Tools and Information To Use In Performing A Forensic Investigation
Articles and information to help you learn what you need to know to perform a computer forensic investigation and what the requirements are for collected data to qualify as legal evidence.
Top Forensic & Incident Response Books
Click here to see my Top Picks for books specifically about computer forensic investigations and incident handling & response.
Click here to see my Top Picks for books specifically about computer forensic investigations and incident handling & response.
A Guide to Forensic Testimony
A Guide to Forensic Testimony: The Art and Practice of Presenting Testimony as an Expert Witness is a great niche book discussing the technical and ethical issues of being an expert technical witness.
A Guide to Forensic Testimony: The Art and Practice of Presenting Testimony as an Expert Witness is a great niche book discussing the technical and ethical issues of being an expert technical witness.
Computer Forensics: Incident Response Essentials
Walter Kruse II and Jay Heiser combine their years of computer forensics experience to bring us a well-written and easy to read introduction to the fundamentals of computer forensic investigations.
Walter Kruse II and Jay Heiser combine their years of computer forensics experience to bring us a well-written and easy to read introduction to the fundamentals of computer forensic investigations.
ForensicFocus.com
A web site dedicated to forensic investigation and incident response. The message boards are filled with great information and the members range from seasoned professionals to those new to the field of computer forensics.
A web site dedicated to forensic investigation and incident response. The message boards are filled with great information and the members range from seasoned professionals to those new to the field of computer forensics.
Federal Guidelines for Searching and Seizing Computers
These Guidelines are the product of an interagency group, informally called the Computer Search and Seizure Working Group. Its members were lawyers, agents, and technical experts from the Federal Bureau of Investigation; the United States Secret Service; the Internal Revenue Service; the Drug Enforcement Administration; the United States Customs Service; the Bureau of Alcohol, Tobacco,....
These Guidelines are the product of an interagency group, informally called the Computer Search and Seizure Working Group. Its members were lawyers, agents, and technical experts from the Federal Bureau of Investigation; the United States Secret Service; the Internal Revenue Service; the Drug Enforcement Administration; the United States Customs Service; the Bureau of Alcohol, Tobacco,....
Secure Audit Logs to Support Computer Forensics
In many real-world applications, sensitive information must be kept in log files on an untrusted machine. In the event that an attacker captures this machine, we would like to guarantee that he will gain little or no information from the log files and to limit his ability to corrupt the log files. We describe a computationally cheap method...
In many real-world applications, sensitive information must be kept in log files on an untrusted machine. In the event that an attacker captures this machine, we would like to guarantee that he will gain little or no information from the log files and to limit his ability to corrupt the log files. We describe a computationally cheap method...
Minimize Access To Cryptographically Protected Audit Logs
Tamperproof audit logs are an essential tool for computer forensics. Building on the work in [SK98,SK99], we show how to build a tamperproof audit log where the amount of information exchange required to verify the entries in the audit log is greatly reduced. By making audit-log verification...
Tamperproof audit logs are an essential tool for computer forensics. Building on the work in [SK98,SK99], we show how to build a tamperproof audit log where the amount of information exchange required to verify the entries in the audit log is greatly reduced. By making audit-log verification...
Software Forensics: Can We Track Code to its Authors?
Viruses, worms, trojan horses, and crackers all exis tand threaten the security of our computer systems. Often, we are aware of an intrusion only after it has occurred. On some occasions, we may have a fragment of code left behind × used by an adversary to gain access or damage the system. A natural question to ask is ÓCan we use this remnant of code to positively identify the culprit?
Viruses, worms, trojan horses, and crackers all exis tand threaten the security of our computer systems. Often, we are aware of an intrusion only after it has occurred. On some occasions, we may have a fragment of code left behind × used by an adversary to gain access or damage the system. A natural question to ask is ÓCan we use this remnant of code to positively identify the culprit?
Investigating and Prosecuting Network Intrusions
The Santa Clara County District Attorney's Office Hi Tech / Computer Crime Team has had years of experience investigating and prosecuting trade secret thefts, network intrusions, chip thefts, and other types of high technology thefts in Silicon Valley. The Unit is composed of two Deputy District Attorneys and one Investigator.
The Santa Clara County District Attorney's Office Hi Tech / Computer Crime Team has had years of experience investigating and prosecuting trade secret thefts, network intrusions, chip thefts, and other types of high technology thefts in Silicon Valley. The Unit is composed of two Deputy District Attorneys and one Investigator.
Will a trunk-mounted radio damage computer evidence?
Recently we have seen several alarming warnings about the dangers of placing computer evidence in the trunk of a police car containing a trunk-mounted radio. These articles claimed that the RF energy of the nearby radio would corrupt the computer evidence. We found these claims interesting, so we decided to conduct a test.
Recently we have seen several alarming warnings about the dangers of placing computer evidence in the trunk of a police car containing a trunk-mounted radio. These articles claimed that the RF energy of the nearby radio would corrupt the computer evidence. We found these claims interesting, so we decided to conduct a test.
Computer Forensic Analysis
A site with educational material and useful information on computer forensic analysis.
A site with educational material and useful information on computer forensic analysis.