought DELETE
Meant DELETE! September 2000
A very high level article aimed at the
average computer user.
Building a Super
Kernel for Data Forensics [PDF] March 2002
DD and Computer
Forensics August 2000
Examples of using DD within UNIX to Create
Physical Backups
DD and Computer Forensics
- Deuce April 2001
Restoring Images via the DD Command
Evidence Seizure
Methodology for Computer Forensics September 2000
How to prepare
your department for a forensics investigation, the importance of
developing a methodology, as well as the steps to take when seizing
evidence.
Independent
Validation & Verification of SMART for Linux [PDF] November 2002
Independent
Validation & Verification of SMART for BeOS [PDF] February 2002
Next
Generation Data Forensics & Linux [PDF] July 2002
Next
Generation Data Forensics & Linux [PDF Presentation]
PP
Presentation August 2002
The Farmer's
Boot CD [PDF] April 2006
Using
Linux for Incident Response & Data Forensics [PDF Presentation]
March 2004
Using
Linux for Today's Data Forensics [PDF Presentation] November 2003
Case-Relevance
Information Investigation: Binding Computer Intelligence to the Current
Computer Forensic Framework [PDF] May 2005
Hack
and Counter-Hack - Active Forensics: Tracking that Intruder January
2001
Phishing
and Federal Law Enforcement [PP Presentation] August 2004
Towards Hippocratic
Log Files [PDF] November 2004
Cybercrime
in New Network Ecosystem: Vulnerabilities and New Forensic
Capabilities [PDF] March 2004
NGN
Network Security Forensics and the Data Retention Directive [PDF
Presentation] January 2006
Computer
Forensics – We’ve Had an Incident, Who Do We Get to Investigate? [PDF]
March 2002
A
Novel Approach to Computer Crime May 2001
In an effort to avoid
censorship and protect patron privacy, public libraries may become
unwitting accomplices to cybercrime.
Antiforensics:
The Looming Arms Race May 2003
Bucking
Conventional Forensics Wisdom April 2002
5
Ways to FIRE up Your Incident Response and Forensic Environment -
Registration Required [Audio, and Slides in PDF] May 2003
Applying
Advanced Technology to Digital Evidence [PDF] 2003
Investigating
One Incidence of Anomalous Network Traffic [PDF] June 2001
Laptop
Hard disk removal page (from archive.org)
NTFS
compression white paper (from archive.org)
Incident
Response Checklist
Examine a Unix Box for
Possible Compromise 1999
To identify a potential compromised Unix
box is some what of an arcane art, though there are some simple things to
look for.
Logs
& Forensics [PDF Presentation] April 2004
Log
Analysis in Windows [PDF Presentation] April 2004
Monitoring
Access to Shared Memory-Mapped Files [PDF] August 2005
Forensic
Dead-Ends: Tracing Users Through Anonymous Remailers [PP Presentation]
July 2002
Beyond the
Usual Suspects - Finding Data in Secret Spots November 2002
Caught in the
'Net' - How Law Enforcement Uses Computer Forensics in Modern
Investigations March 2003
Cyberclues -
Making the Case for Using Computer Evidence September 2002
An
Overview of Disk Imaging Tool in Computer Forensics [PDF] September
2001
Network
Support For IP Traceback [PP Presentation] April 2000
Practical
Network Support For IP Traceback [PDF] April 2000
Practical
Network Support For IP Traceback [PDF Presentation] October 2000
Forensic
Overview [PP Presentation] April 2006
Forensic
Overview [PP Presentation] July 2005
Magnetic
Data Recovery – The Hidden Threat [PDF] April 2006
Data
Disposal - Gone for Good [PDF Presentation] 2006
The
Role of Computer Forensics in the Investigation of Network Intrusion
Activity [PDF Presentation] June 2002 (from archive.org)
An
open architecture for digital evidence integration [PDF] May 2006
A
correlation method for establishing provenance of timestamps in digital
evidence [PDF] August 2006
Generalising
Event Forensics Across Multiple Domains [PDF] 2004
The
Need for an 802.11b Toolkit [PP presentation] July 2002
Saving
Your Data After a Head Crash: An Inside Look at a Disk Recovery
Service May 2005
Computer
Forensics - As part of a security incident response plan [PDF
Presentation] June 2005
Building
FBI computer forensics capacity: one lab at a time [PDF] August 2004
Cyber
Crime: Labs and Investigations [PDF Presentation] 2003 (from
archive.org)
RCFL
National Program [Presentation in PDF] May 2003 (from archive.org)
Computer Forensics for
Attorneys [Presentation]
Hidden
Text in Computer Documents August 2003
Secure Audit
Logs to Support Computer Forensics [PDF]
Guidelines
for Media Sanitization [PDF] February 2006
Cybercrime: Incident Response and Digital Forensics
[Sample]
Chapter 2: Business Drivers for Creating an Incident Response Process and
Conducting Digital Forensics Investigations [PDF] July 2005
Handheld
Forensics [PDF Presentation] November 2005
Mobile
Forensics: Bridging the Gap between Cops and Examiners [PDF
Presentation] November 2005
Sawing
Linux Logs with Simple Tools September 2004
Preparing
to be an Expert Witness [PDF Presentation] November 2005
NT
Information Gathering Commands
Searching
for processes and threads in Microsoft Windows memory dumps [PDF]
August 2006
Basics
of Computer Forensics [PP Presentation] November 2003
Best
Practices: Collecting Computer Forensic Evidence January 2004
Shell
Game June 2002
Unleash
the Cyberhounds! April 2002
Cyber
Security - the Laws that Protect your Systems and Govern Incident
Response [PP Presentation] April 2003
Fighting
Cyber Crime in a Post-9-1-1 World: Yesterday, Today and Tomorrow [PP
Presentation] April 2005
How
Effective Cooperation with Law Enforcement Authorities Can Promote
Computer Security [PP Presentation] March 2004
Incident Response: Computer Forensics Toolkit
Chapter
1: Computer Forensics and Incident Response Essentials [PDF]
Interfacing with
Law Enforcement FAQ January 2004
Windows
NT/2000 Event Log Management and Intrusion Detection [PP Presentation]
Independent
Review of Common Computer Forensics Imaging Tools [PDF] August 2003
(from archive.org)
Creating
a Forensic Computer System: Basic Hardware and Software Specifications
[PDF] August 2006
Creating
A Forensic Computer System: Basic Hardware and Software Specifications
[PDF] Updated July 2004
Identifying the
Owner of a Website [PP Presentation] 2000
Viewing
Email Headers [PDF] August 2005
What
is Computer Forensics? [PP Presentation] September 2002
Banking Scam
Revealed November 2003
Forensic
UNIX Initial Response Script and CDROM – Collect the evidence that will be
lost by disconnection or shutdown [PDF] 2003
How To
Permanently Erase Data from a Hard Disk 2005
The
Windows XP Startup Disk [An Example in Basic Forensics / Data
Recovery] 2004
Web
Application Forensics: The Uncharted Territory [PDF] 2002
Electronic
Forensics May 2000
"Transborder
Search" A new perspective in law enforcement? [PDF] March 2004
Hidden
data in popular office file formats [PDF] April 2006
Alternate
Link
Forensic
Accounting - the recorded electronic data found on Computer Hard Disk
Drives, PDAs and numerous other Digital Devices September 2004
Good to the Last
Byte [PDF - Local copy] March/April 2004
The
Debtor’s Digital Reckonings [PDF] Fall 2003
E-Sleuthing and the
Art of Electronic Data Retrieval - Uncovering Hidden Assets in the Digital
Age: Part I [PDF - Local copy] February 2004
E-Sleuthing and the
Art of Electronic Data Retrieval - Uncovering Hidden Assets in the Digital
Age: Part II [PDF - Local copy] March 2004
E-Sleuthing and the
Art of Electronic Data Retrieval - Uncovering Hidden Assets in the Digital
Age: Part III [PDF - Local copy] April 2004
Automated Reassembly
of Document Fragments via Context Based Statistical Models [PDF]
December 2003
ForNet: A
Distributed Forensics Network 2003
Forensic
Relative Strength Scoring: ASCII and Entropy Scoring [PDF] Spring 2004
Linux Forensics
Weekly March - April 2004
Week 1 - Linux Forensics of CDR Media
Week 2 - Accessing and Analyzing the Windows Registry
Week 3 - Linux Anti-Virus Tools and Techniques for Forensic
Investigation
Week 4 - Using Linux VMware Workstation and Raw Disk Images to view
the Suspect Workstation
Review of Digital
Intelligence Firefly and Ultrablock products
Search and
Seizure of Canadian Computer Environments 1993
Can
digital detectives undo paper shredding? [PDF]
VMWare as
a forensic tool May 2006
PDF
version
How
to Image RAIDS [PP Presentation]
Handling
evidence after an 'incident' [PDF Presentation] October 2004
Forensics
and Data Recovery [PDF Presentation] September 2005
Forensic
Auditing: The Role of Computer Forensics in the Corporate Toolbox
January 1999
Forensics
& Data Recovery [PDF Presntation] Fall 2005
IT
Forensic Investigation [PP Presentation] April 2003
The
Future of Forensic Computing [PDF] February 2002 (from archive.org)
Should
a Corporation Report a Breach to Law Enforcement? [PDF] Fall
2001
While reporting an incident enables law enforcement to
investigate, it also may subject the corporate victim to adverse
publicity, regulatory scrutiny, and business losses.
Cyber
Crime and Cyber Terrorism [PDF] April 2002
Do
You Leave Sensitive Data Lying Around? November 2004
Scene
of the Cybercrime: Assisting Law Enforcement in Tracking Down and
Prosecuting Cybercriminals [PP Presentation] July 2001
Scene of the Cybercrime: Computer Forensics Handbook
Chapter
7: Understanding Cybercrime Prevention [PDF]
Testifying
in a Computer Crimes Case April 2005
Security
Information Management Tools: NetForensics Leads a Weary Fleet April
2002
Cybercrime:
Supporting Cyber Sleuths July 2001
Collecting
Evidence from a Running Computer: A Technical and Legal Primer for the
Justice Community [PDF] August 2006
Anti
Forensics [PP Presentation] June 2004
Linux
Forensics [PP Presentation] June 2004
Law
Enforcement Challenges in Digital Forensics [PDF Presentation] 2002
The Top EnCase Tech
Support Questions & What’s new at Guidance Software? [PP
Presentation] May 2002
Stego
Intrusion Detection System [PDF] August 2004
Powerpoint
Briefing
Forensic
Computer Investigation Brings Notorious Serial Killer BTK to Justice
[PDF] November 2005
Network
Forensics Analysis Tools: An Overview of an Emerging Technology [PDF]
January 2003
Metadata,
The Mac, and You
Algorithms
to Enable Forensic Analysis of Computer and Network Intrusions [PDF]
Spring 2006
Byteprints:
A Tool to Gather Digital Evidence [PDF] February 2005
Forensic
Analysis of File System Intrusions using Improved Backtracking [PDF]
February 2005
Low-Intrusive
Consistent Disk Checkpointing: A Tool for Digital Forensics [PDF]
February 2005
Software Forensics
Chapter
2: The Players - Hackers, Crackers, Phreaks, and Other Doodz [PDF]
2004
Sharing
Network Logs for Computer Forensics [PP Presentation] September 2005
Sharing Network Logs
for Computer Forensics: A New Tool for the Anonymization of NetFlow
Records [PDF] 2005
Bootable
Linux Demo Distro - Knoppix Thread started August 2002
Data
Mining Used Hard Drives - Thread started January 2003
Guidelines
For Data Gathering And Forensics? - Thread started July 2001
Linux
and Forensic Discovery - Thread started January 2003
Salon On
Computer Forensics - Thread started April 2002
What
is the Scope of Computer Forensics? December 2005
Collection and
Control of Electronic Evidence [PDF] 2000
Investigating and Prosecuting
Network Intrusions 1996
Criminal
forfeiture and restriction-of-use orders in sentencing high tech
offenders October 2004
Impediments
to the successful investigation of transnational high tech crime
October 2004
Evidence
Discovery in a Digital World [PP Presentation] February 2004 (from
archive.org)
Sex
Offender Computer Examinations [PDF Presentation] June 2005
Recovering
Unrecoverable Data [PDF] April 2004
Microsoft
Word MetaData Forensics Tutorial March 2004
Computer Forensics JumpStart (Sample Chapter)
Chapter
1: The Need for Computer Forensics [PDF] November 2004
Computer
Forensics: an introduction 1997
Digital
Evidence: Emerging Problems in Forensic Computing [PP Presentation]
May 2002
Digital
Evidence: Emerging Problems in Forensic Computing [PDF Presentation]
Digital
Footprints: Assessing Computer Evidence [PDF] 2000
Directors
and Corporate Advisors’ Guide to Digital Investigations and Evidence
[PDF] September 2005
Downloads,
Logs and Captures: Evidence from Cyberspace [PDF] 2000
Emerging
Problems in Forensic Computing [PP Presentation] May 2004
Innovation
and Legal Acceptability in Computer Forensics [Zipped PDF] June 2000
Introducing
Digital Forensics [PP Presentation] May 2004
Intrusion
Detection Systems as Evidence [PDF] December 2000
The
Application of Intrusion Detection Systems in a Forensic Environment
(Extended Abstract) [PDF] 2000
Directors
& Corporate Advisors' Guide to Digital Investigations and Evidence
[PDF] September 2005
Cookie
Dethroning.::DEMYSTIFIED Part A [PDF] October 2005
Cookie
Dethroning.::DEMYSTIFIED Part B [PDF] October 2005
Incident Response
Tools For Unix, Part One: System Tools March 2003
Incident Response
Tools For Unix, Part Two: File-System Tools October 2003
Digital Media
Storage -- Facilities and Procedures [PDF] March 2005
Autopsy
and Sleuthkit, the Digital Forensics Toolkit - The Tracker Dog’s Guide
[PDF] November 2003
Intrusion Detection for Linux Server
Sample Chapter 16:
Analyzing a compromised computer in German
Also
available:
Downloadforensic-rescue-cd-2.0.iso
Sleuthkit, the
Digital Forensic Toolkit [PDF] October 2003
Automating
Forensics (Honeynets and Digital Forensics) [PP Presentation] August
2004
Formalizing
Computer Forensic Analysis: A Proof-Based Methodology [PDF] 2004
Digging Into
Unlawful Email Messages [PP Presentation] September 2005
Computer
Forensics For Law Enforcement [PDF] June 2006
Wireless
Network Security and Forensic Analysis [PP Presentation] October 2004
Automated
Analysis for Digital Forensic Science [PDF] 2002
Automated
Analysis for Computer Forensics [PDF Presentation]
Data
Forensics: "Analyzing the Tracks of an Intruder" or "Analyzing
Administrative Responses to Log Anomolies" [PDF Presentation]
Automated Analysis
for Digital Forensic Science: Semantic Integrity Checking [PDF]
December 2003
Computer
Forensics 101 [PDF Presentation] 1999
Computer
Forensics 101 [PDF Presentation] 2000
Computer
Forensics 101 [PDF Presentation] 2001
Computer
Forensics 101 [PDF Presentation] 2002
Computer
Forensics: How to be a Cybercrime Detective [PDF Presentation] 2003
Choosing
Hardware for a Computer Forensics Lab [PDF] March 2006
Standard
Operation Procedures for Electronic Evidence Handling [PDF] November
2002
Computer
Forensics [PDF] January 2005
Computer-Based
Discovery and Risk Control [PDF Presentation] May 2004
A Brief
Intro to End-to-End Digital Investigation [PDF Presentation] July 2003
A
Comprehensive Approach to Digital Incident Investigation [PDF] 2003
A
New Approaches to Complex Digital Investigations [PP Presentation]
December 2004
Application
Of Formal Methods To Root Cause Analysis of Digital Incidents [PDF]
Summer 2004
Conducting
an Incident Post Mortem [PP Presentation] November 2003
Conducting
Incident Post Mortems [PDF] April 2003
Digital
Forensics - A Primer [PP Presentation] January 2005
DIPL:
The Digital Investigation Process Language [PP Presentation] November
2003
Ensuring
the Reliability and Admissibility of Digital Evidence [PP
Presentation] November 2004
FARES:
Forensic Analysis of Risks in Enterprise Systems [PP Presentation]
June 2004
Forensic
Analysis of Risks in Enterprise Systems [PDF] 2004
Intro
to End-to-End Digital Investigation [PP Presentation] May 2005
Intrusion
Detection as a Network Forensic Tool [Word Document] (Abstract)
Investigating
Internet Security Incidents: A Brief Introduction to Cyber Forensic
Analysis [PP Presentation] 1999
Modeling
of Post-Incident Root Cause Analysis [PDF] Fall 2003
Security
Incident Investigation [PDF Presentation] November 2000
Structured
Investigation of Digital Incidents in Complex Computing Environments
[PDF] 2003
The
DFRWS Framework Classes [PDF] 2003
The
Computer Forensics Expert Witness - CV, Preparation, Testimony [PDF
Presentation] 2004
Unification
of relative time frames for digital forensics [PDF] 2004
Volume 1
Issue 3 - Registration required
Data
Reduction For Streamlining E-Discovery [PDF Presentation] July 2004
Computer
Forensics for Non profits [PDF Presentation] May 2006
Behavior
Profiling of Email [PP Presentation] 2003
Can
Computer Investigations Survive Windows XP? [PDF] December 2001
Computer
Forensics and the Arrest of BTK [PDF Presentation] November 2005
Date,
Time, and Time Zone Examination [PDF] April 2003
Using
Memory Dumps in Digital Forensics (page 43) [PDF] December 2005
The
Foremost Open Source Forensic Tool September 2003
Computer
Evidence [PDF] December 2001
Computer
Forensics [PDF] April 2002
Database
Forensics [PDF] April 2002
Policing
Cyberspace [PDF] January 1995
The
Critical Challenges from International High-Tech and Computer-Related
Crime [PDF]
How
Windows stores information about the User October 2000
Computer
Forensics Applied to Windows NTFS Computers [PDF] April 2005
Best
Practices for Computer Forensics [PDF] July 2006
Data
Archiving [PDF] April 2006
Data
Evidence Findings [PDF] April 2006
Data
Integrity Within Computer Forensics [PDF] April 2006
Digital
Evidence: Standards and Principles April 2000
Guidelines
and Recommendations for Training in Digital & Multimedia Evidence
[PDF] July 2004
Proficiency
Test Program Guidelines [PDF] July 2004
Recommended
Guidelines for Developing Standard Operating Procedures [for Digital
Forensic Examinations] [PDF] July 2004
Recommended
Guidelines for Validation Testing [PDF] July 2004
SWGDE
and SWGIT Glossary of Terms [PDF] (Posted for review) April 2005
Client-side
Exploits: Forensic Analysis of a Compromised Laptop [PDF] June 2004
Time: the
Currency of Computer Crime [PDF] 2003
The Future
of High Tech Crime [PP Presentation]
Evidence
Can You
Survive a Cybercrime?
Digital
Evidence: The Moral Challenge [PDF] Spring 2002
Computer
Forensics [PP Presentation] August 2000
Forensic
Preparation Secure Business Quarterly 2001 [PDF]
Analyzing a
computer intrusion takes significantly more time than it takes the
perpetrator to commit the crime. The more prepared an organization is for
an incident, the faster it can respond.
Forensic
Readiness - CanSecWest Conference [PDF Presentation] March 2001 (from
archive.org)
Forensic
Readiness (Whitepaper) [PDF] July 2001 (from archive.org)
Incident
Handling: Where the Need for Planning is often not Recognised [PDF]
November 2003
How to duplicate a
complete PC via network
How to duplicate a Linux
PC or partition via network
Rethinking Computer
Management of Sex Offenders Under Community Supervision [PDF]
Summer/Fall 2002
Fat/NTFS
- The Wily Internals of Windows’s File Systems [PDF Presentation]
November 2005
Incident
Response and Computer Forensics [PDF Presentation] March 2004
Track
down lost data with the EnCase computer forensics tool January 2003
Unix
Tools Track Hackers
A
Graphical Representation of File Statistics for Computer Forensics
[PDF] 2004
Foundations
for Visual Forensic Analysis [PDF Presentation] June 2006
Defeating
Forensic Analysis on Unix July 2002
The Art of Defiling: Defeating Forensic Analysis on Unix File
Systems
Blackhat
Asia [PDF Presentation] 2003
Blackhat
Europe [PDF Presentation] 2004
Ruxcon 2004
[PP Presentation]
Legal
Methods of Using Computer Forensics Techniques for Computer Crime Analysis
and Investigation [PDF] 2004
Investigative
Skills for the 1990s and Beyond [PDF]
Computer
Forensics in the 21st Century [PDF Presentation] June 2006
Developing
Computer Forensics Solutions for Terabyte Investigations [PDF
Presentation] January 2005
MD5
collisions and the impact on computer forensics [PDF] 2005
FragFS:
An Advanced Data Hiding Technique [PDF Presentation] January 2006
Forensic
Process and Tricks [Word document]
http://www.tigertools.net/contest.htm
Processing
Flash Memory Media [PDF] October 2005
Using Digital Evidence
To Ferret Out The Dishonest Employee [PDF] Autumn 2004
Collecting
Forensic Evidence [PDF Presentation] June 2004
Distributed
Cyber Forensics (pages 10-13) [PDF] Spring 2004
Technology
Crime and Computer Forensics [PDF Presentation] January 2005
Linux
Forensics [PDF Presentation] October 2004
Computer
Forensic Legal Standards and Equipment [PDF] December 2001
Manager
Offers Primer On Computer Forensics July 2000
Data
Forensics [PDF] October 2003
Googling
Forensics [PDF] September 2005
The
Need for a Technical Approach to Digital Forensic Evidence Collection for
Wireless Technologies [PDF Presentation] June 2006
Beware:
Computer Evidence Quicksand February 2001
Computer
Evidence May 2001
Computer
Misuse Act of 1990 cases (with links to related articles)
Registered
Forensic Practitioner: A New Breed of Expert March 2006
Selective and
intelligent imaging using digital evidence bags [PDF] August 2006
Unification
of Digital Evidence from Disparate Sources (Digital Evidence Bags)
[PDF] August 2005
The
Enhanced Digital Investigation Process Model [PDF] August 2004
Powerpoint
Briefing
DERBI: Diagnosis, Explanation and Recovery from Computer
Break-ins [PDF] January 2001
Cyber Security Tips New
tips added regularly
Computer Crime Manual
(excerpt) [PDF] January 2005
Searching
and Seizing Computers and Obtaining Electronic Evidence in Criminal
Investigations January 2001
Best Practices
For Seizing Electronic Evidence version 2.0 [PDF]
Best
Practices For Seizing Electronic Evidence version 1.0 June 2000
NYECTF's
Approach to Cybercrime [PP Presentation]
NYECTF
Homeland Defense Document [PP Presentation]
Report
on the Investigation into Improper Access to the Senate Judiciary
Committee's Computer System [AKA The Pickle Report] March 2004
Unredacted copy of
this report (also available as a PDF) from Cryptome.org
Additional
Information
Unix
Security: Diagnostics and Forensics Updated May 2006
Tools
for Discovering Credit Card and Social Security Numbers in Computer File
Systems [PDF] July 2006
Combating
Computer Crime [PDF] September 2001
An
Analysis of Linux RAM Forensics [PDF] March 2006
Abstract
Overview
of fcopy [PP Presentation] Spring 2002
Throwing out the
Enterprise with the Hard Disk 2004
An
investigation into the efficiency of forensic erasure tools for hard disk
mechanisms [PDF] September 2005
TULP2G
– An Open Source Forensic Software Framework for Acquiring and Decoding
Data Stored in Electronic Devices [PDF] Fall 2005
How
to use Forensic Toolkit v2.0 on Windows NT 4.0 Server [PDF] 2002
Forensic
investigation and its relationship with information assurance and
corporate governance [PDF] 2005
Incident
Response: Chapter 7 - Tools of the Trade August 2001
Solving
Network Mysteries [PP Presentation] 2001
Computer
Forensics: Chain of Evidence Collection Tools Does Matter (page 3)
[PDF] August 2005
Law
Enforcement Tools and Technologies for Investigating Cyber Attacks
[PDF] June 2002
The Study'sHomepage
Xbox
security issues and forensic recovery methodology (utilising Linux)
[PDF] 2004
Volume 1 Issue 3 - Registartion required
Developing a
Computer Forensics Team [PDF] July 2001
File Recovery Techniques
December 2000
Forensic
Analysis [PDF] November 2002
Forensic
Discovery [PDF Presentation] April 2003
Forensic
Discovery [PDF Presentation] August 2005
Strangers In the Night July
2001
Statement
on the Budget Leak Investigation [PDF] August 2005
Computer
& Network Forensics [PDF Presentation] August 2005
Large
download - 5.5 MB / 329 slides
Cyber
Forensics - Intermediate Topics [PDF Presentation] August 2006
Cyber
Forensics - The Basics [PDF Presentation] August 2006
Cyber
Forensics - Windows Remnants [PDF Presentation] August 2006
Forensic
Analysis of Volatile Data Stores [PDF Presentation] August 2006
Computer
Forensics and the ATA Interface [PDF] February 2005
IT
Autopsy March 2001
Incident
Response Procedure for Account Compromise [PDF] 2004
Computer
Forensics October 2002
Computer
Forensics and Electronic Evidence--Reconstructing What Happened [PP
Presentation] April 2005
Electronic
Evidence and Computer Forensics [PDF] October 2003
Electronic Evidence and
Computer Forensics [PP Presentation] February 2004
Project PFC -
Personal Filing Cabinet Converter
Testing
the Date Maintenance of the File Allocation Table File System [PDF]
2003
The
Coroners Toolkit: A Handy Suite of Utilities [PDF] December 2000
Digital
Media Investigations [PDF Presentation] August 2005
FATKit:
Detecting Malicious Library Injection and Upping the “Anti” [PDF] July
2006
Computer
Forensics – An Introduction [PP Presentation] December 2002
Building
Evidence Graphs for Network Forensics Analysis [PDF] December 2005
Network
Forensics Analysis with Evidence Graphs [PDF] August 2005
Foundations
of computer forensics: A technology for the fight against computer
crime [PDF] April 2005
Forensics
and Linux [HTML Presentation] July 2003
Operation
CyberSweep [PP Presentation] January 2004
Key
Registry Locations [PDF] January 2005
WACIRC -
Law Enforcement Guidelines for Reporting and Responding to Computer
Crimes [PDF] 2003
Handhelds
give up secrets
Discusses Zert, a tool which allows you to image
mobile phones and PDAs, produced by the Netherlands Forensic Institute (http://www.forensischinstituut.nl/)
and available only to law enforcement.
Hidden Data
[PDF Presentation] April 2005
Defensive
Battle Stations In Network-Centric Warfare: Rapid-Response Cyber
Forensics [PP Presentation] October 2003
Law
enforcement uses high-tech tools to spot Internet crime (Page 1) [Word
Document] July 2002
Seizing
Computers - Important Considerations (Page 7) [Word Document] April
2000
Submitting
Computers for Forensic Examination (Page 10) [Word Document] June 2000
Analysis
of hidden data in NTFS file system [PDF] March 2006
Digital
Forensics at a University [PDF Presentation] October 2005
Introduction to
Cyber Forensics: Forensics Incident Response [PDF Presentation]
Cyber
Forensics: Find Out What You Are Missing [PP Presentation] February
2005
Effective
Incident Response Teams: Two Case Studies [PP Presentation] April 2005
http://web.archive.org/web/20030530124911/http://www.rootshell.be/~anuradha/scrolls/forensics.txt
(From archive.org) September 2002
A
Framework of Distributed Agent-based Network Forensics System [PDF
Presentation] August 2004
Dynamic
Time & Date Stamp Analysis [PDF] June 2002
Evidentiary
Value of Link Files March 2006
Email
Tampering - This Time, The Good Guys Won [PDF] January 2002
Performing
a Forensic Investigation [PDF] March 2004
Using
Computer Forensics When Investigating System Attacks [PDF] April 2005
PDAs
and Forensic Science [PP Presentation] Spring 2002
ENCASE
- A forensic computing utility that does it all (from archive.org)
Computer
Crime Investigation and Computer Forensics
[PDF] Summer 1997
Destroying
Data ... is it possible April 2006
Malware Detection
- Known File Filtering [PDF] February 2004
An
Historical Perspective of Digital Evidence: A Forensic Scientist’s
View [PDF] Spring 2002
Search
and Seizure of Computers: Key Legal and Practical Issues
Sample
Issue [PDF] April 2004
Computer
Forensics and First Response [PDF Presentation] April 2005
Electronic
Discovery [PDF Presentation] October 2005
Understanding
Computer Forensics [PDF Presentation] April 2005
Digital
Forensics Using Hashsets - National Software Reference Library [HTML
Slideshow] June 2004
Update to
"Using File Hashes to Reduce Forensic Analysis" July 2002
Identification
of Known Files on Computer Systems [PDF Presentation] February 2005
Digital
Forensics - Using Perl to Harvest Hash Sets [HTML Slideshow] June 2004
Academic
Search and Seizure: An Update [PDF] October 2005
Computer
Forensics Search & Seizure: Challenges in Academe [PDF] February
2005
Computer
Forensics Search and Seizure: Challenges in the Academe -An Update
[PDF Presentation] October 2005
The
Technology of CSI and Computer Forensics [PP Presentation] 2003
Computer
Forensics in the Academic Environment [PDF Presentation] October 2004
Tales from
the Abyss: UNIX File Recovery
Collecting
Evidence from Providers [PDF] August 2002
Processing Flash
Memory Media
Internal
Response Teams versus External Consultants - A Decision Matrix [PDF]
February 2004
Operation
Ore – The Tip of the Iceberg? [PDF] March 2003
(UK's largest ever
police hunt against internet paedophiles)
Forensics
and the GSM Mobile Telephone System [PDF] Spring 2003
Digital
Forensics Research [PDF] June 2005
Timestamps in Digital
Forensics 2004
Computer
Forensics [PDF] May 2001
Cyber
Investigations [PP Presentation] October 2005
IP Addresses and You [PP
Presentation]
Forensics
with Linux 101 or How to do Forensics for Free [PDF Presentation] July
2003
Link to theZipped
Tools associated with presentation
Web
Application Incident Response & Forensics: A Whole New Ball Game!
[PDF Presentation] August 2006
Digital
Forensics: Exploring Validation, Verification & Certification
[PDF] August 2005
Towards
a validation framework for forensic tools in Australia [PDF] March
2005
Hidden
Date & Times - Forensic Analysis & Daylight Saving / Time Zone
Pitfalls [PDF] (from archive.org)
Volume
Serial Numbers & Format Verification Date/Time [PDF] October 2003
Conducting
Investigations in Today's Electronic World [PDF Presentation] August
2005
Forensic
Investigation Case Studies and Results [PDF Outline] 2006
Computer
Forensics, Investigations and Security
WinHex as a professional data
recovery and computer investigation tool
Incident
Response Fundamentals Class [PDF Presentation] 2000
Frequently
Asked Questions about The Coroner's Toolkit
Building
a Computer for Forensics [Word doc]
Legal
Aspects of Collecting and Preserving Computer Forensic Evidence [PDF]
April 2001
An
Introduction to Computer Forensics: Gathering Evidence in a Computing
Environment [PDF] June 2001
Encountering
Encrypted Evidence (potential) [PDF] June 2002
Forensic
evidence testimony — some thoughts [PDF] February 2004
Forensics and
the Emerging Importance of Electronic Evidence Gathering [PDF]
November 2001
Setting
up an Electronic Evidence Forensics Laboratory [PDF] February 2004
Explanation of an IP
Address Tracing [Word Document]
The
Value of Computer Forensics [PP Presentation] February 2004
Forensic
Analysis of the Windows Registry [PDF] April 2006
Improving
Government-Wide Emergency Response to Cyber Incidents [PDF] June 2001
The
effectiveness of commercial erasure programs on BitTorrent activity
[PDF] September 2006
Analyzing
Log Files November 1998
High-Tech
Holmes July 2001
Investigating
an Internal Case of Internet Abuse [PDF] September 2001
Oracle
Database Forensics using LogMiner [PDF] January 2005
A Method for
Forensic Previews March 2005
Part 1: An
Introduction to the Field Guide for Investigating Computer Crime
Part 2: Overview
of a Methodology for the Application of Computer Forensics
Part 3: Search and
Seizure Basics
Part 4: Search and
Seizure Planning
Part 5: Search and
Seizure Approach, Documentation, and Location
Part 6: Search and
Seizure - Evidence Retrieval and Processing
Part 7:
Information Discovery - Basics and Planning
Part 8:
Information Discovery - Searching and Processing
The
CERT Virtual Training Environment: Information Assurance and Forensics
Training Anywhere, Anytime [PDF Presentation] March 2006
Security
Forensic on E-commerce [PDF]
The
Enemy Without.. The Enemy Within.. ‘Poisoned’ e-mails can be traced back
to their creators July 2001
Computer
Forensics Education [PDF] July/August 2003
Honeytraps,
A Network Forensic Tool (Paper Draft) [PDF]
Policies to
Enhance Computer and Network Forensics [PDF] June 2001
Policies
to Enhance Computer and Network Forensics [HTML Presentation] June
2001
Responding
and Investigating a Unix Incident with Risk Analysis and Steps to Secure
the System [PDF] June 2004
Windows
Responder’s Guide [PDF] 2003
Basic
Computer Forensic Concept [PDF Presentation] January 2005
Challenges Posed by
Digital Evidence [PDF] October 2004
Chasing
Headers - Tracking the Origin of Email Through Header Data
[Presentation in PDF] August 2003
Forensic
Analysis with F.I.R.E. (GCFA Practical Assignment) [PDF] May 2003
Deleting
Sensitive Information: Why Hitting Delete Isn’t Enough [PDF] March
2002
Authorship
Analysis in Cybercrime Investigation [PP Presentation] 2003
Computer
Based Forensics - A Case Study - U.S. Support to the U.N. [PDF
Presentation] November 1996
Technology
Report: Forensic Security Tools
Excerpt from the article "Law
Enforcement in the Digital Age"
|