 |
Digital Forensics Research
General
http://www.e-evidence.info - The Electronic Evidence Info Center
http://www1.cj.msu.edu/~academic/forenlinks.html - Forensic Science and Law Enforcement Links
http://www.computer-forensics.net/ - Center for Computer Forensics
http://www.cybersciencelab.com/_public/index.html - Cyber Science Lab
http://www.nw3c.org/ - National White Collar Crime Center
http://www.ectaskforce.org/ - Electronic Crimes Task Force
http://www.cerias.purdue.edu/research/forensics/ - The Center for Education and Research in Information Assurance and Security (CERIAS)
Legal
Ethics
http://www.stltechnews.com/featured.htm - article by Thomas Smith (can reach him on LinkedIn)
E-Discovery
http://www.ediscoveryresourcecenter.com/
Open Source Digital Forensics Tools - The Legal Argument - http://homes.cerias.purdue.edu/~carrier/forensics/docs/opensrc_legal.pdf
Internet Resources on Technology Law
Legal and court-related sites
http://www.ih200.net/ira/legal/htm
Glossary of terms - http://www.uscourts.gov/library/glossary.html
Federal Rules of Criminal Procedure at Cornell Law School - http://www.law.cornell.edu/rules/frcrmp/
Federal Rules of Civil Procedure at Cornell Law School - http://www.law.cornell.edu/rules/frcp/
Rules Concerning the discovery of "electronically stored information - affect rule s 16, 26, 33, 34, 37, 35- http://uscourts.gov/rules/newrules6.html#cv0804
Pending Ammendments - http://www.uscourts.gov/rules/#juudicial0905 and http://www.uscourts.gov/rules/comment2005/CVAug04.pdf
Exlusionary Rules (Federal Rules of Evidence - 1975) as it applies to e-evidence
http://www.law.cornell.edu/rules/fre - Legal Information Institute (LII)
Cybrary - The World Criminal Justice Directory - http://ww.talkjustice.com/cybrary.asp
Daubert Test for Expert Witness - http://supct.law.cornell.edu/supct/html/92-102.ZS.html
Daubert in a Nut Shell - http://www.daubertontheweb.com/Chapter_2.htm
Forensic-evidence excluded - http://www.forensic-evidence.com/site/ID/Cole_junksci.html
ECPA (Electronic Communication Privacy Act of 1986 - http://www.usiia.org/legis/ecpa.html
US Patriot Act of 2001 - www.usdoj.gov/criminal/cybercrime/PatriotAct.htm
http://www.cybercrime.gov/PatriotAct.htm
Fact Sheet - http://www.usdoj.gov/opa/pr/2005/April/05_opa_163.htm
Warrantless Electronic Surverllance Issues
http://www.commondreams.org/headlines05/1216-01.htm
http://opensocietypolicycenter.org
http://www.usdoj.gov/ag/speeches/2006/ag_speech_060206.html
http://news.findlaw.com/legalnews/documents/archive_n.html
Best Practices for Seizing Electronic Evidence
The U.S. Secret Service's http://www.secretservice.gov/electronic_evidence.shtml
The DOJ's "Searching and Seizing Computers and Obtaining Electronic Evidence in Criminal Investigations" (HTML | PDF) "Electronic Crime Scene Investigation: A Guide for First Responders" (DOJ)
"Forensic Examination of Digital Evidence: A Guide for Law Enforcement" (NIJ)
The National Center for Forensic Science "Digital Evidence in the Courtroom: A Guide for Preparing Digital Evidence for Courtroom Presentation" (draft)
The Internet Engineering Task Force's "Guidelines for Evidence Collection and Archiving" (RFC 3227)
"Computer Crime & Legal Issues" section of GCK's Cybercrime and Cyberforensics-related URLs.
Digital Inteligence
http://www.digitalintelligence.com/index.php
Recover Deleted Messages in Outlook
Trick Outlook into re-indexing deleted messages - http://www.outlook-tips.net/howto/recover_deleted.htm
Viewer for Outlook messages .msg files - http://www.redsofts.com/soft/824/39883/Viewer_for_MS_Outlook_Messages.html
MS Word File Headers
http://www.computerbytesman.com/privacy/blair.htm - as cited in Computer Forensics by Volonimo
MAC
http://www.forensicfocus.com/apple-mac-os-x-property-list - Dennis Browning paper
Windows and Linux
Enforcement and Forensic Examiner's Introduction to Linux- http://www.linuxleo.com/
Autopsy, Sleuth Kit and dtSearch - www.sleuthkit.org/autopsy
Encase - http://www.guidancesoftware.com
FTK (Forensic Toolkit) from Accesss Data - http://www.accessdata.com
File Chaining and FAT Cluster Alocation - http://www.pcguide.com/ref/hdd/file/clustChaining-c.html
Brian Carrier - http://homes.cerias.purdue.edu/~carrier/
ProDiscover Remote Agent - http://toorcon.techpathways.com/uploads/RemoteAgentUseAndTroubleshooting.pdf
DD Multiple DD Files Problem - http://toorcon.techpathways.com/cs/forms/thread/97.aspx
Download Messier Case .pds file for assignment #7 - Messier_DD_Image.pds
Hex Editors
WinHex - http://www.x-ways.net
UltraEditor - http://www.ultraedit.com/
Computer Forensic Tool Testing Programs
http://www.cftt.nist.gov/disk_imaging.htm
http://www.ojp.usdoj.gov/nij/topics/ecrime/cftt.htm
Brian Carrier - http://dftt.sourceforge.net/
Training
Canegie-Mellon CERT - https://www.vte.cert.org/vteweb/
Forms
Chain of Custody - http://csoonline.com/read/120105/sample_chain_custody.pdf
Test Files
Floppy Images for classroom use only - df/20070928.EVIDENCE.zip
VIDEO_CD.zip FOR240 Videos
http://www.cfreds.nist.gov/ - NIST
Opening Different File Formats
http://search.techrepublic.com.com/search/file+formats.html
Partition Type Identifier
http://www.win.tue.nl/~aeb/partitions/partition_types-1.html
How to write protect USB devices
White paper from Access Data - http://www.accessdata.com/common/pagedetail.aspx?PageCode=whitepapers
Image Memory
dd.exe if=\.\PhysicalMemory of=x:\path\123.dd bs=4k conv=noerror
http://seclists.org/basics/2006/Dec/0097.html
Cybercrime
Inside a Modern Malware Distribution System
http://www.eweek.com/article2/0,1895,2239276,00.asp
This page was last updated 04 October 2007
This site managed Cristian Balan