Computer Forensic Links and Resources

New York Boston Washington, DC

San Francisco Los Angeles Miami

Chicago Denver Albany Redmond

Europe Asia South America    

Computer Forensics Electronic Discovery Security Auditing
  Home | Contact | Site Map

 

COMPUTER FORENSICS Forensic Services

Email Forensics

INCIDENT RESPONSE

TRAINING
CORPORATE SERVICES
ATTORNEYS

PRIVATE INVESTIGATORS

COMPUTER FORENSIC FAQ

COMMON MISTAKES

QUICK ANALYSIS PLAN

FORENSIC PROCESS

CASE STUDIES

CORPORATE CV

REQUEST A QUOTE

FORENSIC LINKS

 

ELECTRONIC DISCOVERY
E-DISCOVERY SERVICES

DISCOVERY CONSULTING

EXPERT WITNESSES
CASE STUDIES

EVOLUTION OF DISCOVERY

STATE OF THE LAW

E-DISCOVERY LAW

E-DISCOVERY LIBRARY

SPOLIATION CASE LAW

E-DISCOVERY NEWS

REQUEST INFORMATION

CORPORATE CV

 

DATA SECURITY
MAINFRAME SECURITY
APPLICATION SECURITY

NETWORK SECURITY

SECURITY ALERTS

END USER TIPS

SECURITY LINKS

 

SOFTWARE
MaxPatrol

KEY FEATURES

ACCURACY

SCAN QUALITY

PERFORMANCE

RELIABILITY

COMPARISONS

CASE STUDIES

DATABASE

UPDATE SYSTEM

DOWNLOAD

 

RESOURCES
CONTACT INFO
COMPUTER FORENSICS
ELECTRONIC DISCOVERY
PARTNERS
PRIVACY POLICY

TERMS OF USE

 

 

New MaxPatrol Demo Available!
New Demo version includes new intelligent algorithms for detection of blind SQL-injection vulnerabilities in ANY (including custom) web-applications.

 

Go to Demo Download page

 

COMPUTER FORENSIC RESOURCES

This section contains links to sites related to Computer and Network Forensics.  These sites are not controlled or maintained by Global Digital Forensics and Global Digital Forensics makes no warranty whatsoever as to the accuracy of the information contained on these sites.

International Cyber Law - a great collection of information including The Global Cyber Law Survey, Penal Legislation from over 60 countries.

Great Forensic Links:

*       Guidelines for Evidence Collection and Archiving RFC3227

*       PDA Forensic Tools an Overview from NIST

*       Online Forensics of Win/32 System

*       Forensic Examination of Digital Evidence: A Guide for Law Enforcement

*       Notes on dd and Odd Sized Disks

*       finding security settings in windows registry files

*       Using Linux VMware and SMART to Create a Virtual Computer to Recreate a Suspect's Computer

*       test results for the disk imaging tool dd from the U.S. National Insitut of Justice

*       an interesting testimonial about Imaging and Authentication of Computer Hard Drive or Data

*       link collection about forensics with opensource tools

*       File system and disk images for testing digital forensic analysis and acquisition tools by Brian Carrier

*       Wayne's Forensics and Incident Response Resources

*       Pocket PC Security Resources

*       Paper about disk cloning

*       Setting up for Forensics. You have just been hacked! What do you do next?

*       Der Cyberfahnder (german)

*       WebMail Forensics

*       Forensics Portal

*       Metadata analysis on Mac Filesystems

*       Macintosh forensic analysis using OS X

*       Forensic Analysis of a Compromised Mac OS X (Client) Machine

*       Link Collection to Mac Forensics

*       A detailed forensic analysis of a Mac OS X system using primarily open source forensic utilities on a Mac OS X analysis system

*       yet another forensic tools link collection

*       Forensics with Linux 101 or How to do Forensics for Free

*       Forensics and the GSM mobile telephone system

*       www.incident-response.org infos and tools for the morning after

*       Help! How do I recover that important file? (Dan Farmer)

*       Memory Imaging and Forensic Analysis of Palm OS Devices with pdd

*       forensic tool designed to capture data and report on data from a PDA

*       Computer Forensic Analysis Class (Dan & Wietse)

*       Firewall Forensics (What am I seeing?)

*       Help! Someone has broken into my system! (Dan Farmer)

*       Computer forensics can help companies uncover the digital truth

*       FTP Attack Case Study

*       How the FBI Investigates Computer Crime

*       Anatomy of a Break-In

*       The "Know Your Enemy" Series from the honeynet project: I II III

*       Phrack #43: Playing Hide and Seek, Unix style ( Phrack Magazine Vol.4/43, File 14 of 27 )

*       Phrack #59: Defeating Forensic Analysis on Unix - something that forensic investigators should know

*       Electronic Crime Scene Investigation: A Guide for First Responder

*       Cloning Operating Systems with dd and netcat

*       Win2K First Responder's Guide

*       How to duplicate a complete PC via network

*       Digital Forensic - Learning from Intrusions (german language) local copy

*       Computers & Forensics on Reddy's Forensic Page

*       Computer Investigation on Zeno's Forensic Site

*       Hacker Profiling

*       DD and Computer Forensics: Examples of Using DD within UNIX to Create Physical Backups

*       Digital Forensic Links

*       Basic Steps in Forensic Analysis of Unix Systems

*       List of possible Trojan/Backdoor port activity

*       The Dark Side of NTFS (NTFS alternate data streams)

*       E-Evidence Information Center

*       Known Goods a checksum database

*       File Slack Defined

*       Computer Forensics News and Discussion

*       Computer Forensics Tool Testing (CFTT) Project Web Site

*       Forensic Examination of a RIM (BlackBerry) Wireless Device

*       Default TTL values in TCP/IP (for forensic hopcount analysis)

*       another article about TTL values

*       Using special names, when dd'ing images from cygwin/Windows

*       Flash movies from Guidance Software:

*       How to Create an EnCase Boot Disk

*       How to Do a "Drive toDrive" Acquisition

*       How to Do a Network Cable Acquisition

*       How to Acquire a Palm PDA

*       How to Acquire a RAID, etc.

*       Big wordlist of linux rootkits (you can use this list for keyword searches on forensic images)

*       Forensics and Incident Response on SecurityFocus

*       Finding Hidden Data

*       Articles and Whitepapers on Computer Forensics Resource Center

*       Linux Data Hiding and Recovery

*       How to Design a Useful Incident Response Policy

*       Detecting and Removing Malicious Code

*       Recovering and Examining Computer Forensic Evidence

*       The National Center for Forensic Science: Digitale Evidence

*       Digital Evidence: Standards and Principles

*       Root Kits FAQ from Dave Dittrich

*       You should take a closer look at this Root Kit List

*       Clearing House for Incident Handling Tools

*       Avoiding the Trial-by-Fire Approach to Security Incidents

*       The File Extension Source

*       Open Source Digital Forensics

*       Open Source Computer Forensics Manual

*       Computer Forensics Hardware

*       Digital Intelligence

*       Forensics-Computers

*       ForensicPC.com

*       ICS

*       Logicube

*       MyKey Technology

*       WiebeTECH

*       Forensics and Incident Response bootable Linux CDs

*       You probably allready know KNOPPIX. The bootable CD with a collection of GNU/Linux software, automatic hardware detection, and support for many graphics cards, sound cards, SCSI and USB devices and other peripherals. Knoppix STD (STD: Security Tools Distribution) is a special security tools distribution with lots of forensic tools.

*       F.I.R.E Forensic and Incident Response Environment Bootable CD (known as biatchux)

*       F.I.R.E. enhancements

*       Helix is a customized distribution of the Knoppix Live Linux CD

*       The Penguin Sleuth Kit Bootable CD

*       Trinux

*       Plan-B

*       PHLAK Professional Hackers Linux Assault Kit (well, not a special forensics distro ;-))

*       Local Area Security Linux

*       LNX-BBC

*       Computer Forensics Software

*       Statically Stripped Incident Response and Forensic Binaries

*       Linux x86 Static Binaries

*       Solaris 2.7 Static Binaries

*       Win32 Static Binaries

*       GNU Utilities for Win32

*       Free Forensic Tools from NTI (New Technologies Inc.), Free Law Enforcement Suite

*       Alphabetical List of Computer Forensics Products

*       Forensic Software Sources

*       ResponseKits First Aid Kits for Unix & Windows

*       EnCase Forensic Solutions

*       ListDLLs is able to show you the full path names of loaded modules

*       Handle is a utility that displays information about open handles for any process in the system.

*       PsList is utility that shows you a combination of the information obtainable individually with pmon and pstat. You can view process CPU and memory information, or thread statistics.

*       Procdmp.pl is a script the correlates the output of several commands that are usually run during incident response activities.

*       dd for Windows

*       cryptcat = netcat + encryption

*       Forensic Tools and Utilities

*       Recover is a utility which automates some steps as described in the Ext2fs-Undeletion howto in order to recover a lost file

*       e2undel is an interactive console tool that recovers the data of deleted files on an ext2 file system under Linux

*       mac-robber is a forensics and incident response program that collects Modified, Access, and Change (MAC) times from files.

*       mac_daddy MAC Time collector for forensic incident response. This toolset is a modified version of the two programs tree.pl and mactime from the Coroner's Toolkit. This program is portable and can be run directly from a floppy or a cdrom with a perl interpreter.

*       The Coroner's Toolkit TCT is a collection of programs by Dan Farmer and Wietse Venema for a post-mortem analysis of a UNIX system after break-in

*       Computer Forensics Software TCTUTILs is a collection of utilities that adds functionality to The Coroners Toolkit and the Autopsy Forensic Browser

*       The Autopsy Forensic Browser is a graphical interface to utilities found in The Coroners Toolkit (TCT) and TCTUTILs. It allows drive images to be analyzed at a file, block, and inode level. It also allows easy searches for strings in images.

*       New Versions: The @stake Sleuth Kit (TASK) and Autopsy Forensic Browser

*       pdd (Palm dd) is a Windows-based tool for for memory imaging and forensic acquisition of data from the Palm OS family of PDAs. pdd will preserve the crime scene by obtaining a bit-for-bit image or "snapshot" of the Palm device's memory contents. Such data can be used by forensic investigators, incident response teams, and criminal and civil prosecutors.

*       foremost automatic file recovering

*       ILook Investigator a forensic analysis tool

*       Streak - the secure forensic imaging tool

*       md5deep is a cross-platform program to compute MD5 message digests on an arbitrary number of files with the following features: Recursive operation, Time estimation and Comparison mode

*       SectorSpy is a forensics analysis and text data recovery tool
for computer hard drives and diskettes

*       Win32 First Responder's Analyzer Tookit is a batch file developed on a SecurityFocus article highlighting the use of simple scripts on Windows32 platforms to perform basic security tasks. This script uses various Windows and 3rd Party tools to provide an effective forensic snapshot of your computer.

*       PenguinBackup formerly known as "The PalmPilot single-floppy backup system"

*       FTimes is a system baselining and evidence collection tool. The primary purpose of FTimes is to gather and/or develop information about specified directories and files in a manner conducive to intrusion analysis.

*       HashDig technology is a collection of utilities designed to help practitioners automate the process of resolving MD5 hashes.

*       IEHist dumps Internet Explorer history from index.dat files into
delimited files suitable for import into other tools.

*       Data recovery tools

*       LADS - List Alternate DataStreams

*       ASR Data - Computer Forensic Tools (SMART)

*       PLAC (Portable Linux Auditing CD) is a business card sized bootable cdrom running linux. It has network auditing, disk recovery, and forensic analysis tools.

*       MetaData Extractor is a perlscript to extract metadata and other information from MS Word files.

*       Forensic Acquisition Utilities

*       DCFL-DD - (an enhanced dd with MD5 hashing)

*       Fatback- undelete files from FAT filesystems

*       odessa "Open Digital Evidence Search and Seizure Architecture"

*       Disk Investigator. Who needs another one?

*       Perl Script to find Alternate Data Streams on NTFS

*       FileDisk is a virtual disk driver for Windows NT/2000/XP that uses one or more files to emulate physical disks. A console application is included that let you dynamically mount and unmount files. With FileDisk you can mount forensic dd-images read only for further analysis.

*       Evidor is a particularly easy and convenient way for any investigator to find and gather digital evidence on computer media.

*       WinHex is a universal hexadecimal editor, particularly helpful in the realm of computer forensics, data recovery, low-level data processing

*       Paraben's E-Mail examiner supports many mailbox formats

*       NT registry filesystem for linux

*       PropertiesPlus can modify file attributes, file extensions, and the time stamps of single files, multiple files, or files contained within the folders and display the bytes allocated

*       Antiword for reading ascii content of world files

*       Metadata Assistant: Finding hidden data in word and excel files