Digital Forensics Articles Links

Articles

• DFIR List Serv <dfir@lists.sans.org>
• IJDE, International Journal of Digital Evidence (IJDE)
• NIJ, U.S. Department of Justice National Institute of Justice (NIJ)
• NIJ, U.S. Department of Justice National Institute of Justice (NIJ) Electronic Crime Scene Investigation: A Guide for First Responders
• NIJ, Department of Justice National Institute of Justice (NIJ) Forensic Examination of Digital Evidence: A Guide for Law Enforcement
• NCFS, National Center for Forensic Science (NCFS)
• DCFL, Department of Defense Computer Forensics Laboratory (DCFL)
• The Computer Forensic Reference Data Sets (CFReDS) Project (NIST)
• Journal of Digital Forensics, Security and Law (JDFSL), including  Solid State Drives: The Beginning of the End for Current Practice in Digital Forensic Recovery? [pdf] by Graeme B. Bell and Richard Boddington
• Computer Forensics, Cybercrime and Steganography Resources forensics.nl
• Forensic Focus
• Digital Forensics Solutions a blog covering DFS’s experiences in computer security and digital forensics
• The Challenges Facing Computer Forensics Investigators in Obtaining Information from Mobile Devices for Use in Criminal Investigationsby David W. Bennett (Forensic Focus)
  A brief overview of Forensic considerations, with application to mobile devices.
• How to Create an Open Source Network Forensics Appliance (Forensic Focus)
• Digital Forensics Research Conference
• Benjamin Wright Senior Instructor – IT Security Law at SANS Institute
• Carnegie Mellon University and Foundstone: Design and Implementation of a Remote Forensic System [pdf]
• De-Anonymizing Live CDs through Physical Memory Analysis [pdf] by Andrew Case
• Case studies from Precision Computer Investigations, LLC
• University of Delaware Police, Computer Forensics Lab Resource Site Resources for Computer Forensic Examiners
• University of Delaware Police Time Change Captured in Event Log
• IACIS International Association of Computer Investigative Specialists
• SANS Digital Forensics Case Leads for March 18, 2010
• crazytrain.com Thomas Rude
• metaforensics.com conferences & training opportunities
• State requirements for Private Investigator licensing
• Microsoft Fundamental Computer Investigation Guide For Windows
• Microsoft Computer Forensics: Disk Imaging Overview
• ComputerCops How you got infected
• Code Project Read the Internet Explorer cache in VB
• Matthias Hofherr, Forensics, Intrusion Detection, Security Technology
• Digital Detective Forensic Computing Tools & Utilities
• Digital Intelligence Software, Hardware, Training & Services
• ASR Data Acquisition & Analysis, LLC. Homepage for SMART forensics.
• Forensic Computers Forensic Hardware, & Training
• M2CFG M2CFG, Mid-Michigan Computer Forensics Group
• Didier Stevens forensic articles, utilities
• New Technologies, Inc. (NTI) computer security training and tools specific to law enforcement
• cybercrime.gov Computer Crime and Intellectual Property Section (CCIPS) of the Criminal Division of the U. S. Department of Justice
• htcia.gov International High Technology Crime Investigation Association
• securityfocus.com “Web Browser Forensics, Part 1” and “Part 2“, “A Method for Forensic Previews“, “Windows NTFS Alternate Data Streams“, “Detecting Rootkits And Kernel-level Compromises In Linux“, “Forensic Analysis of a Live Linux System, Pt. 1“, “Forensic Analysis of a Live Linux System, Pt. 2“, “Incident Response Tools For Unix, Part Two: File-System Tools“, “Maintaining System Integrity During Forensics“, “Tracking Down the Phantom Host“
• Volume Shadow Copy Forensics Part 1, Part 2 using Robocopy
• trcglobal.com Technical Resource Center (Neil Broom, Atlanta, instructor and contributing author of Computer Forensics Jumpstart)
• e-evidence.info The Electronic Evidence Information Center
• windows-ir.com forensic server project
• forensicfocus.com forensic papers
• ntsecurity.nu Forensic RAM dumping
• nist.gov NIST hacking case
• US Code 18 Federal Child Pornography statute
• US Code 18 “Pen register” and “trap and trace” statutes
• US Code 18 ECPA wiretap provisions
• US Code 18 Stored Communication Act
• US Code 18 Computer Fraud and Abuse Act
• US Code 18 CALEA text
• Communications Assistance for Law Enforcement Act (CALEA) information
• US Code 50 Foreign Intelligence Surveillance Act (FISA)
• USA-PATRIOT Act
• Department of Justice letter of response regarding USA-PATRIOT Act [pdf]
• Analysis of USA-PATRIOT Act
• DOJ perspective on wiretaps and computer investigations
• Federal wiretap statistics
• Mark Halligan’s Economic Espionage Act site
• National Conference of State Legislatures summary of state laws relating to surveillance
• National Security Institute links to state computer crime laws
• Konop v. Hawaiian Airlines Inc.
• Analysis of hidden data in NTFS file system Cheong Kai Wee
• Computer Crime & Intellectual Property Section
  United States Department of Justice
  Electronic Evidence and Search & Seizure Legal Resources
  Searching and Seizing Computers and Obtaining Electronic Evidence in Criminal Investigations
• Computer Forensics: Incident Response Essentials
  by Warren G. Kruse and Jay G. Heiser
• Digital Forensics for Legal Professionals: Understanding Digital Evidence From The Warrant To The Courtroom by Larry Daniel and Lars Daniel
• Computer Forensic Blog Andreas Schuster
• Computer Forensics/E-Discovery Tips/Tricks and Information Mark McKinnon’s blog
• Computer Forensics Resources Collection of Forensics links maintained by Global Digital Forensics
• Digital Forensics Magazine
• E-Evidence Information Center Digital Forensics articles and links
• FAQ: What is the impact of e-discovery law on IT operations?
• FAT Technical Reference Microsoft
• Federal Rules of Evidence Legal Information Institute at Cornell University Law School
• File Signatures Tim Coakley’s file signature database. Extend what ProDiscover and Scalpel detect.
• File Signatures Gary Kessler on file signatures
• File System Forensic Analysis by Brian Carrier
• Forensic Analysis of Internet Explorer Activity Files [pdf] by Keith J. Jones
• Forensic Analysis of Microsoft Windows Recycle Bin Records [pdf] by Keith J. Jones
• Forensic Analysis of System Restore Points in Microsoft Windows XP [pdf] by Kris Harms, MANDIANT Corporation. Walks through a case which was aided by an understanding of the Windows System Restore Points. If the Mandiant link is no longer available, “MRPA_WhitePaper.pdf” has also been posted to pdf Search Engine.
• Analysis of Time Information for Digital Investigation Jewan Bang
• “Facebook Forensics” paper published by Valkyrie-X Security Research Group July 2011.
• Forensics and Recovery, LLC Paul A. Henry, author of Information Security Management Handbook and other books
• Forensics Wiki Links to articles, tools, file analysis
• ForensicKB Lance Mueller
• Hany Farid: Research about images, image manipulation, digital forensics and steganography
• Integriography: A Journal of Broken Locks, Ethics, and Computer Forensics, from David Kovar
• IsoBuster Help
• Microsoft Windows Internals (4th Edition): Microsoft Windows Server 2003, Windows XP, and Windows 2000
• National White Collar Crime Center (NW3C)
• NTFS Disk Internals NTFS indices
• NTFS Technical Reference Microsoft
• SANS Computer Forensics and eDiscovery blog with Rob Lee
• Scientific Working Group on Digital Evidence (SWGDE) Forensic practices and research
• Upgrading and Repairing PCs (14th Edition) by Scott Mueller
• Volatile Systems Blog Aaron Walters
• Volatility: Volatile Memory Analysis Research Aaron Walter
• Volatility Labs Cheat Sheets
• Rekall
• Windows Forensics and Incident Recovery by Harlan Carvey
• Computer Forensics: Computer Crime Scene Investigation (Networking Series) (Charles River Media Networking/Security) by John R. Vacca
• Cyber Forensics: A Field Manual for Collecting, Examining, and Preserving Evidence of Computer Crimes, Second Edition (Information Security) by Albert J Marcella, Jr. and Doug Menendez
• Windows Vista and Windows 7 Shadow Volume Forensics
• X-Ways Forensics / WinHex User Manual [pdf]
• Mac OS X Forensics George Starcher; George Starcher has additional software at https://www.georgestarcher.com/ and http://www.georgestarcher.net/
• Android Forensics: Investigation, Analysis and Mobile Security for Google Android by Andrew Hoog
• Caution, Mac users:: “gotomypc” does not notify the user when someone else is connected to the computer remotely. (“logmein” does.) Also, check the system preferences for Apple’s Mobile Me setting for “Back To My Mac.” This option controls who has remote desktop into the Mac. Check the logs under either/system/Library/Logs or ~/library/logs.

Blogs

Forensic Focus blog
Forensic Computing blog
Forensic Incident Response blog
Windows Incident Response blog
Computer Forensic blog
A Day in the Life of an Information Security Investigator blog
http://cfed-ttf.blogspot.com
http://forensicpagefile.blogspot.com
http://www.forensickb.com
http://www.computerforensicsblog.com
http://trewmte.blogspot.com
http://www.forensicinnovations.com/blog
http://happyasamonkey.wordpress.com
http://forensicsfromthesausagefactory.blogspot.com/
http://marshalla99.wordpress.com/

Mailing lists

http://www.forensicfocus.com/computer-forensics-list
http://www.securityfocus.com/archive/104 (Forensics list)
http://groups.yahoo.com/group/linux_forensics/
http://groups.yahoo.com/group/ComputerForensicJobs/
http://groups.yahoo.com/group/cftt/
https://lists.sourceforge.net/lists/listinfo/sleuthkit-users
https://lists.sans.org/mailman/listinfo/dfir

Podcasts

http://www.cybercrime101.com
http://cyberspeak.libsyn.com
http://forensic4cast.com

Wikis

http://www.forensicswiki.org
http://www.forensicwiki.com

Resource directories

http://www.e-evidence.info/
http://forensiccontrol.com/fcresources.php (software)
http://www.garykessler.net/library/forensicsurl.html

Publications

http://www.ijde.org
http://www.compseconline.com/digitalinvestigation/
Blue Team Handbook by Don Murdoch recommends Blue Team Field Manual by Ben Clarke

Challenges

GrrCON2016 challenge:
https://ir.e-corp.biz/home
GrrCON2015 challenge:
https://drive.google.com/drive/mobile/folders/0Bz3L4ZnVlUY8ZmFmajQ3TUo0V1k?usp=sharing