| | |
| |
| Forensic Tools |
| |
| The Coroner's Toolkit (TCT) | |
| OSU flow-tools, Review packages | |
| SMART, disk imaging, data recovery and analysis | |
| NTI Windows, DOS, NT Disk imaging, free/slack space searching, etc. | |
| NTLast, Forensics Toolkit, others | |
| Dan Mares Forensic Software sources - Hash, MD5, etc | |
| SomarSoft Utilities. dumpevt, dumpacl, dumpreg (for NT) | |
| Auditing tools for NT and UNIX | |
| Digital Forensic | |
| | |
| |
| Time Stamping |
| |
| Free Timestamping service | |
| Timestamping service in the RedIRIS community | |
| | |
| |
| Investigations |
| |
| Intrusion Investigation and Post-intrusion Computer Forensic Analysis, FIRST 1999 | |
| Wietse Venema and Dan Farmer's Forensic Computing Workshop | |
| Dominique Brezinski and David Dittrich, "Balck Hat Intruder Discovery" | |
| David Dittrich, "Basic Steps in Forensic Analysis of Uniux Systems" | |
| | |
| |
| Articles |
| |
| International Journal of Forensic Computing | |
| Forensic Science Communications | |
| Finding listening processes under NT with Inzider | |
| Several good forensics paper | |
| SecurityFocus (search for forensic) | |
| Peter Gutmann's paper on magnetic and solid state memory | |
| Couple of good papers here on using dd and other forensic issues | |
| | |
| |
| Sites with forensic links |
| |
| David Dittrich's page | |
| Zeno's Forensic Site | |
| FSU Criminology Page | |
