/home/ /research/ /stuff/




This is a growing list of [digital/cyber/computational] forensic related resources. I agree, some serious reorganization is required. Please send any additions, corrections and/or dead-links to kulesh@cis.poly.edu


I am now at Digital Assembly. We just released an excellent photo forensics product called Adroit Photo Forensics and have been helping people recover deleted photos with Adroit Photo Recovery. My new email is kulesh at digital-assembly.com.


//Conferences//
DFRWS Aug. 7- 9, 2002
CSDC Idaho, Sep. 23 - 25, 2002
EAFS 2003, Istanbul, Sep. 22-27, 2003


//People//
Vlasti Broucek
Brian Carrier
Fred Cohen
Dave Dittrich
Dan Farmer
Peter Gutmann
Chet Hosmer
Lance Spitzner
Wietse Venema


//R&D Groups//Projects//News Groups//
The Honeynet Project
WetStone Technologies, Inc. - Cyber-Forensics
CFRDC of Utica College
Mobile Platforms to Support Network Forensics
Computer Forensics - OmniSleuth
Forensics Server Project
Computer Forensics Tool Testing (NIST:CFTT)
Computer Forensics Tool Testing (News Group)
National Software Reference Library(NIST)
Regional Computer Forensics Group (GMU)


//News Groups//Mailing Lists//
AAFS-COMPUTER-LIST [at] lists.mitre.org
forensics [at] securityfocus.com



//Papers//
Not all papers are directly tied to forensics. These are some papers I read and felt some of the ideas can be used in designing forensic hooks and/or useful in forensics some how. For details you can contact me anytime.
A Road Map for Digital Forensic Research (DFRWS 2001 Final Report)
Virtual Hidden Networks
Advanced and Authenticated Marking Schemes for IP Traceback
Why Do Nearest-Neighbour Algorithms Do So Well?
An Algebraic Approach to IP Traceback
Secure Audit Logs to Support Computer Forensics
Detecting Backdoors
Detecting Stepping Stones
Forensic Readiness
Forensic Engineering Techniques for VLSI, CAD tools
Computer Forensics in a LAN Environment
Software Forensics: Extending Authorship Analysis Techniques to Computer Programs
Policies to Enhance Computer and Network Forensics
Intrusion Detection Systems and A View To Its Forensic Applications
Formal Analysis Human-computer Interactions during Accident Investigations
The Application of User Modeling Techniques to Reason about the Human Contribution to Major Accidents
Authorship Analysis: Identifying The Author of a Program
Tracing Anonymous Packets to Their Approximate Source
Mining E-mail Authorship
On The Notion Of Interestingness In Automated Mathematical Discovery
Reacting to Cyberintrusions: Technical, Legal and Ethical Issues
Cryptography and Evidence
Traveling in time from past to future
Comment on 'The Framework for Modelling Computer Viruses and Trojan Horses
The Inevitability of Failure: The Flawed Assumption of Security in Modern Computing Environments
A Recursive TCP Session Protocol for Use in Computer Forensics and Traceback
Use of Correlation algorithms in a database of spent cartridge cases of firearms
Minimizing Bandwidth for Remote Access to Cryptographically Protected Audit Logs
Software Forensics: Can We Track Code to its Authors?
Hash Sets and Their Proper Construction


//Articles//FAQs//Talks//
Data Mining for Security Applications [TeX] [PDF]
Who has machine readable information on you?
Searching and Seizing Computers and Obtaining Electronic Evidence in Criminal Investigations (DoJ)
Building a Forensic Toolkit That Will Protect You From Evil Influences (Blackhat Briefings)
Intrusion Detection & Network Forensics(A talk by Marcus J. Ranum)
A Cop on the Beat: Collecting and Appraising Intrusion Evidence
2001 Computer Crime and Security Survey(FBI:CSI)
Some tips on network forensics
What lawyers and managers should know about computer forensics(A talk)
Computer Crime: An Overview(Article)
Cyberstalking
What is forensic computing?
Developing a Computer Forensics Team: SANS
High Noon on the Electronic Frontier (Some chapters are appropriate forensic reading)
Hiding Crimes in Cyberspace
Best Practices in Network Security
A Cop on the Beat Collecting and Appraising Intrusion Evidence
When security fails
Network Forensics
Digital Evidence Standards A Talk by Don Cavender, FBI Lab
Time-Lining Computer Evidence
Electronic Fingerprints: Computer Evidence Comes Of Age
Forensic Examination Procedures (By IACIS)
Advancing Crime Scene Computer Forensic Techniques
SC Magazine 2001 April (Computer Forensics)
SC Magazine 2000 April (Computer Forensics)
Searching and Seizing Computers and Obtaining Electronic Evidence (DOJ)
Firewall Forensics (What am I seeing?)
Computer Forensic Analysis
Computer Crime Investigator's Toolkit
Forensic Readiness
Electronic Crime Scene Investigation: A Guide for First Responders
Some articles on digital forensics
Protecting information from exposure
Secure Deletion of Data from Magnetic and Solid-State Memory
Forensic Science Communications (Sometimes digital forensics most of the time classical forensics)
Digital Evidence: Standards and Principles
Forensic Computing Journal
Guidelines for Evidence Collection and Archiving (BCP)
Forensic-computer-investigations (A talk)
AP Forensics (Academic Press books on digital forensics)
Introduction to Linux for Law Enforcement
Forensics @ Slashdot


//Forensic Books//
Windows Forensics and Incident Recovery (ISBN: 0321200985)
Computer Forensics and Privacy (ISBN: 1580532837)
Computer Crime Scene Forensics (with CD-ROM) (ISBN: 1584500182)
Digital Evidence and Computer Crime (ISBN: 012162885X)
Handbook of Computer Crime Investigation (ISBN: 0121631036)
Computer Forensics (ISBN: 0201707195)
Cyber Forensics: A Field Manual for Collecting... (ISBN: 0849309557)
High Technology Crime Investigator's Handbook (ISBN: 075067086X)
Incident Response: Investigating Computer Crime (ISBN: 0072131829)
Forensic Computing : A Practitioner's Guide (ISBN: 1852332999)
Know Your Enemy (ISBN: 0201746131)
The CERT(R) Guide to System and Network Security Practices (ISBN: 020173723X)
I-Way Robbery : Crime on the Internet (ISBN: 0750670290)
High Technology Crime Investigator's Handbook (ISBN: 075067086X)
Forensic Computing : A Practitioner's Guide (ISBN: 1852332999)
Fighting Computer Crime : A New Framework for Protecting Information (ISBN: 0471163783)
Information Security Risk Analysis (ISBN: 0849308801)
Inside Internet Security: What Hackers Don't... (ISBN: 0201675161)
Tangled Web: Tales of Digital Crime from the Shadows of Cyberspace (ISBN: 078972443X)


//Tools//

//General Tools//
Streak(Disk imaging)
ProDiscover(NTFS imaging)
Set of PERL scripts for NTFS related issues
Fatback (SourceForge) Undelete for FAT fs (DoD Issue)
Foremost (SourceForge) File recovery on dd images (DoD Issue)
DCFL (SourceForge) Enhanced dd with MD5 (DoD Issue)
Key Katcher Hardware Key Logger (Nice!)
NetDetector, Advanced Network Security and Forensics Analysis System
NTI's Forensic and Security Suites
Collection of forensic tools
Decompilation Page
Decompilers
Tools used by CSIRTs to Collect Incident Data/Evidence (A list by Yuri Demchenko)
EnCase
Disk Wipe & restore
Autoclave (hard drive sterilization on a bootable floppy)
Disk tools
@Stake Forensic Tools
http://www.toolsthatwork.com/ttw-downloads.shtml
Various recovery tools
The Solaris Fingerprint Database

//Handheld Tools//
Pilot-link (Some of its tools can be used for evidence acquisition)
PDA Seizure
http://gnukeyring.sourceforge.net/
Photo Rescue: (An unrm for compact flash in Digital Cameras)

//Boot CDs//
Linuxcare Bootable Toolbox
tomrtbt (Customizeable boot CD)
PLAC (PLAC is a business card sized bootable cdrom running linux.)
Biatchux


//Other Forensic Lists//
TUCOFS - The Ultimate Collection of Forensic Software
Tools used by CSIRTs
Forensics.to Links [1], [2]
Computer Forensics Resources: Guidance Software
A list by Vlasti Broucek
DFRWS Links (Recursive)
Alexander Geschonneck's Security Site


//Orgs., conferences etc.//
Cybercrime.gov CCIPS of DoJ
DoD Computer forensics lab
Handbook of Forensic Services: Evidence Examinations (FBI cyber crime lab)
DFRWS
International Organisation on Computer Evidence
Forensic information technology Working group
International Association of Computer Investigative Specialists
Logicube
Winternals
OnTrack
American Academy of Forensic Sciences
Southeast Cybercrime Institute
High Tech Crime Investigation Association