| | |
|
Forensic Tools |
|
The Coroner's Toolkit (TCT) | |
OSU flow-tools, Review packages | |
SMART, disk imaging, data recovery and analysis | |
NTI Windows, DOS, NT Disk imaging, free/slack space searching, etc. | |
NTLast, Forensics Toolkit, others | |
Dan Mares Forensic Software sources - Hash, MD5, etc | |
SomarSoft Utilities. dumpevt, dumpacl, dumpreg (for NT) | |
Auditing tools for NT and UNIX | |
Digital Forensic | |
| | |
|
Time Stamping |
|
Free Timestamping service | |
Timestamping service in the RedIRIS community | |
| | |
|
Investigations |
|
Intrusion Investigation and Post-intrusion Computer Forensic Analysis, FIRST 1999 | |
Wietse Venema and Dan Farmer's Forensic Computing Workshop | |
Dominique Brezinski and David Dittrich, "Balck Hat Intruder Discovery" | |
David Dittrich, "Basic Steps in Forensic Analysis of Uniux Systems" | |
| | |
|
Articles |
|
International Journal of Forensic Computing | |
Forensic Science Communications | |
Finding listening processes under NT with Inzider | |
Several good forensics paper | |
SecurityFocus (search for forensic) | |
Peter Gutmann's paper on magnetic and solid state memory | |
Couple of good papers here on using dd and other forensic issues | |
| | |
|
Sites with forensic links |
|
David Dittrich's page | |
Zeno's Forensic Site | |
FSU Criminology Page | |