Forensics Resources

I put together some links and references for people to gather some information about forensics. Enjoy...


http://www.truecrypt.org

Title:Free Open Source On-The-Fly Encryption
Description: Micrsoft has whole disk encryption in Vista Ultimate and Enterprise. However, if you're not up to speed with Vista, TrueCrypt provides a very cool way to encrypt files with your own created mount points.


http://www.microsoft.com/windows/products/windowsvista/features/details/bitlocker.mspx

Title:Microsoft Vista BitLocker Drive Encryption
Description: BitLocker Drive Encryption is a data protection feature available in Windows Vista Enterprise and Ultimate. Windows BitLocker is for both business and personal users who need to help protect sensitive data on their PC.


http://www.xs4all.nl/~carlo17/howto/undelete_ext3.html

Title:How to Undelete EXT3 Filesystem
Description: Very interesting,in depth, article on recovering the EXT3 filesystem. This is something that the EXT3 FAQ states is impossible.


http://www.antiphishing.org/resources.html

Title:Anti Phishing web site
Description: Report phishing emails, pharming sites and crimeware to the Anti-Phishing Working Group and help stop this insidious threat to e-commerce. Click "Report Phishing" link below for instructions.


http://www.securitypronews.com/insiderreports/insider/spn-49-20080627ICANNIANAFallPreyToHacks.html

Title:IANA/ICANN Hacked
Description: One might expect the domains for the Internet Corporation for Assigned Names and Numbers (ICANN) or the Internet Assigned Numbers Authority (IANA) to be a little more resilient in the face of hackers attempting to hijack their domains.
One would be mistaken in that assumption.


http://www.digitalforensics.ch/nikkel05b.pdf

Title:Open Source Forensics
Description: Great presentation on OSS forensics tools.



http://www.usdoj.gov/criminal/cybercrime/forensics_chart.pdf

Title:Digital Forensic Analysis Methodology
Description: Found this on the DOJ site and found it very interesting outline.


http://www.ietf.org/rfc/rfc3227.txt

Title:RFC 3227 - Guidelines for Evidence Collection and Archiving
Description: This document specifies an Internet Best Current Practices for the Internet Community.


http://www.phrack.org/issues.html?issue=64&id=14#article

Title:Phrack Issue 64 File 10
Description: Phrack's usually a good read, though perhaps not what you would like work to see you reading. This article is entitled "Knowing your Enemy: Facing the Cops".


http://www.e-fense.com/helix

Title:Digital Forensic Live CD
Description: Windows and Linux Live CD full of useful forensic and incident response tools.


http://cups.cs.cmu.edu/antiphishing_phil/

Title:A game to teach one what to look for from the slick phishing sites
Description: This is an anti-phishing game from Carnegie Mellon CUPS to help one get a better understanding of what to look for, enjoy. This is very useful, check it out before you get fooled.


http://www.e-fense.com/helix/

Title:Helix
Description: Helix is a customized distribution of Ubuntu Linux. Helix is more than just a bootable live CD. You can still boot into a customized Linux environment that includes customized linux kernels, excellent hardware detection and many applications dedicated to Incident Response and Forensics.


http://www.fileshredder.org/

Title:File Shredder
Description: In order to remove, or shred files permanently from your system you have to use a program that is capable of rewriting the files with random series of binary data multiple times. This process is often called shredding. That way, the actual content of the file has been overwritten and the possibilities to recover such a shredded file are mostly theoretical.


http://linuxsurvival.com/index.php

Title:Linux Training
Description: All,
Check it out if you get a chance, this is a pretty cool Linux training applet that runs in a java enabled browser. You might get a better understanding of Linux.



http://www.cftt.nist.gov/NISTIR_7490.pdf

Title:NISTIR 7490
Description: Digital Forensics at the
National Institute of
Standards and
Technology



http://www.cfreds.nist.gov/

Title:CFReDS Project
Description: NIST is developing Computer Forensic Reference Data Sets (CFReDS) for digital evidence. These reference data sets (CFReDS) provide to an investigator documented sets of simulated digital evidence for examination.



http://www.thesmokinggun.com/archive/years/2009/0318091dog2.html

Title:Affidavit from forensics investigator using FTK Imager
Description: Weird case but the website posted the full affidavit with it -- the investigator used FTK Imager.