“Every Contact Leaves a Trace”: Computers Forensics and Electronic Textuality [PDF] April 2005 13th Annual Computer Security Incident Handling Conference (FIRST) [PDF] 2005 E-CrimeWatch Survey [PDF] 2005 21st Century Forensics: Searching for the 'Smoking Gun' in Computer Hard Drives [PDF] 2003 5 Common Mistakes in Computer Forensics [PDF] January 20045 Ways to FIRE up Your Incident Response and Forensic Environment - Registration Required [Audio, and Slides in PDF] May 2003 5 Ways to FIRE up Your Incident Response and Forensic Environment [Audio and PDF] May 2003 6 on Forensics [PDF] 2002 - 2005A bit of help if you've just been broken into (from archive.org) 2000 A bit of help recovering a deleted file under Unix (from archive.org) 2000 A Brief History of Computer Forensics [PDF Presentation] A Brief Intro to End-to-End Digital Investigation [PDF Presentation] July 2003 A Brief Introduction to Cyber Forensic Analysis [PDF Presentation] July 2003 A Case for Forensics Tools in Cross-Domain Data Transfers [PDF] August 2002 A case study in security incident forensics and response (Part 1) March 2001 A case study in security incident forensics and response (Part 2) [Author: John Desmond] April 2001 A Comprehensive Approach to Digital Incident Investigation [PDF] 2003 A Computer Forensic Methodology for Ireland [Word document] July 2003 A correlation method for establishing provenance of timestamps in digital evidence [PDF] August 2006 A Crash Course in Digital Forensics [PDF Presentation] June 2006 A Critical Evaluation of the Treatment of Deleted Files in Microsoft Windows Operation Systems [PDF] 2005 A cyber forensics ontology: Creating a new approach to studying cyber forensics [PDF] August 2006 A Day of Cyber Investigation [HTML Presentation] April 2000 A Digital Investigation Process Model (Poster) [PDF] 2004 A Forensic Tool Validation of the Coroner's Toolkit's mactime [PDF] 2003 A Formalization of Digital Forensics [PDF] Fall 2004 A Framework for Digital Forensic Science [PP Presentation] August 2004 A Framework of Distributed Agent-based Network Forensics System [PDF Presentation] August 2004 A Graphic Picture of Crime September 2002 A Graphical Representation of File Statistics for Computer Forensics [PDF] 2004 A Guide to Investigation and Prosecuting cases involving Hacking and the Computer Underground [Word doc] April 2004 A Hardware-Based Memory Acquisition Procedure for Digital Investigations [PDF] 2003 A Hierarchical, Objectives-Based Framework for the Digital Investigations Process [PDF] August 2004A Hypothesis-Based Approach to Digital Forensic Investigations [PDF] March 2005 A Lessons Learned Repository for Computer Forensics [PDF] August 2002 A Lessons Learned Repository for Computer Forensics [PP Presentation] August 2002 A Mechanism for Automatic Digital Evidence Collection on High-Interaction Honeypots [PDF & PP Presentations] June 2004 A Method for Forensic Previews March 2005 A New Approaches to Complex Digital Investigations [PP Presentation] December 2004 A Novel Approach to Computer Crime May 2001A Palmtop For The Prosecution October 2002 A Police Officer’s Guide: Seizure, Handling and Storage of Computer Evidence [PDF] A Preliminary Examination of Tool Markings on Flash Memory Cards [PDF] 2004 A Recursive Session Token Protocol For Use in Computer Forensics and TCP Traceback [PDF] 2002 A strategy for testing hardware write block devices [PDF] August 2006 A survey of forensic characterization methods for physical devices [PDF] August 2006 A System for Collection, Storage, and Analysis of Multi-platform Computer System Data November 2003 A Ten Step Process for Forensic Readiness [PDF] Winter 2004 A Triad of Collaboration: Internet-Related Investigative Considerations Prior to the Computer Forensic Application [PDF] November 2004 A Typology of Online Child Pornography Offending [PDF] July 2004 A very high level article aimed at the average computer user. A Web Service for File Fingerprints: The Goods, the Bads, and the Unknowns [PDF] 2003 Academic Search and Seizure: An Update [PDF] October 2005 AccessData Certified Examiner Study Guide [PDF] June 2006

Accessing the System BIOS on Various Computers Accompanying PP Presentation Acquisition & Seizure Procedure [PP Presentation] 2005 Additional materials: Physical Memory Forensics Movies - 15 MB [Zipped]Advanced Antiforensics [txt] August 2005 Advanced Forensic Concepts [Zipped PP Presentation & Handouts] August 2005 Advanced Packet Analysis [PDF Presentation] October 2002 Advances in Data Hiding Effects on Computer Forensics [Zipped PDF] October 2002 Adventures in Computer Forensics [PDF] September 2001 Adversary Modeling to Develop Forensic Observables [PDF] August 2004AFF: A New Format for Storing Hard Drive Iamges [PDF] February 2006 AFIRM (Active Forensic Intelligent Response Method) [PDF]After Conversation - An Forensic ICQ Logfile Extraction Tool [PDF] September 2005 AGEC Issues Paper: Evidence and the Internet [PDF] September 2000 Algorithms to Enable Forensic Analysis of Computer and Network Intrusions [PDF] Spring 2006 All Publications Also available:Alternate Data Streams in Forensic Investigations of File Systems Backups [PDF] May 2006 Alternate Download Site Alternate Link Alternate Link Alternate Link & USB image used during the workshop Ambiguities in US law for investigators [PDF] April 2004 An Advanced Forensics Format: An Open, Extensible Format for Disk Imaging [PDF] March 2006 An Analysis of Disk Carving Techniques [PDF] March 2005 An Analysis of Linux RAM Forensics [PDF] March 2006An Analysis of the Integrity of Palm Images Acquired with PDD [PDF] 2004 An Attorney’s Brief Guide to Dating (Computer File Dating That Is) 2005 (from archive.org) An Automatic System for Collecting Crime Information on the the Internet 2000 An Emerging Challenge For Law Enforcement December 1999 Article contains a list of Computer Evidence Processing Steps. An empirical study of automatic event reconstruction systems [PDF] August 2006 An Evaluation of Image Based Steganography Methods [PDF] Fall 2003 An Event-Based Digital Forensic Investigation Framework [PP Presentation] August 2004 An Examination of Digital Forensic Models [PDF] Fall 2002 An Example of Mobile Forensics [PP Presentation] 2005 An Experiment in Forensics Reveals Attacker's Techniques An Exploration of Future Anti-Forensic Techniques [PDF] 2005 An Extended Model of Cybercrime Investigations [PDF] Summer 2004 An Historical Perspective of Digital Evidence: A Forensic Scientist’s View [PDF] Spring 2002 An Improved Protocol for the Examination of Rogue WWW Sites [PDF] July 2003 An Introduction to Computer Forensics [PDF] April 2006 An Introduction to Computer Forensics: Gathering Evidence in a Computing Environment [PDF] June 2001 An Introduction to Forensic Readiness Planning [PDF Presentation] May 2005 An Introduction to Linux as a Tool for Digital Investigation and Analysis An Introduction to The Coroners Toolkit [PDF] January 2001 An introduction to Windows memory forensic [PDF] July 2005 An Investigation into Computer Forensic Tools [PDF] July 2004 An investigation into the efficiency of forensic erasure tools for hard disk mechanisms [PDF] September 2005 An Investigation of Computer Forensics 2004An Investigator’s Guide to File System Internals (From archive.org) [PDF Presentation] June 2002 An open architecture for digital evidence integration [PDF] May 2006 An Overview and Analysis of PDA Forensic Tools [PDF] April 2005 An Overview of Disk Imaging Tool in Computer Forensics [PDF] September 2001 An Overview of Steganography for the Computer Forensics Examiner July 2004PDF versionfrom Gary Kessler's Homepage

Analysing E-mail Text Authorship for Forensic Purposes [PDF] March 2003 Analysing Privacy-Invasive Software Using Computer Forensic Methods [PDF] January 2006 Analysis of a Compromised Honeypot Analysis of Computer Forensics [PDF] March 2002 Analysis of hidden data in NTFS file system [PDF] March 2006 Analysis of the ATA Protected Area [PDF] July 2003 Analytic & Forensics Technologies [PDF Presentation] June 2006 Analyze all available information to characterize an intrusion. Analyze This! Network forensics analysis tools (NFATs) reveal insecurities, turn sysadmins into systems detectives. Analyzing a computer intrusion takes significantly more time than it takes the perpetrator to commit the crime. The more prepared an organization is for an incident, the faster it can respond. Analyzing Exchange and mbox e-mail files using Free and Open Source Software December 2005 Analyzing Log Files November 1998 Analyzing the Difficulties in Backtracking the Onion Router's Traffic [PDF] And You Thought DELETE Meant DELETE! September 2000Animated Hard Drive Recovery & Physical Rebuilds [Flash Presentation] August 2006 Anti Forensics [PP Presentation] June 2004 Anti-Forensics [PDF Presentation] April 2006 Anti-Forensics [PP Presentation] September 2005 Antiforensics: The Looming Arms Race May 2003 Antiforensics: Trends and Emerging Technology [PDF Presentation] November 2003 Anti-Hacker Toolkit Application Of Formal Methods To Root Cause Analysis of Digital Incidents [PDF] Summer 2004 Applying Advanced Technology to Digital Evidence [PDF] 2003 Apprehending The Computer Hacker: The Collection and Use of Evidence Architectural Innovations for Enterprise Forensics [PDF] November 2003 Arriving at an anti-forensics consensus: Examining how to define and control the anti-forensics problem [PDF] August 2006 Article I - Preliminary Matters Article II - Challenges and Sanctions Article III- Preserving Evidence Article IV - Obtaining Evidence: Interception & Surveillance Article IX - Processing and Analyzing Evidence Article V - Undercover Operations and Informants Article VI - Obtaining Evidence: Production Orders Article VII - Obtaining Evidence: Search and Seizure Article VIII - Post-Collection Procedures Article X - Reimbursement and Return of Property Article XI - Using Evidence Audit trails are vital for post-compromise investigations November 2002 Audit Trails in Evidence: Analysis of A Queensland Case Study [RTF document] December 2003 Auditing and Event Correlation [PDF] Auditing Cisco Routers [PDF Presentation] 2004 Auditing Cyber Crime [Zipped PDF Presentation] March 2005 Auditing Tools for Use in Forensic Investigations [PDF Presentation] February 2005 Australian Computer Crime and Security Survey [PDF] May 2005 Authenticating Evidence of Internet Chat Room Logs Recovered From A Hard Drive Authorship Analysis in Cybercrime Investigation [PP Presentation] 2003 Automated Analysis for Computer Forensics [PDF Presentation] Automated Analysis for Digital Forensic Science [PDF] 2002 Automated Analysis for Digital Forensic Science: Semantic Integrity Checking [PDF] December 2003 Automated diagnosis for computer forensics [PDF] August 2001 Automated Digital Evidence Target Definition Using Outlier Analysis and Existing Evidence [PDF] August 2005 Automated Log Processing [PDF] December 2002 Automated Reassembly of Document Fragments via Context Based Statistical Models [PDF] December 2003 Automated Reassembly of Fragmented Images [PDF] 2003

Automatically Creating Realistic Targets for Digital Forensic Investigation [PDF Presentation] August 2005 Automatically Creating Realistic Targets for Digital Forensic Investigation [PDF] August 2005 Automating Case Reports for the Analysis of Digital Evidence [Abstract & PDF] September 2005 Automating Forensics (Honeynets and Digital Forensics) [PP Presentation] August 2004 Autopsy [PDF] January 2005 Computer Forensics Using Knoppix STD tool Autopsy Autopsy and Sleuthkit, the Digital Forensics Toolkit - The Tracker Dog’s Guide [PDF] November 2003 Autopsy of a successful intrusion (well, two actually) October 2002 Backtracking Intrusions [PDF] October 2003 Backtracking Intrusions [PP Presentation] October 2003 Banking Scam Revealed November 2003 Basic Computer Forensic Concept [PDF Presentation] January 2005 Basic Computer Forensic for the Private Investigator [PP Presentation] Basic Considerations in Investigating Computer Crime, Executing Computer Search Warrants and Seizing High Technology Equipment [PDF] March 1999 Basic Media Analysis & The Sleuth Kit / Autopsy [PDF Presentation] 2004 Basic Steps in Forensic Analysis of Unix Systems Basic Windows Intrusion Detection and Forensics September 2003 Basics of Computer Forensics [PP Presentation] November 2003 Bates Numbering - What’s in a number anyway? [PDF] July 2002 BCS Comments on Proposals for Registration of Digital Evidence Specialists January 2004 Be Prepared for Computer Forensics February 2002 Becoming a Forensic Investigator [PDF] August 2004 Begin a forensics investigation with WinHex December 2004 Beginners Guide to Linux Forensics [PDF] June 2005 Behavior Profiling of Email [PP Presentation] 2003 Best method of preserving volatile evidence in RAM Best Methods for Forensic Investigators when Encountering Windows Encrypted Content [PDF Presentation] November 2003 Best Practices for Computer Forensics [PDF] July 2006 Best Practices for Handling of Electronic Evidence [PDF Presentation] September 2003 Best Practices For Seizing Electronic Evidence version 1.0 June 2000 Best Practices For Seizing Electronic Evidence version 2.0 [PDF] Best Practices: Collecting Computer Forensic Evidence January 2004 Beware: Computer Evidence Quicksand February 2001 Beyond Data about Data: The Litigator's Guide to Metadata [PDF] 2005 Beyond the Usual Suspects - Finding Data in Secret Spots November 2002 Biatchux: A New Tool for Incident Response [PDF] April 2002 Biometrics and Digital Evidence [PDF] Blackhat Asia [PDF Presentation] 2003Blackhat Europe [PDF Presentation] 2004Bleeding-Edge Anti-Forensics [PP Presentation] April 2006 Bluepipe: A Scalable Architecture for On-the-Spot Digital Forensics [PDF] Summer 2004 Bootable CD-Rom Linux Security Toolkits [PDF Presentation] September 2003 Bootable Linux Demo Distro - Knoppix Thread started August 2002 Botnets as a Vehicle for Online Crime [PDF] December 2005 Breaking the Performance Wall: The Case for Distributed Digital Forensics [PDF] August 2004Bridging the Divide: Rising Awareness of Forensic Issues amongst Systems Administrators [PDF] Abstract 2002 Bridging the Divide:Rising Awareness of Forensic Issues amongst Systems Administrators [Presentation in Adobe Acrobat] 2002 Bring Out Your Dead January 2001 Bringing the Cyber-Criminal to Justice: An Essay for the Technologically Impaired 1997 Bucking Conventional Forensics Wisdom April 2002 Building a Business Case for Computer Forensics [PDF] Building a Computer for Forensics [Word doc] Building a Computer Forensics Education Program [PDF Presentation] April 2004 Building a Computer Forensics Laboratory [PDF] Building a Forensic PC [PDF Presentation] November 2005

Building a Jump Kit [From archive.org] January 2002Building a Linux-Based Computer Forensics Lab [PDF Presentation] January 2004 (from archive.org) Building a Low Cost Forensics Workstation [PDF] April 2003 Building a Super Kernel for Data Forensics [PDF] March 2002 Building Evidence Graphs for Network Forensics Analysis [PDF] December 2005 Building FBI computer forensics capacity: one lab at a time [PDF] August 2004 Burglar Alarms for Detecting Intrusions [PDF] 2000 Business Drivers for Creating an Incident Response Process and Conducting Digital Forensics Investigations [PDF] July 2005 Byteprints: A Tool to Gather Digital Evidence [PDF] February 2005 Calling the CyberCops: Law Enforcement and Incident Handling April 2000 Can Computer Investigations Survive Windows XP? [PDF] December 2001 Can digital detectives undo paper shredding? [PDF] Can Digital Evidence Endure the Test of Time? [PDF] August 2002Can You Survive a Cybercrime? Carvdawg's Perl PageCase Forms [PDF] Case Studies [PDF] August 2005 Case Studies in Implementing Packet-Level Analysis-based Security Solutions [PDF Presentation] October 2002 Case Study of Insider Sabotage: The Tim Lloyd/Omega Case [PDF]Case Study: Using Security Audits as an adjunct to Computer Forensics [PDF Presentation] 2004 Case-Relevance Information Investigation: Binding Computer Intelligence to the Current Computer Forensic Framework [PDF] May 2005 Cases Involving Encryption in Crime and Terrorism May 1997 Catch Me If You Can: Exploiting Encase, Microsoft, Computer Associates, and the rest of the bunch... [PDF Presentation] July 2005CATCH Project Description [PDF] Catching Intruders with SNARE [Honeypot] [PDF Presentation] April 2003 Categories of digital investigation analysis techniques based on the computer history model [PDF] August 2006 Caught in the 'Net' - How Law Enforcement Uses Computer Forensics in Modern Investigations March 2003 Cell Phone Forensic Tools: An Overview and Analysis [PDF] October 2005 Cell Phone Forensics [PDF] February 2006 CERT Training and Education Challenges for Law Enforcement in Forensics [PDF Presentation] February 2005 Challenges in Forensic Computing December 2005 Challenges of Forensic Investigations Under Corporate Environment [PDF Presentation] June 2006 Challenges Posed by Digital Evidence [PDF] October 2004 Challenges to Digital Forensic Evidence [PDF Presentation] February 2006 Chapter 1 - Digital Evidence and Computer Crime [PDF] 2004 Chapter 1 [PDF] Insiders and Outsiders: Examples from the FBI files Chapter 1: Computer Forensics and Incident Response Essentials [PDF] Chapter 1: Computer Hardware [PDF] March 2006 Chapter 1: The Need for Computer Forensics [PDF] November 2004 Chapter 1: Windows Live Response [PDF] August 2005 Select 'Sample Chapter'Alternate Link Chapter 10: [PDF] Computer System Storage Fundamentals Chapter 11 [PDF] Initial Response to Unix Systems Chapter 11. Incident Response Chapter 11: Honeypot Data Analysis [PDF] June 2005Chapter 16 - Digital Evidence on Physical and Data-Link Layers [PDF] 2004 Chapter 2: [PDF] Introduction to the Incident Response Process Chapter 2: The Players - Hackers, Crackers, Phreaks, and Other Doodz [PDF] 2004 Chapter 3 The Liturgical Forensic Examination: Tracing Activity on a Windows-Based Desktop[PDF] Chapter 3: If He Had Just Paid the Rent [PDF] August 2004Alternate Link Chapter 6 - Modes of Data Insertion and Acquistion [PDF] 2002 Chapter 6 Learning Network Protocols and Performing a Trap and Trace Chapter 7: The Persistence of Deleted File Information [PDF] December 2004 Chapter 7: Understanding Cybercrime Prevention [PDF]

Chapter 8 from electronic booklet"Dealing with White Collar Crime" Chapter 8: Using the Forensic Server Project [PDF] July 2004Chasing Headers - Tracking the Origin of Email Through Header Data [Presentation in PDF] August 2003 Checking Microsoft Windows® Systems for Signs of Compromise [PDF] October 2004 Child Abuse, Child Pornography and the Internet [PDF] December 2003 Child Pornography and the Net [PDF] 1999 Choosing Hardware for a Computer Forensics Lab [PDF] March 2006 CIO Cyberthreat Response & Reporting Guidelines [PDF] CIOIM Supplement: Digital Officer Safety [PDF] Cisco Router Forensics [PP Presentation] July 2002 Cisco Router Forensics Checklist [Zipped file] July 2002 Clean Delete [PDF Presentation] April 2006 Client-side Exploits: Forensic Analysis of a Compromised Laptop [PDF] June 2004 Collecting And Preserving Electronic Media [PDF] 2004 Collecting and Preserving Evidence after a System Compromise [PP Presentation] 2000 Collecting Digital Evidence from Intrusion Detection Systems [PP Presentation] Spring 2002 Collecting Electronic Evidence After a System Compromise April 2001 Collecting Evidence from a Running Computer: A Technical and Legal Primer for the Justice Community [PDF] August 2006 Collecting Evidence from Providers [PDF] August 2002 Collecting Forensic Evidence [PDF Presentation] June 2004 Collecting Forensic Evidence [PDF Presentation] May 2005 Collection and Control of Electronic Evidence [PDF] 2000 Combating Computer Crime [PDF] September 2001 Combating High-Tech Crime in California: The Task Force Approach [PDF] June 1997 Combating Online Software Piracy in an Era of Peer-to-Peer File Sharing [PDF] August 2004 Combining Cisco NetFlow Exports with Relational Database Technology for Usage Statistics, Intrusion Detection, and Network Forensics 2000 Compelling Production of Hard Drives [PDF] Spring 2006 Complete Delete and other Patterns for Information Eradication [PDF Presentation] October 2005 Compliance and Computer Forensics [PDF] September 2005 Compliance, Response, and the Technology that Drives Them [PDF Presentation] October 2004 Computer & Insider Crime: Problems & Solutions [PP Presentation] February 2004 Computer & Network Forensics [PDF Presentation] August 2005Computer & Network Forensics [PP Presentation] 2002 Computer & Network Forensics; Best Practices and Lessons Learned [PP Presentation] Computer and Network Forensics (CNF) Project Homepage Computer and Network Forensics as an Integral Component of the Information Security Enterprise [PP Presentation] 2003 Computer and Network Investigations [PP Presentation] September 2005Computer Based Forensics - A Case Study - U.S. Support to the U.N. [PDF Presentation] November 1996 Computer Cop Prophile Computer Crime & the Use of Computers in CrimeComputer Crime and Computer Fraud [PDF] Fall 2004Computer Crime and Forensics [PP Presentation] February 2003 Computer Crime Investigation & Computer Forensics [PDF] Computer Crime Investigation and Computer ForensicsComputer Crime Investigations: A Lo-Tech Practical Approach [HTML and PP Presentation versions] October 2000 Computer Crime Investigator's Toolkit January 2001 Parts I, II, III and IV Computer Crime Manual (excerpt) [PDF] January 2005 Computer Crime Point-of-Contact (CCPC) list A list of people responsible for investigating and prosecuting cybercrime in their particular jurisdictions, and who can provide assistance to law officers seeking electronic evidence stored outside their states. Computer Crime, Response and Investigation [PP Presentation] 2002 Computer Crimes and Digital Evidence [PP Presentation] 2002 (from archive.org) Computer Discovery and Risk Control: What’s Lurking on Your Computer System? (Pages 10 - 18) [PDF] 2001 Computer Evidence - Collection and Preservation and Submission [PDF Presentation] October 2005 Computer Evidence [PDF] December 2001 Computer Evidence Comes Of Age

Computer Evidence May 2001 Computer Evidence Processing Computer Evidence Processing Step 1 -- Seizure of the Computer Computer Evidence Processing Steps Computer Forensic - A Technological Perspective [PDF] March 2002 Computer Forensic Guidance [PDF] Computer Forensic Investigation for XYZ Company [PDF] July 2005 Computer Forensic Investigation Standard Operating Plan [PDF] September 2005 Computer Forensic Investigations [Presentation in PDF] 2002 Computer Forensic Legal Standards and Equipment [PDF] December 2001 Computer Forensic Resources Computer Forensic Science: A Methodology [Word Document] 2001 Computer Forensic Software in a Corporate Environment [PDF] June 2003 Computer Forensic Text Analysis with Open Source Software [PDF] June 2003 Computer Forensic Tool Testing at NISTComputer Forensic Tools [PP Presentation] June 2004 Computer Forensics Computer Forensics - (What You Don’t Know Can Hurt You!) [PDF Presentation] June 2003 Computer Forensics - A digital approach to Investigating Computer Crime [PDF Presentation] 2004 Computer Forensics – An Introduction [PP Presentation] December 2002 Computer Forensics - An Overview [PDF] February 2001 Computer Forensics - As part of a security incident response plan [PDF Presentation] June 2005 Computer Forensics - Detecting the Imprint [PDF] August 2002 Computer Forensics - Digging with a Digital Shovel [PDF] April 2005Computer Forensics - Digging with the Digital Shovel [PP Presentation] 2006 Computer Forensics - Electronic EvidenceComputer Forensics - Handling an Incident [PDF Presentation] June 2005 Computer Forensics – Hiding in Plain Sight [PDF Presentation] November 2005 Computer Forensics - Integrating Technical and Procedural Tasks [PDF Presentation] November 2003 Computer Forensics - Problems and Solutions [PDF Presentation] Computer Forensics - The FAQs, the Do’s and the Don’ts [HTML-framed Presentation] Computer Forensics - The Legal Side of Incident Response [PP Presentation] April 2004 Computer Forensics - The Need for Diverse Tools [PP Presentation] March 2004 Computer Forensics – We’ve Had an Incident, Who Do We Get to Investigate? [PDF] March 2002 Computer Forensics "Top 10 List" - Things to Avoid [PDF Presentation] Computer Forensics & Electronic Discovery [PDF Presentation] Computer Forensics & Electronic Evidence [PP Presentation] September 2005 Computer Forensics & Ethical Hacking [PP Presentation] February 2004 Computer Forensics (presentation slides and notes) October 2000 Computer Forensics [and Divorce] [Word document] 2002 Computer Forensics [PDF Presentation] Computer Forensics [PDF Presentation] 2003 Computer Forensics [PDF Presentation] August 2003 Computer Forensics [PDF Presentation] February 2005Computer Forensics [PDF Presentation] June 2003 Computer Forensics [PDF Presentation] May 2005 Computer Forensics [PDF Presentation] November 2002 Computer Forensics [PDF Presentation] November 2005 Computer Forensics [PDF] April 2002 Computer Forensics [PDF] December 2001 Computer Forensics [PDF] January 2001 Computer Forensics [PDF] January 2005 Computer Forensics [PDF] March 2002 Computer Forensics [PDF] May 2001

Computer Forensics [PDF] November 2002 Computer Forensics [PP Presentation] Computer Forensics [PP Presentation] 2002 Computer Forensics [PP Presentation] August 2000 Computer Forensics [PP Presentation] June 2002 Computer Forensics [PP Presentation] June 2005 Computer Forensics [PP Presentation] May 2005 Computer Forensics [PP Presentation] September 2001 Computer Forensics [PP Presentation] September 2003 Computer Forensics [Zipped PDF] September 2002 Computer Forensics 101 & Incident Response [PDF] October 2003 Computer Forensics 101 [PDF Presentation] 1999 Computer Forensics 101 [PDF Presentation] 2000 Computer Forensics 101 [PDF Presentation] 2001 Computer Forensics 101 [PDF Presentation] 2002 Computer Forensics 101 [PP Presentation] April 2004 Computer Forensics 101 [PP Presentation] May 2004 Computer Forensics Analysis Computer Forensics Analysis Class Handouts August 1999 Computer Forensics Analysis October 2000 A step-by-step analysis of a compromised Unix box, detailing commands and switches. Computer Forensics and Cyber Investigations [PDF Presentation] 2004 Computer Forensics and Electronic Discovery [PDF Presentation] August 2006 Computer Forensics and Electronic Evidence--Reconstructing What Happened [PP Presentation] April 2005 Computer Forensics and First Response [PDF Presentation] April 2005 Computer Forensics and Privacy Computer Forensics and the Arrest of BTK [PDF Presentation] November 2005 Computer Forensics and the ATA Interface [PDF] February 2005 Computer Forensics and the Law of Evidence (Hong Kong) [PP Presentation] May 2003 Computer Forensics Applied to Windows NTFS Computers [PDF] April 2005 Computer Forensics article (No title given) September 1997 Computer Forensics article September 1997 Computer Forensics as a Tool for Criminal Investigation [PDF Presentation] March 2004 Computer Forensics as an Integral Component of the Information Security Enterprise [PDF] Computer Forensics Course Development [PP Presentation] April 2005 Computer Forensics Course Syllabus Computer Forensics Education [PDF] July/August 2003 Computer Forensics for a Computer-based Assessment: The Preparation Phase [Abstract & PDF] June/July 2005 Computer Forensics for Attorneys [Presentation] Computer Forensics for ISPs (20MB PDF file) [PDF Presentation] 2004Computer Forensics For Law Enforcement [PDF] June 2006 Computer Forensics for Lawyers Who Can’t Set the Clock on their VCR Computer Forensics for Litigation Support [PDF Presentation] May 2005 Computer Forensics for Non profits [PDF Presentation] May 2006 Computer Forensics Gear August 2001 Computer Forensics Glossary [PDF] Computer Forensics in a LAN Environment [PDF] 1999 Computer Forensics in Litigation [PP Presentation] December 2005 Computer Forensics in Private Industry [PDF Presentation] November 2005 Computer Forensics in the 21st Century [PDF Presentation] June 2006 Computer Forensics in the Academic Environment [PDF Presentation] October 2004 Computer Forensics in the Campus Environment [PP Presentation] October 2005 Computer Forensics in the Classroom [PPT Presentation] 2006Computer Forensics in the Global Enterprise [PDF] 2003 Computer Forensics in the Inspector General Environment [PDF Presentation

Computer Forensics in Virginia [PDF Presentation] September 2004 Computer Forensics JumpStart (Sample Chapter)Computer Forensics Lab Investigation Report [Word doc] 2005 Computer Forensics Laboratory and Tools [PDF] June 2005 (Requires registration) Computer Forensics Manual Computer Forensics Methodologies [PDF Presentation] May 2005 Computer Forensics Methodologies for Fraud Investigations [PP Presentation] October 2005 Computer Forensics October 2002 Computer Forensics Part 1: An Introduction to Computer Forensics [PDF] April 2004 Computer Forensics Part 2: Best Practices [PDF] May 2004 Computer Forensics Primer [PDF Presentation] November 2003 Computer Forensics Procedures and Methods [PDF] 2005 Computer Forensics Processing Checklist [PDF] Computer Forensics Reveals a Whole New Universe of Discoverable Information October 2001 Computer Forensics Search & Seizure: Challenges in Academe [PDF] February 2005 Computer Forensics Search and Seizure: Challenges in the Academe -An Update [PDF Presentation] October 2005 Computer Forensics Security Presentation [PP Presentation] November 2003 Computer forensics software, an introduction September 2004 Computer forensics tips help you monitor investigations September 2002 Computer Forensics, Investigations and SecurityComputer Forensics: A Critical Need for Computer Science Programs (Requires purchase) [PDF] 2005 Computer Forensics: A Critical Process in Your Incident Response Plan [PP Presentation] July 2001 Computer Forensics: an approach to evidence in cyberspace [PDF] Computer Forensics: An Emerging Practice in the Battle Against Cyber Crime [PDF] May 2003 Computer Forensics: an introduction 1997 Computer Forensics: An Issue of Definitions [PDF] 2003 Computer Forensics: Are Your Computers Free from Attacks and Problems? July 2005 Computer Forensics: Beyond the Buzzword [PDF] August 2002 Computer Forensics: Chain of Evidence Collection Tools Does Matter (page 3) [PDF] August 2005 Computer Forensics: Evidence Handling & Management [PDF - from Archive.org] September 2002 Computer Forensics: Forensic Data Diving Using the Linux Operating System [PDF] July 2001 Computer Forensics: How to be a Cybercrime Detective [PDF Presentation] 2003 Computer Forensics: Incident Response Essentials 2001Computer Forensics: Introduction to Incident Response and Investigation of Windows NT/2000 [PDF] December 2001 Computer Forensics: Meeting the Challenges of Scientific Evidence [PDF] December 2004 Computer Forensics: Overview [PDF Presentation] 2003 Computer Forensics: The Investigator's Perspective [PP Presentation] September 2000 Computer Forensics: The Issues and Current Books in the Field January 2002 Computer Forensics: The Key to Solving the Crime [PDF] October 2001 Computer Forensics: The Need for Standardization and Certification [PDF] Fall 2004 Computer Forensics: Toward Creating a Certfication Framework [PDF or PS] May 2005 Computer Forensics: Tracking the Cyber Vandals [PDF] October 2002 Computer Forensics: Training and Education [PDF] Computer Forensics: What is Metadata, Why is it Significant, and How do you Deal with it? [PDF] September 2004 Computer Forensics; Collection, Analysis and Case Management using ProDiscover [Presentation in PDF] 2003 Computer Forensics; What You Need to Know [PDF Presentation] October 2004 Computer Incident Investigations: e-forensic Insights on Evidence Acquisition [PDF] May 2004 Computer Incident Response and Computer Forensics Overview [PDF] March 2001 Computer Intrusion Investigation Guidelines January 2001 Computer Investigations Computer Investigations in the UC System [PDF] February 2005 Computer Misuse Act of 1990 cases (with links to related articles) Computer Search and Seizure Guidelines [PDF] Fall 2000 Computer Searches Computer Searches and Seizures: Some Unresolved Issues March 2002

Computer Security Incident Response Guide December 2001 Computer Security Incident Response Planning [PDF] May 2001 Computer Security Incident Response Procedures: Do You Need One? You Bet You Do! [PDF] January 2005 Computer Sleuth - Beating down the evidence trail with computer forensics [PDF] April 2003 Computer Under the Microscope Images Computer-Based Discovery and Risk Control [PDF Presentation] May 2004 Computer-Forensic Privacy Tools: A Forensic Evaluation [PDF] June 2005 Computer-Mediated Communications and Criminal Evidence [PDF] March 1999 Computer-Related Crime Impact: Measuring the Incidence and Cost [PDF] December 2003 Computers are like Filing Cabinets… Using Analogy to Explain Computer Forensics 2002 Computers Forensics [PP Presentation] June 2002 Computers hinder paper shredders February 2002 Computing forensics: a live analysis [PDF Presentation] April 2005 Conducting an Incident Post Mortem [PP Presentation] November 2003 Conducting Incident Post Mortems [PDF] April 2003 Conducting Investigations in Today's Electronic World [PDF Presentation] August 2005 Conference Proceedings: 1999 - 2002 Contacting Host Owners 2004 Content-Based Image Retrieval for Digital Forensics [PDF] February 2005 Cookie Dethroning.::DEMYSTIFIED Part A [PDF] October 2005 Cookie Dethroning.::DEMYSTIFIED Part B [PDF] October 2005 Cops Are from Mars, Sysadmins Are from Pluto: Dealing with Law Enforcement [PDF] Copy, Paste and Reveal [PDF] February 2006 Coroner's Toolkit: An Introduction [PP Presentation] Corporate Forensics Toolkit [PP Presentation] April 2004 Correlating Evidence [PP Presentation] August 2000 Correlating Log File Entries [PDF] November 2000 Correlation of complex evidences and link discovery [PDF] January 2003 Covert Channel Forensics on the Internet: Issues, Approaches, and Experiences [PDF] February 2006 Covert Channels: A Never Ending Challenge for Forensic Examiners [PDF Presentation] November 2003 Cracking the Cracking April 2002 Cracking Windows 2000 And XP Passwords With Only Physical Access [Word doc] Craiger's Cyberforensic Commandline Cheatsheet (C4) [PDF] 2005 Creating a Cell Phone Investigation Toolkit: Basic Hardware and Software Specifications [PDF] August 2006 Creating a Computer System Incident Response Team [PP Presentation] July 2001 (from archive.org) Creating a Forensic Computer System: Basic Hardware and Software Specifications [PDF] August 2006 Creating A Forensic Computer System: Basic Hardware and Software Specifications [PDF] Updated July 2004 Creating an Incident Response Team [PP Presentation] April 2003 Creating Hash Sets Manually [PDF] Criminal Computer Intrusion Unit [PDF Presentation] August 2005 Criminal Forensic Investigations Use of Supportive Presentation Tools In a Successful Investigation [PDF] May 2004 Criminal forfeiture and restriction-of-use orders in sentencing high tech offenders October 2004 Criminal Investigations in an Automated Environment [PDF] 1997 Cross-Drive Analysis and Forensics [PDF] November 2005 Cross-examination of the Computer Forensic Expert Cross-Examination of the Computer Forensics Expert [PDF] 2004Cryptography and Evidence [PDF] CSI For The Home PC [PDF] 2004 CSI/FBI Computer Crime and Security Survey [PDF] 2005 CSI: Cyberspace Investigations, Evidence, And Forensics in the Digital World [PP Presentation] September 2005 CTOSE Project Results [PDF] October 2003 Cyber Attack Investigative Tools and Techniques [PP Presentation] May 2003 Cyber Crime and Cyber Terrorism [PDF] April 2002 Cyber Crime and E Cyber Crime and E-commerce [PDF] Discusses DESK : Digital Evidence Search Kit

Cyber Crime and the Courts - Investigation and Supervising the Information Age Offender [PDF] September 2001 Cyber crime and the Law; Where the Net meets the Node [HTML and PP Presentation] March 2000 Cyber Crime Evidence (Computers) Cyber Crime: Labs and Investigations [PDF Presentation] 2003 (from archive.org) Cyber Crime: The Next Challenge An Overview of the Challenges Faced by Law Enforcement While Investigating Computer Crimes in the Year 2000 and Beyond [PDF] 2000 Cyber Crime: Theft of a Trade Secret [PDF Presentation] February 2004Cyber Crimes & Cyber Forensics [PP Presentation] September 2005 Cyber Crimes [PP Presentation] May 2006 Cyber detectives: Collecting evidence for web crimes [PP Presentation] July 2002 (from archive.org) Cyber Evidence Collection..a Major Challenge to Law Enforcement in India January 2003 Cyber Forensics - Challenges and Tools [PP Presentation] 2005 Cyber Forensics - Challenges, Techniques and Tools [PP Presentation] 2005 Cyber Forensics - Intermediate Topics [PDF Presentation] August 2006 Cyber Forensics - The Basics [PDF Presentation] August 2006 Cyber Forensics - Windows Remnants [PDF Presentation] August 2006 Cyber Forensics [PP Presentation] February 2005 Cyber Forensics and C-DAC’s Forensic Tools [Word doc] 2005 Cyber Forensics Tools [PP Presentation] 2005 Cyber Forensics: A Field Manual for Collecting, Examining, and Preserving Evidence of Computer Crimes.Table of contents and introduction [PDF] Cyber Forensics: A Military Operations Perspective [PDF] Summer 2002 Cyber Forensics: Are We There Yet? [PP Presentation] 2004 Cyber Forensics: Find Out What You Are Missing [PP Presentation] February 2005 Cyber Investigations [PP Presentation] October 2005 Cyber Security - the Laws that Protect your Systems and Govern Incident Response [PP Presentation] April 2003 Cyber Security Incident Response/Forensic Awareness for Managers [PP Presentation] 2003 Cyber Security Incident Response/Forensic Awareness for System Administrators [PP Presentation] 2003 Cyber Security Incident Response/Forensic Awareness for Users [PP Presentation] 2003 Cyber Security Tips New tips added regularly Cyberclues - Making the Case for Using Computer Evidence September 2002 Cybercop April 2002 Cybercrime – Challenges to Enforcement of IPR [Word Document] (from archive.org) 'Cyber-Crime & Digital Evidence' Seminar Materials [Several PDFs] November 2005 CyberCrime [HTML-framed Presentation] September 2001 Cybercrime and Computer Forensics [PDF Presentation] November 2005 Cybercrime and Computer Related Forensic Investigations [PP Presentation] Cybercrime at Packet-Level Part 1 [PDF Presentation] October 2002 Cybercrime at Packet-Level Part 2 [PDF Presentation] October 2002 Cybercrime forensics [Zipped PS] 2003 Cybercrime in Canada [PDF Presentation] February 2005 Cybercrime in New Network Ecosystem: Vulnerabilities and New Forensic Capabilities [PDF] March 2004 Cybercrime: Incident Response and Digital ForensicsCybercrime: Supporting Cyber Sleuths July 2001 Cybercrime: The Internet as a Crime Scene Cyber-Criminals and Data Sanitization: A Role for Forensic Accountants [PDF] Summer 2005 Cyber-Investigation on Cyber-Crime [PDF Presentation] July 2001 Cybersleuthing for People Who Can't Set the Clock on Their VCR [PDF] 2003 Cybersleuthing solves the case January 2002 Cybersleuthing: A Guide to the Essentials of Computer Discovery [PDF Presentation] April 2005 Cyberspace Detectives Employ Intrusion Detection Systems and Forensics Cyberstalking Investigation and Prevention Data Archiving [PDF] April 2006 Data Capture..key challenge in Cyber Evidence Management January 2003 Data Disposal - Gone for Good [PDF Presentation] 2006 Data Disposal - Gone for Good [PDF Presentation] Fall 2005

Data Evidence Findings [PDF] April 2006 Data Forensics - The smoking gun may be a click away September 2004 Data Forensics [PDF] October 2003 Data Forensics for Legal Professionals [PP Presentation] March 2006 Data Forensics: "Analyzing the Tracks of an Intruder" or "Analyzing Administrative Responses to Log Anomolies" [PDF Presentation] Data Forensics: In Search of the Smoking Gun March 2005 Data Forensics:. A Case for Routine Implementation [PDF Presentation] June 2005 Data Hiding and Recovery [PDF] April 2003 Data Hiding in Journaling File Systems [PDF] August 2005 Data Hiding on a Live System [PP Presentation] January 2004 Data Hiding Tactics for Windows and Unix File Systems May 2006 Data Integrity Within Computer Forensics [PDF] April 2006 Data Loss Causes Data Mining Email April 2004 Data Mining Used Hard Drives - Thread started January 2003 Data Recovery [PP Presentation] May 2003 Data Recovery Software Tools: Today and the Future [PDF Presentation] September 2005 Data Reduction - Refining the Sieve [PDF] February 1996 Data Reduction For Streamlining E-Discovery [PDF Presentation] July 2004 Data Remanence in Semiconductor Devices August 2001Data Validation Using The Md5 Hash Database Forensics [PDF] April 2002 Database Record Extraction Date, Time, and Time Zone Examination [PDF] April 2003 Day 3 : Computer Forensics I (On-line inspection) Day 4 : Computer Forensics II (Off-line inspection) DD and Computer Forensics - Deuce April 2001DD and Computer Forensics August 2000Decoy Systems: A New Player in Network Security and Computer Incident Response [PDF] Winter 2004 Defeating Forensic Analysis [PDF Presentation] May 2006 Defeating Forensic Analysis on Unix July 2002 Defeating Live Forensics in the Windows Kernel [PP Presentation] June 2006 Defend I.T.: Security by ExampleChapter 15 - Executive Fraud (Select Sample Chapter) [PDF] May 2004Defending Against Misuse of Forensic Analysis Tools on Windows Systems [PDF] January 2004 Defending Cyber-Crime [PP Presentation] (from archive.org) Defensive Battle Stations In Network-Centric Warfare: Rapid-Response Cyber Forensics [PP Presentation] October 2003 Defining Digital Forensic Examination & Analysis [PP Presentation] Defining Digital Forensic Examination and Analysis Tools [PDF] August 2002 Defining Event Reconstruction of Digital Crime Scenes [PDF] November 2004 Deleted files can be recovered 2006 Deleting Sensitive Information: Why Hitting Delete Isn’t Enough [PDF] March 2002 DERBI: Diagnosis, Explanation and Recovery from Computer Break-ins [PDF] January 2001 Design and Development of a Distance Education Paradigm for Training Computer Forensic Examiners December 1999 (from archive.org) Design and Implementation of a Remote Forensics System [PDF] May 2005 Design and Implementation of Zeitline: a Forensic Timeline Editor [PDF] August 2005 Design of a Digital Forensics Image Mining System [PDF] October 2005 Design of a Network-Access Audit Log for Security Monitoring and Forensic Investigation [PDF] November 2003 Designing a Computer Forensics Course for an Information Assurance Track [PDF] June 2004 Designing and Implementing a Computer Forensics Curriculum and Exercises [PDF Presentation] September 2005Destroying Data ... is it possible April 2006 Detecting & Collecting Whole Disk Encryption Media [PDF Presentation] June 2005 Detecting and Removing Trojans and Malicious Code from Win2K September 2002 Detecting false captioning using common-sense reasoning [PDF] August 2006 Detection and Investigation of Compromised Hosts on Campus Networks [PDF Presentation] April 2006

Developing a Computer Forensics Team [PDF] July 2001 Developing a Framework for Evaluating Computer Forensic Tools [PDF] March 2003 Developing a Response Plan for Computer Forensics February 2002 Developing Computer Forensics Solutions for Terabyte Investigations [PDF Presentation] January 2005 Developing Corporate Policies in Support of Computer Forensics [PDF] July 2003 Development of a zero skills forensic laptop registration and identification tool [PDF] July 2005 Dialing for Evidence [PDF] Jan/Feb 2006 Digging for computer dirt April 2002 Digging Into Unlawful Email Messages [PP Presentation] September 2005 Digital "Evidence" May Not Be "Evidence" At All [PDF - Scroll down] February 2004 Digital Anti-Forensics: Emerging trends in data transformation techniques [PDF] May 2005 Digital Anti-Forensics: Real World Identification, Analysis & Prevention [PDF Presentation] July 2005 Digital Audit Trails and Their Importance in Computer Crime Investigations [PDF Presentation w/ notes] June 2003 Digital Data in the Enterprise: Do You Have it Under Control? [PDF Presentation] May 2006 Digital Discovery with Linux Bootable CDs [PDF Presentation] 2005 Digital Discovery: It’s more than email [Zipped PDF Presentation] Digital Evidence & Computer Forensics [PDF Presentation] November 2004 Digital Evidence [PP Presentation] 2004 Digital Evidence Acceditation Winter 2004 Digital Evidence Acceditation: Part 2 February/March 2005 Digital Evidence and Computer Crime (Sample Chapters) Digital Evidence Collection and Handling Digital Evidence Collection Worksheet [RTF document] Digital Evidence Impact on Investigations and Audits [PP Presentation] December 2003 Digital Evidence in Internet Time [PP Presentation] (from archive.org) Digital Evidence in Internet Time [Word Document] (from archive.org) Digital evidence obfuscation: recovery techniques [PDF] 2005 Digital Evidence Standards [PP Presentation] November 1999 Digital Evidence: Emerging Problems in Forensic Computing [PDF Presentation] Digital Evidence: Emerging Problems in Forensic Computing [PP Presentation] May 2002 Digital Evidence: Standards and Principles April 2000 Digital Evidence: The Moral Challenge [PDF] Spring 2002 Digital Footprints: Assessing Computer Evidence [PDF] 2000 Digital Forensic [PDF] January 2004 Digital Forensic Analysis of E-Mails: A Trusted E-Mail Protocol [PDF] Spring 2004 Digital Forensic Reconstruction and the Virtual Security Testbed ViSe 2006 Digital Forensics - A Primer [PP Presentation] January 2005 Digital Forensics - Finding information that has been lost... [PDF Presentation] April 2004 Digital Forensics - Using Perl to Harvest Hash Sets [HTML Slideshow] June 2004 Digital Forensics [PDF Presentation] March 2006 Digital Forensics [PDF Presentation] May 2006 Digital Forensics [PDF Presentation] November 2003 Digital Forensics [PP Presentation] October 2005 Digital Forensics and Corporate Investigations [PDF Presentation & MP3] March 2006 Digital Forensics and Information Assurance - Education and Research [PDF] December 2003 Digital Forensics at a University [PDF Presentation] October 2005 Digital Forensics Curriculum Consortium [Word docs] 2006 Digital Forensics Laboratory Projects [PDF] May 2006 [Free - Registration Required] Digital forensics of the physical memory [PDF] March 2005 Digital Forensics Research [PDF] June 2005 Digital Forensics Research in the United States [PDF] March 2006 Digital Forensics Using Hashsets - National Software Reference Library [HTML Slideshow] June 2004 Digital Forensics using Linux and Open Source Tools [PDF Presentation] September 2005 Digital Forensics: A Case Study April 2005

Digital Forensics: Crime Seen Digital Forensics: Exploring Validation, Verification & Certification [PDF] August 2005 Digital Forensics: Sleuthing on Hard Drives and Networks [PDF] December 2005 Digital Forensics: Storage Media Primer Digital Fraud Examination [PDF] 2005 Digital Imaging Procedure v1.0 [PDF] March 2002 Digital Incident Response, Forensics and Sanitization [PDF Presentation] July 2004 Digital Information, User Tokens, Privacy and Forensics Investigations: The Case of Windows XP Platform [PDF Presentation] May 2003 Digital Investigations and the Modern Legal Landscape [PDF Presentation] November 2005 Digital Media Forensics May 2000 Digital Media Investigations [PDF Presentation] August 2005 Digital Media Storage -- Facilities and Procedures [PDF] March 2005 Digital Music Device Forensics [PDF or PS] May 2005 Digital Photographs (in the courtroom) [PP Presentation] Digital Privacy Considerations With the Introduction of EnCase Enterprise [PDF] 2003 Digital Search and Seizure [PDF] February 2006 Digital trail led to accused spy Digital Warrants Language for a proposed California law dealing with computer search warrants. Digitalevidence Integrated Management System [PDF] 2004 DIPL: The Digital Investigation Process Language [PP Presentation] November 2003 Directors & Corporate Advisors' Guide to Digital Investigations and Evidence [PDF] September 2005 Directors and Corporate Advisors’ Guide to Digital Investigations and Evidence [PDF] September 2005 Disabling Wireless Networks for Law Enforcement [PDF] June 2005 Disaster Recovery Planning with a Focus on Data Backup/Recovery [PDF] January 2001 Discovering passwords in the memory [PDF] November 2003 Discovering Relationships in Context: Inductive tools for forensic computing [PDF] June 2006 Discovery of Electronic Mail: The Path to Production [PDF] 2005 Discusses Alternate Data Streams Discusses The Coroners Toolkit Discusses Zert, a tool which allows you to image mobile phones and PDAs, produced by the Netherlands Forensic Institute (http://www.forensischinstituut.nl/) and available only to law enforcement. Disk Cloning [PDF] Revised January 2005 Disk Forensics (using PyFlag) January 2005 Disk Sanitization and Cross Drive Forensics [PDF Presentation] September 2005 Dissecting Distributed Malware Networks [PP Presentation] Dissecting NTFS Hidden Streams July 2006 Distributed Attacks and CISCO Net Flow Logs [PDF Presentation] Distributed Cyber Forensics (pages 10-13) [PDF] Spring 2004 Do You Leave Sensitive Data Lying Around? November 2004 Documents and Meeting Materials 2004 - 2006 Dodging the Bullet: Cross-Examination Tips for Computer Forensic Examiners [PDF] 2005 DOE Cyber Forensics Laboratory: Program Briefing [PP Presentation] 2003 Domain Name Forensics: A Systematic Approach to Investigating an Internet Presence [PDF] November 2004 Dos and Don’ts for Digital Evidence June 2005 Do's and Don'ts of Forensic Computer Investigations September 2004 Downloadforensic-rescue-cd-2.0.iso Downloading: Using Computer Software as an Investigative Tool June 1996 Downloads - Forms and Checklists Downloads, Logs and Captures: Evidence from Cyberspace [PDF] 2000 Drive Math [Zipped Word Document] February 2002 Drive Translation (and second article AOL ART Files) [From archive.org] March 2000 Dusting for digital fingerprints [Word document] March 2005 Dynamic Time & Date Stamp Analysis [PDF] June 2002 eBanking Forensics ECF - Event Correlation for Forensics [PDF] 2003

eDanger.com [PDF] Winter 2005 eDiscovery Combining Forensics with Data Management: Applying the “Key Players” concept of Zubulake [PDF Presentation] November 2005 e-Evidence Standard: Proving the integrity, reliability, and trust on electronic records [PDF] June 2002 Effective Data Searches [PDF] 2001 Effective Incident Response Teams: Two Case Studies [PP Presentation] April 2005 Efficient log authentication for Forensic Computing [PDF Presentation] June 2005 Electronic Crime - its not only the big end of town that should be worried [PDF] 2004 Electronic Crime: Trends, Collection, Analysis [PP Presentation] 2005 Electronic Data Discovery and Data Forensics - The Identification and Collection of Electronic Files [PDF Presentation] April 2005 Electronic Data Discovery and Data Forensics [PDF Presentations] 2004 Electronic Data Discovery Unleashed [PDF] Electronic Discovery [PDF Presentation] October 2005 Electronic Discovery and Computer Forensics [PDF] January 2004 Electronic Document Discovery: A Powerful New Litigation Tool Electronic Evidence - Gathering and Presenting Electronic Data for Evidentiary Purposes [PP Presentation] October 2002 Electronic Evidence and Computer Forensics [PDF] October 2003 Electronic Evidence and Computer Forensics [PP Presentation] February 2004 Electronic evidence discovery: From high-end litigation tactic to standard practice [PDF] September 2000 Electronic Evidence in Criminal Defense [PDF Presentation] March 2006 Electronic Fingerprints: Computer Evidence Comes of Age Electronic Forensics Education Needs of Law Enforcement [PDF] June 2004 Electronic Forensics May 2000 Email and Web Site Tracing [PDF Presentation] August 2005 E-mail and WWW browsers: A Forensic Computing Perspective on the Need for Improved User Education for Information Systems Security Management [PDF] 2002 E-Mail Discovery in Civil Litigation: Worst Case Scenarios vs. Best Practices [PDF] April 2004 Email Forensics - Who has user X been communicating with April 2005 Email Forensics [PP Presentation] Email Tampering - This Time, The Good Guys Won [PDF] January 2002 Email traffic patterns can reveal ringleaders March 2003 E-mailed Death Threats: A Case Study... [PDF]Embedding Forensic Capabilities into Networks: Addressing Inefficiencies in Digital Forensics Investigations [PDF Presentation] June 2006 Emerging Problems in Forensic Computing [PP Presentation] May 2004 Emerging Technology: Taking A Byte Out Of Crime February 2001 ENCASE - A forensic computing utility that does it all (from archive.org) EnCase Base64 Processing EnCase Computer Forensics--The Official EnCE : EnCase Certified Examiner Study GuideEncase Decryption System [PDF] EnCase Forensic Evidence Acquision and Analysis [PDF] June 2000 EnCase Test and Tutorial (from archive.org) Encase Version 5 Presentation [PDF Presentation] June 2006 EnCase: A Case Study in Computer-Forensic Technology [PDF] January 2001 Encountering Encrypted Evidence (potential) [PDF] June 2002 Encryption: Impact on Law Enforcment June 1999 Enforcement Techniques - Chapter 3 -Digital Evidence Gathering [PDF] April 2006 Enforcement Techniques - Chapter 3 -RFID Towards Digital Evidence [PDF Presentation] January 2006 Enscript v3 Tutorials Ensuring the Reliability and Admissibility of Digital Evidence [PP Presentation] November 2004 Enterprise Forensics - Changing the Forensic Paradigm… [PDF Presentation] November 2005 Enterprise Investigations: Tools and Techniques [PDF Presentation] 2005 Error, Uncertainty and Loss in Digital Evidence [PDF] June 2002 Error, Uncertainty, and Loss in Digital Evidence [PP Presentation] February 2003 (from archive.org) E-Sleuthing and the Art of Electronic Data Retrieval - Uncovering Hidden Assets in the Digital Age: Part I [PDF - Local copy] February 2004 E-Sleuthing and the Art of Electronic Data Retrieval - Uncovering Hidden Assets in the Digital Age: Part II [PDF - Local copy] March 2004 E-Sleuthing and the Art of Electronic Data Retrieval - Uncovering Hidden Assets in the Digital Age: Part III [PDF - Local copy] April 2004

Ethereal: Analysis on a Budget [PDF Presentation] May 2005 Evaluating Commercial Counter-Forensic Tools [PDF] August 2005 Evaluating the Capacity to Respond to E-Crime [PDF] 2000 Evaluation of Intelligent Intrusion Detection Models [PDF] Summer 2004 Event Data Recorder Case Law Event Sequence Mining to Develop Profiles for Computer Forensic Investigation Purposes [PDF] 2006 Everything You Need to Know About the Destruction of Information on Computer Hard Drives [PDF Presentation] May 2006 Everything You Wanted to Know About Email Discovery, But Were Afraid to Ask [PDF] 2001 Everything Your Mother Should Have Told You About Write Blockers [PDF Presentation] June 2006 Evidence Evidence Collection and Data Seizure Evidence Discovery in a Digital World [PP Presentation] February 2004 (from archive.org) Evidence Enhancing Technology - Bridging the Techno-Legal Gap with Secure Audit Logging [PDF] December 2003 Evidence gathering tools Evidence investigation tools Evidence on the Internet [RTF doc] Evidence Preservation Evidence Processing: Computer Autopsy Evidence Seizure Methodology for Computer Forensics September 2000Evidence With A Byte [PDF] 2002 Evidentiary Authentication Within the EnCase Enterprise Process [PDF] June 2003 Evidentiary Benefits of Write Once-Read Many ("WORM") Optical Disk Storage for Records Management [PDF] August 2000 Evidentiary Considerations for Collecting and Examining Hard-Drive Media [PDF] November 2001 (from archive.org) Evidentiary Value of Link Files March 2006 EWF Specification [PDF] 2006 Expert Witness Compression Format specification Examination of Computer-Resident Evidence [PDF] Examine a Unix Box for Possible Compromise Examine a Unix Box for Possible Compromise 1999Examining the Data - A beginners guide to computer-based evidence [PDF] Examples of using DD within UNIX to Create Physical Backups Excerpt from the News and Trends column of Security Management Online Exchangeable Image File Format (ExIF) [PDF] October 2004 Exercise 1: Disk Imaging with Ghost Exercise 2: Forensics with dd Expert vs. Expertise: Computer Forensics and the Alternative OS July 2003 Expert Witness Compression Format Specification Explanation of an IP Address Tracing [Word Document] Exploring Data Generated by Computer Forensic Tools with Self-Organising Maps [PDF] February 2005 Ext2fs and forensics April 2006 Extending the Coroner's Toolkit via Aggregate Database [PDF] Spring 2004 Extracting Email IDs from IM Clients September 2002 Extracting forensic evidence from biometric devices [PDF] 2003 Extreme IP Backtracing [PP Presentation] FAQ: Firewall Forensics (What am I Seeing?) June 2000 FARES: Forensic Analysis of Risks in Enterprise Systems [PP Presentation] June 2004 FastBloc (Guidance Software) Validation Document [PDF] July 2001 Fat/NTFS - The Wily Internals of Windows’s File Systems [PDF Presentation] November 2005 FATKit: Detecting Malicious Library Injection and Upping the “Anti” [PDF] July 2006 FBI Cyber Crime Program Philadelphia Division [PP Presentation] 2003 (from archive.org) FCCU GNU/Linux Forensic Boot CD [PDF Presentation] October 2005Fight Crime and Improve Security with Data Mining [PP Presentation] February 2003 Fighting Cyber Crime in a Post-9-1-1 World: Yesterday, Today and Tomorrow [PP Presentation] April 2005 Fighting Online Software Piracy [PDF] August 2004 Fighting Online Software Piracy—What Works in 2005 [PDF] 2005

File Deletion in MS FAT Systems April 1999 (updated September 2002) File Hound: A Forensics Tool for First Responders [PDF] August 2005 File Recovery Techniques December 2000 File Signatures Table File Type Identification of Data Fragments by Their Binary Structure [PDF Presentation] June 2006 Fileprints: Identifying File Types by n-gram Analysis [PDF Presentation] June 2005 Filesystem and network acquisition and analysis tools [PDF Presentation] November 2005 Find the Email Header (from archive.org) Finding Digital Evidence in Physical Memory [PDF Presentation] January 2006Finding Gold in the Browser Cache [PDF Presentation] August 2006 Finding the Right Computer Forensic Expert [PDF] May 2004 Finding the Right Computer Forensics Expert Fingerprint Identification and Mobile Handheld Devices: An Overview and Implementation [PDF] March 2006 Fingerprinting Your Files August 2004 Finite State Machine Analysis of a Blackmail Investigation [PDF] May 2005 FIRE: Forensic & Incident Response Environment [PP Presentation] November 2003 FIRESTORM: Exploring the Need for a Forensic Tool for Pattern Correlation in Windows NT Audit Logs [PDF] November 2002 Firms increasingly call on cyberforensics teams January 2002 First Responder - Collection and preservation of evidence [PDF Presentation] January 2005 First Responders Guide to Computer Forensics [PDF] March 2005First Responders Guide to Computer Forensics: Advanced Topics [HTML & PDF] September 2005 First Responder's Manual [PDF] May 2001 First Responders: Training Scene of Computer Crime Investigators [PDF] June 2002 FLUX: A Forensic Time Machine for Wireless Networks [PDF Presentation] April 2006 FLUX: A Forensic Time Machine for Wireless Networks [PDF] April 2006 Footprints in the Sand: Fingerprinting Exploits in System and Application Log Files October 2002 Forensic Accounting - the recorded electronic data found on Computer Hard Disk Drives, PDAs and numerous other Digital Devices September 2004 Forensic acquiring and analysis [PDF] 2003 Forensic acquisition and analysis of magnetic tapes [PDF] February 2005 Forensic Acquisition Utilities Revised August 2004 Forensic Analysis [PDF] November 2002 Forensic Analysis for Unix-Based Operating Systems [PDF] October 2005 Forensic Analysis in a Digital World Spring 2002 Forensic Analysis of a Compaq RAID-1 Array and Using dd with EnCase v3 September 2002 (from archive.org) Forensic Analysis of a Compromised Mac OS X (Client) Machine May 2002 Forensic Analysis of a Live Linux System, Part One March 2004 Forensic Analysis of a Live Linux System, Part Two April 2004 Forensic Analysis of a Windows 95 System [PDF] April 2002 Forensic Analysis of Digital Evidence from Palm Personal Digital Assistants [PDF] Fall 2004 Forensic Analysis of File System Intrusions using Improved Backtracking [PDF] February 2005 Forensic Analysis of Hacking Cases [PDF Presentation] September 2003 Forensic Analysis of Internet Explorer Activity Files [PDF] Revised May 2003 Forensic Analysis of Microsoft Internet Explorer Cookie Files [PDF] May 2003 Forensic Analysis of Microsoft Windows Recycle Bin Records [PDF] Revised May 2003 Forensic Analysis of Mobile Phones [PDF] October 2005 Forensic Analysis of Risks in Enterprise Systems [PDF] 2004 Forensic Analysis of the Windows Registry [PDF] April 2006 Forensic Analysis of Volatile Data Stores [PDF Presentation] August 2006 Forensic analysis of Windows hosts using UNIX-based tools [PDF] July 2004 Forensic Analysis using FreeBSD - Part 1 October 2002 (from archive.org) Forensic Analysis with F.I.R.E. (GCFA Practical Assignment) [PDF] May 2003 Forensic Analysis Without an IDS: A Detailed Account of Blind Incident Response [PDF] January 2002 Forensic Analysis: Windows Forensic Toolchest (WFT) [PDF] Updated May 2005 GCFA Practical Discussing WFT Forensic and Anti-Forensic Computing [PDF] December 2002

Forensic and Log Analysis GUI [PDF Presentation] April 2005 Forensic and Log Analysis GUI Tutorial [PDF Presentation] January 2006 Forensic Auditing: The Role of Computer Forensics in the Corporate Toolbox January 1999 Forensic Challenges - Windows Encrypted Content [PDF Presentation] April 2006 Forensic Checklist [PDF] Forensic Computer Analysis [PP Presentation] April 2003 Forensic Computer Analysis: An Introduction July 2001 Forensic Computer and Cybercrime Investigations [PDF] December 2001 (from archive.org) Forensic Computer Examination Forensic Computer Examinations for Small to Medium Size Businesses [PDF Presentation] September 2005 Forensic Computer Investigation Brings Notorious Serial Killer BTK to Justice [PDF] November 2005 Forensic Computer Investigations & Data Recovery [PDF Presentation] January 2003 Forensic Computer Investigations [PDF] December 2000 Forensic Computer Investigations [PP Presentation] January 2000Forensic Computing [PDF Presentation] Forensic Computing [PDF] 2004 Forensic Computing [PP Presentation] November 1999 Forensic Computing 2003 Forensic Computing and Digital Evidence [PDF Presentation] November 2005 Forensic Computing as applied to the current practice of Medicine September 2004 Forensic Computing from a Computer Security Perspective [PDF] June 2004 Forensic Computing Theory & Practice: Towards Developing a Methodology for a Standardised Approach to Computer Misuse [PDF] 2003 Forensic Computing within the Crime and Misconduct Commission [PDF] 2004 (from archive.org) Forensic Computing... [PP Presentation] April 2005 Forensic Computing: "Catch Me if you can" [PDF Presentation] September 2004 Forensic Computing: A look at evidence and how to handle it October 1997 Forensic Computing: An Introduction to the Principles and the Practical applications [PDF] April 2002 Forensic Computing: Developing a Conceptual Approach for an Emerging Academic Discipline [PDF] 2001 Forensic Computing: Developing a Conceptual Approach in the Era of Information Warfare [PDF] 2001 Forensic Computing: Developing Specialist Expertise within the CS Curriculum [PDF] June 2006 Forensic Computing: What is it? [PDF Presentation] August 2004 Forensic Dead-Ends: Tracing Users Through Anonymous Remailers [PP Presentation] July 2002 Forensic Detectives January 2002 Forensic DiscoveryForensic Discovery (The Book)Forensic Discovery [PDF Presentation] April 2003 Forensic Discovery [PDF Presentation] August 2005 Forensic DiscoveryComputer Aided Forensics (Poster) [PDF] 2004 Forensic Disk Imaging Using Linux [PDF] July 2005 Forensic Duplication and Analysis Using Encase Forensic evidence testimony — some thoughts [PDF] February 2004 Forensic Examination [PP Presentation] July 2002 (from archive.org) Forensic Examination of a RIM (BlackBerry) Wireless Device [PDF] June 2002 Forensic Examination of a RIM (BlackBerry) Wireless Device [PP Presentation] September 2002 Forensic Examination of Internet Activity [PDF] July 2001 Forensic examination of log files [PDF] January 2005Forensic examination of mobile phones [PDF] 2004 Volume 1 Issue 4 - Registration required Forensic extraction of electronic evidence from GSM mobile phones [PDF Presentation] 2001 Forensic feature extraction and cross-drive analysis [PDF] August 2006 Forensic Feature Extraction and CrossDrive Analysis [PDF] May 2006 Forensic Fieldwork: Experience Is the Best Teacher [PDF] Forensic Footprints: Investigations in Cyberspace [PDF] 2004 Forensic Implications of Biometric Devices and future identification management systems [PP Presentation] August 2005 Forensic Implications of Identity Management Systems [PDF] January 2006

Forensic Inspection of Hard Disks August 2002 Forensic investigation and its relationship with information assurance and corporate governance [PDF] 2005 Forensic Investigation Case Studies and Results [PDF Outline] 2006 Forensic Investigation of Data in Live High Volume Environments [Word doc] 2005 Forensic IT Investigations [PP Presentation] May 2003 Forensic Lab Development [PP Presentation] March 2006 Forensic Methodologies: A Computer Forensic Professional’s Compass! [PDF] Forensic Overview [PP Presentation] April 2006 Forensic Overview [PP Presentation] July 2005 Forensic Plan - A technical guide to aid in the preservation of digital evidence following a computer security incident [PDF] July 2004 Forensic Preparation Secure Business Quarterly 2001 [PDF]Forensic Procedures Forensic Process and Tricks [Word document] Forensic Readiness - CanSecWest Conference [PDF Presentation] March 2001 (from archive.org) Forensic Readiness (Whitepaper) [PDF] July 2001 (from archive.org) Forensic Readiness [PDF Presentation] February 2006 Forensic Relative Strength Scoring: ASCII and Entropy Scoring [PDF] Spring 2004 Forensic Software Maker Gets Tough on Computer Crime July 2004 Forensic Software Tools for Cell Phone Subscriber Identity Modules [PDF] April 2006 Forensic Software Tools for Cell Phones [PDF Presentation] June 2006 Forensic Techniques for Investigating Network Traffic [PP Presentation] July 2002 Forensic tools (Group Test) August 2004Forensic Tools and Processes for Windows XP [PDF Presentation] 2003 Forensic Tools and Processes for Windows XP Clients [PDF Presentation] October 2002 Forensic UNIX Initial Response Script and CDROM – Collect the evidence that will be lost by disconnection or shutdown [PDF] 2003 Forensic Vulnerability Discovery And Analysis [PP Presentation] August 2002 FORENSICS - Loadable Kernel Modules [PDF] Forensics & Data Recovery [PDF Presntation] Fall 2005 Forensics (Procedures) Forensics [PDF Presentation] December 2003Forensics [PP Presentation] 2001 Forensics and Active Protection [PP Presentation] March 2003 Forensics and Data Recovery [PDF Presentation] September 2005 Forensics and Linux [HTML Presentation] July 2003 Forensics and Privacy-enhancing Technologies - Logging and Collecting Evidence in Flocks [Abstract] 2005 Forensics and Privacy-Enhancing Technologies [PDF] 2005 Forensics and the Emerging Importance of Electronic Evidence Gathering [PDF] November 2001 Forensics and the GSM Mobile Telephone System [PDF] Spring 2003 Forensics for Advanced UNIX File Systems [PDF] 2004 Forensics for Critical Information Infrastructure Protection [PP Briefing] August 2004 Forensics For System Administrators [PDF] August 2005 Forensics in Fifteen [Flash Presentation] March 2006 Forensics in Fifteen [PP Presentation] April 2006 Forensics in the Field – The art of developing a computer forensics field deployment kit [PDF Presentation] June 2006 Forensics Lite [PDF] November 2001 Forensics of a Windows system [PDF Presentation] September 2005 Forensics on the Windows Platform, Part One January 2003 Forensics on the Windows Platform, Part Two February 2003 Forensics Wiki February 2006 Forensics with Linux 101 or How to do Forensics for Free [PDF Presentation] July 2003Forensics, Fighter Pilots and the OODA Loop: The Role of Digital Forensics in Cyber Command and Control [PDF] August 2004Forensics: Data Trails and Detection [PDF Presentation] February 2006 Forensics: What to do after the Break-In [PDF Presentation] May 2002 Forensik Toolkits [PDF] 2003 (in German)

Forensix: A Robust, High-Performance Reconstruction System [PDF] June 2005 Forgetting to Lock the Back Door: A Break-in Analysis on a Red Hat Linux 6.2 Machine [PDF] August 2002 Formal Specification and Refinement of a Write Blocker System for Digital Forensics [PDF] November 2005 Formalisation of the Processing of Electronic Traces [PDF Presentation] June 2003 Formalising Event Time Bounding in Digital Investigations [PDF] Fall 2005 Formalizing Computer Forensic Analysis: A Proof-Based Methodology [PDF] 2004 ForNet: A Distributed Forensics Network [PDF Presentation] 2003 ForNet: A Distributed Forensics Network 2003 FORZA – Digital forensics investigation framework that incorporate legal issues [PDF] August 2006 FOSS Digital Forensics [PDF Presentation] June 2006 Foundations for Visual Forensic Analysis [PDF Presentation] June 2006 Foundations of computer forensics: A technology for the fight against computer crime [PDF] April 2005 FragFS: An Advanced Data Hiding Technique [PDF Presentation] January 2006 Free Tools for Investigating PC Hacks [PDF Presentation] November 2005 Freeware Forensics Tools for Unix November 2001Freeware Forensics Tools November 2001 Frequently Asked Questions about The Coroner's Toolkit From a Computer Forensics & Incident Response Perspective From Events to Incidents [PDF] November 2001 from Gary Kessler's Homepage FTP Attack Case Study Part I: The Analysis May 2002 FTP Attack Case Study Part II: The Lesson June 2002 Fundamentals of Storage Media Sanitation [PDF] June 2006 Gatekeeping Out Of The Box: Open Source Software As A Mechanism To Assess Reliability For Digital Evidence Fall 2001 GCFA Practical Assignment [PDF] September 2002Geeks with Guns, or How I Stopped Worrying and Learned to Love Computer Evidence [PDF] October 2005 Gender-Preferential Text Mining of E-mail Discourse [PDF] 2002 General Guidelines for Seizing Computers and Digital Evidence Generalising Event Forensics Across Multiple Domains [PDF] 2004 Generalizing sources of live network evidence [PDF] February 2005 Gentoo Linux Quick Install Guide for a Forensic Workstation [PDF] March 2004 Getting Physical with the Digital Investigation Process [PDF] Fall 2003 Getting to the Drive: Gaining Access to your Opponent’s Digital Media Getting to the Drive: Gaining Access to your Opponent’s Digital Media [PDF] Ghosts in the Machine (from archive.org) GMU2005 presentations [Zipped PP Presentations] August 2005Good discussion of clusters, temp. files, deleted files, SLACK, etc. Good Documentation Is Essential Good Practice Guide For Computer based Electronic Evidence [PDF] v.3 - September 2003Good Practice Guide For Computer Based Evidence [PDF] v.2 - June 1999 Good Practice Guide for Mobile Phone Seizure & Examination [Word doc] March 2006 Good to the Last Byte [PDF - Local copy] March/April 2004 Googling Forensics [PDF] September 2005 Got a Virus? Don’t Call a Doctor, Call a Cop Winter 2002 Guide for the preservation of computer based evidence following an unauthorised intrusion Guide to Computer and Network Data Analysis: Applying Forensic Techniques to Incident Response [PDF] August 2005Guide to Computer and Network Data Analysis: Applying Forensic Techniques to Incident Response [PDF] August 2005 Guidelines and Recommendations for Training in Digital & Multimedia Evidence [PDF] July 2004 Guidelines For Data Gathering And Forensics? - Thread started July 2001 Guidelines for Evidence Collection and Archiving July 2000 Guidelines for Media Sanitization [PDF] February 2006 Guidelines for the Best Practice in the Forensic Examination of Digital Technology [Word document] October 2003 Guidelines for the Handling and Seizure of Digital Evidence [PDF] Guidelines for the Management of IT Evidence [PDF] March 2004

Guidelines for the Management of IT Evidence [PP Presentation] March 2004 Guidelines on Cell Phone Forensics [Draft] [PDF] August 2006 Guidelines on PDA Forensics [PDF] November 2004 Guidelines on PDA Forensics [PDF] November 2004 Hack and Counter-Hack - Active Forensics: Tracking that Intruder January 2001 Hackers, Crackers, E-Fraud & Forensics [PDF] May 2006 Hacking, Handling and Investigation Experience Sharing [PDF] January 2003 Hacking, Learning to Prevent it by Knowing more About it [Presentation] January 2000 Halcrow Group Ltd MIS Computer Forensic Procedures June 2002 Handbook of Computer Crime Investigation Sample Chapter [PDF]Additional Materials Related to the Book Handheld Forensics [PDF Presentation] November 2005 Handheld Forensics: Palm and Beyond [PDF Presentation] June 2005 Handhelds give up secretsHandling Crime in the 21st centuryHandling Digital Evidence [PDF] Handling Digital Evidence [PP & PDF Presentation] May 2005 Handling Digital Photographs for Use in Criminal Trials [PDF] May 2004 Handling evidence after an 'incident' [PDF Presentation] October 2004 Hands-On Honeypot Technology - Analysis & Forensics [PDF Presentation] July 2005Hard Challenges for Digital Forensics [PDF Presentation] February 2005 Hard disk ATA Security [PDF Presentation] March 2006 Hard Disk Drives - Bigger is Not Better Hard Drive Secure Information Removal and Destruction Guidelines [PDF] October 2003 Hard-Disk Risk 2003 Hash Sets and Their Proper Construction [PDF] Hash Sets for Hacker Tools [bottom of page] Helix 1.7 for Beginners [PDF] Updated March 2006 Helping Your Users by Spying On Them [PDF] August 2005 Here's How to Avoid Nasty Bytes Hexadecimal Flags for Partition Types [Zipped Word Document] February 2002 Hidden Data [PDF Presentation] April 2005 Hidden data in popular office file formats [PDF] April 2006Hidden Date & Times - Forensic Analysis & Daylight Saving / Time Zone Pitfalls [PDF] (from archive.org) Hidden or Hiding: Mac OS X’s Forensic Assets and Liabilities [PDF] October 2005 Hidden Text in Computer Documents August 2003 Hiding Crimes in Cyberspace [PP Presentation] March 2001 Hiding Crimes in Cyberspace [Word document] July 1999 Hiding within the Trees [PDF] 2004 High Tech Crime Briefs January 2005 New series, issues 1-9 High Tech Forensics [PDF] July 2004 High Tech Forensics: Serving as a Police Reserve Specialist [PDF] High tech investigations: It ain’t just forensics [PDF Presentation] May 2005 High Technology Crimes (Sacramento Valley Hi-Technology Crimes Task Force) [PDF Presentation] 2004 Higher-order Wavelet Statistics and their Application to Digital Forensics [PDF] 2003 High-Tech Crimes Revealed: Cyberwar Stories from the Digital FrontHigh-Tech Evidence Gathering: Tapping into the Computer Criminals 1999 High-Tech Holmes July 2001 Honeynet Data Analysis: A technique for correlating sebek and network data [PP Presentation] August 2004 Honeynet: A Platform for Studying Hacker Behaviors and Computer Forensics [Presentations in PDF] August 2003 Honeypot Forensics - No stone unturned or: logs, what logs? [PP Presentation] December 2004 Honeypot forensics [PDF] JUne 2004 Honeypot: Hacker Tracking and Computer Forensics ANDHoneypot-based Forensics [PDF] May 2004 Honeypots: Monitoring and Forensics [LINK to Site]

Honeytraps As A Forensic Tools [Presentation] February 2002 Honeytraps as Forensic Tools [PP Presentation] Fall 2001 Honeytraps, A Network Forensic Tool (Paper Draft) [PDF] Honeytraps, a Network Forensic Tool [PP Presentation] February 2002 Hooking IO Calls for Multi-Format Image Support (using PyFlag) January 2005 How damaging is that trunk mounted radio to computer evidence? [RTF doc] How Effective Cooperation with Law Enforcement Authorities Can Promote Computer Security [PP Presentation] March 2004 How to Conduct On-Premises Discovery of Computer Records Part I: Obtaining the Data How to Conduct On-Premises Discovery of Computer Records Part II: Dectecting Altered Records How to duplicate a complete PC via network How to duplicate a Linux PC or partition via network How to identify and re-claim a compromised Linux machine using TCT How to Image RAIDS [PP Presentation] How to Investigate Computer Intrusions: A Checklist How To Permanently Erase Data from a Hard Disk 2005 How to prepare your department for a forensics investigation, the importance of developing a methodology, as well as the steps to take when seizing evidence. How to Reuse Knowledge about Forensic Investigations [PDF] August 2004How to use Forensic Toolkit v2.0 on Windows NT 4.0 Server [PDF] 2002 How to use Helix to conduct a Basic Incident Response on a Windows XP Professional SP2 Computer March 2005 How to Use iLook Investigator v7.0 [Zipped PP Presentation] November 2001 How Windows encrypts .PWL files November 1995 How Windows stores information about the User October 2000 http://web.archive.org/web/20030530124911/http://www.rootshell.be/~anuradha/scrolls/forensics.txt (From archive.org) September 2002 http://www.htcia-mountainstates.org/palmosacquisition.pdf [PDF] 2004 http://www.tigertools.net/contest.htm Hunting Hackers: How to Fight Back Ibas Computer Forensics: A White Paper [PDF] IBM OS/400 - AS/400 – Recognizing and Securing the System [PDF] ICT Abuse & Digital Forensic Investigations [PP Presentation] December 2005 Identification of Appropriate Technologies, Procedure for Handling & Analysing Digital Evidence [PP Presentation] 2005 Identification of Known Files on Computer Systems [PDF Presentation] February 2005 Identify Intrusions with Microsoft Proxy Server, Web Proxy Service and WinSock Proxy Service Log Files [PDF] 2001 Identifying a deleted account November 2002 Identifying almost identical files using context triggered piecewise hashing [PDF] August 2006 Identifying Internet Activity: Computer Forensics Goes To Cyber Space Identifying the Owner of a Website [PP Presentation] 2000 IDS Logs in Forensics Investigations: An Analysis of a Compromised Honeypot March 2003 Ilook Investigator [PP Presentation] 2005 Image is Everything [PDF] Impediments to the successful investigation of transnational high tech crime October 2004 Implementing a Forensic Response Unit [PDF Presentation] June 2004 Implementing Policies and Procedures for Effectively Supervising CyberOffenders: U.S. Probation Department-EDNY [PDF Presentation] June 2005 Importance of a Standard Methodology in Computer Forensics [PDF] May 2000 Improved event logging for security and forensics: developing audit management infrastructure requirements [PDF] April 2003 Improving Computer Forensics Media Analysis with Modeling Languages [PP Poster] 2004 Improving evidence acquisition from live network sources [PDF] May 2006 Improving Government-Wide Emergency Response to Cyber Incidents [PDF] June 2001 In an effort to avoid censorship and protect patron privacy, public libraries may become unwitting accomplices to cybercrime. In this case, the prosecution claims that Mr. Defendant-Name knowingly possessed and accessed specific contraband data. The question posed to Mr. Cohen in regard to this matter is whether these assertions made by the prosecution are supported by the evidence. Inappropriate use of computers - the technical investigation process December 2003Inappropriate Use of Computers - The Technical Investigation Process December 2003 Incident Analysis of a Compromised RedHat Linux 6.2 Honeypot April 2002 Incident and Wiretap of a Real Case [Word Document - from archive.org] Incident Detection, Recovery and Forensics, Plus a Few Selected Threat Remarks [PP Presentation] September 2005

Incident Handling / Forensics FAQ Incident Handling I [PDF Presentation] May 2003 (from archive.org) Incident Handling II [PDF Presentation] May 2003 (from archive.org) Incident Handling/Forensics FAQ Incident Handling: The Art of Containing Compromised Information [PDF] December 2000 Incident Handling: Where the Need for Planning is often not Recognised [PDF] November 2003 Incident Management with Law Enforcement December 2001 Incident Reporting & Automation [PDF] March 2001 Incident Response - Preparedness is Essential in Today’s Computing Environment [HTML-framed Presentation] Incident Response & Computer Forensics [PP Presentation] September 2005 Incident Response & Computer Forensics, Second Edition Incident Response & Evidence Management [PDF Presentation] November 2002 Incident Response [PP Presentation] 2001 Incident Response and Analysis [PP Presentation] April 2003 Incident Response and Computer Forensics [PDF Presentation] March 2004 Incident Response and Computer Forensics [PP Presentation] October 2003 Incident Response and Digital Forensics [PP Presentation] Incident Response and Forensics [PP Presentation] July 2003 Incident Response and Forensics in Higher Education Environment [PP Presentation] April 2004 Incident Response and Forensics: A Look Inside a Hacked Box [PDF Presentation] February 2006 Incident response and fraud investigation – the role of the information technology auditor 2003 Incident Response and Handling [PDF Presentation] March 2005 Incident Response and Network Forensics [PP Presentation] Incident Response Checklist Incident Response Fundamentals Class [PDF Presentation] 2000 Incident Response Plan - A technical guide to aid in preparing for, detecting and responding to computer security incidents [PDF] July 2004 Incident Response Planning and Forensic Readiness [PP Presentation] February 2002 (from archive.org) Incident Response Procedure for Account Compromise [PDF] 2004 Incident Response Procedures Incident Response Toolkit [PDF Presentation] August 2003 Incident Response Tools For Unix, Part One: System Tools March 2003 Incident Response Tools For Unix, Part Two: File-System Tools October 2003 Incident Response: A Primer on Prepartation and Resolution [Zipped PDF Presentation] (from archive.org) Incident Response: Chapter 7 - Tools of the Trade August 2001 Incident Response: Computer Forensics ToolkitIncident Response: Investigating Computer Crime Incident Response: Performing Investigations on a Live Host [PDF] Independent Review of Common Computer Forensics Imaging Tools [PDF] August 2003 (from archive.org) Independent Validation & Verification of SMART for BeOS [PDF] February 2002 Independent Validation & Verification of SMART for Linux [PDF] November 2002 Index.Dat Files and Primary I.E. Folders INFO2 Recycle Bin File - A Primer September 2005 Inforensics 101 [PP Presentation] May 2004 Information Assurance Applied to Authentication of Digital Evidence October 2004 Information Leakage and Computer Forensics [PDF Presentation] February 2006 Information Systems Forensics: A Practitioner's Approach November 2004 Information Technology Security Part 6 Investigation and Forensics I [HTML Presentation] March 2002 Initial investigating actions related to detecting cyber crimes Initial Response to Windows NT/2000 [PDF] Innovation and Legal Acceptability in Computer Forensics [Zipped PDF] June 2000 Innovative Techniques to Manage Sex Offenders in the Community [PDF Presentation] June 2005 Inquiry into Terrorism Detention Powers [PDF] January 2006 Inside the e-Nigma [PDF] 2001 Installing The Coroner's Toolkit and using the mactime utility

Intercept and Intelligence Hopefully Lawful [PDF] 2001 Interfacing with Law Enforcement FAQ January 2004 Internal Computer Investigations as a Critical Control Activity [PDF Presentation] April 2005 Internal Investigation Case Studies [PDF] February 2005Internal Investigations - Procedures and Techniques: An Overview [PDF] April 2001 Internal Response Teams versus External Consultants - A Decision Matrix [PDF] February 2004 Internet and judicial investigation: difficulties in judicial practice [PDF] 2001 Internet Ballistics: Retrieving Forensic Data From Network Scans (Poster) [PDF] August 2004Internet Browsing (and the question of intent) February 2003 Internet Forensics[Sample] Chapter 4: Obfuscation [PDF] October 2005 Internet Investigations - Finding the Suspect (from archive.org) Internet Security & Incident Response: Scenarios & Tactics [PP Presentation] 1998 Internet Undercover Operations [HTML-framed Presentation] February 2004 Interpreting Network Traffic: A Network Intrusion Detector's Look at Suspicious Events October 2002 Intro in IT Forensics Mgmt [PDF] June 2004 Intro to Computer Forensic Tools [PDF Presentation] November 2003 Intro to Computer Forensics [PDF Presentation] Intro to End-to-End Digital Investigation [PP Presentation] May 2005 Intro to forensics: Using the last command to track down changes January 2003 Intro to Linux for Cyber Crime Investigators and Computer Forensic Examiners [PP Presentation] 2003 Intro to Linux for Data Forensics version 2.0.5 [NASA ftp site]Introducing Digital Forensics [PP Presentation] May 2004 Introducing the Metaspolit Antiforensics Project [PDF Presentation] September 2005 Introduction to Computer Forensics [PDF] August 2005 Introduction to Computer Forensics [PP Presentation] 2006 Introduction to Computer Forensics [PP Presentation] April 2004 Introduction to Cyber Forensics [PDF Presentation] 2006 Introduction to Cyber Forensics: Forensics Incident Response [PDF Presentation] Introduction to Digital Evidence Seizure [PDF Presentation] September 2003 Introduction to Digital Evidence Seizure [PDF Presentation] September 2003 Introduction to Digital Forensics Procedure, Tools, and Techniques [PDF Presentation] April 2006 Introduction to Forensics 101 [PDF Presentation] August 2003 Introduction to Knoppix-STD: Forensic Analysis of a Compromised Linux Harddrive [PP Presentation] March 2004 Introduction to Linux Forensics [PDF] June 2005 Introduction to Linux Forensics [PP Presentation] June 2005 Introduction to Network and Local Forensics [PDF Presentation] May 2005 Introduction to The Sleuth Kit (TSK) [PDF] September 2005 Intruder Discovery / Tracking and Compromise Analysis August 2000 Intrusion Auditing with NTLast [PP Presentation] Intrusion Detection and Incident Response Intrusion Detection and Network Forensics [PP Presentation] April 2000 Intrusion Detection as a Network Forensic Tool [Word Document] (Abstract) Intrusion Detection FAQ What are some acceptable procedures for documentation and detective work that will result in court-admissible evidence? Intrusion Detection for Linux ServerIntrusion Detection Systems and A View To Its Forensic Applications [Available as Postscript download] February 2000 Intrusion Detection Systems as Evidence [PDF] December 2000 Intrusion Detection Tools [PDF Presentation] November 2005 Intrusion Detection: Forensic Computing Insights arising from a Case Study on SNORT [PDF] 2003 Intrusion Detection: Issues and Challenges in Evidence Acquisition [Word document] May 2003 Intrusion Investigation and Post-Intrusion Computer Forensic Analysis 2000 Investigating an Attempted Intrusion 1999 Investigating an Internal Case of Internet Abuse [PDF] September 2001 Investigating and Prosecuting Network Intrusions 1996 Investigating Child Exploitation and Pornography

Investigating Cyber Crime/Hacking and Intrusion [PDF] Investigating E-Mail Activities [PP Presentation] May 2004 Investigating Internet Histories with Internet Explorer 6 Investigating Internet Histories with Netscape Navigator 6 Investigating Internet Security Incidents: A Brief Introduction to Cyber Forensic Analysis [PP Presentation] 1999 Investigating Network Intrusions [PDF Presentation] June 2001 Investigating One Incidence of Anomalous Network Traffic [PDF] June 2001 Investigating Sophisticated Security Breaches [PDF] February 2006 Investigating The Fraud, Recovering Digital Evidence, and Assessing Damages Investigating Wireless [PDF] 2005 Investigation Internet Usage [HTML-Frames Presentation] January 2002 Investigation Into Computer Forensic Tools [PDF] September 2004 Investigation into the Removal of Records and Erasure of Computer Files from the Former Mayor's Office [PDF] June 2003 Investigation of Cybercrime and Technology-related Crime March 2002 (from archive.org) Investigative Responses (Email Tracing) Investigative Skills for the 1990s and Beyond [PDF] Investigative Uses of Computers: Analytical Time Lines [PDF] August 2000 IOCE [PDF Presentation] IOCE vs. G-8 Principles [PDF] IP & Cybercrime [PDF] February 2003 IP Addresses and You [PP Presentation] IP Tracing - A Primer in Tracing IP and Email Addresses [HTML-framed Presentation] Ipod Forensics [PDF] December 2004 Ipod Forensics [PDF] Fall 2005 Ipod Forensics: Forensically Sound Examination of an Apple Ipod [PDF] November 2005 IS Auditing Guideline: Computer Forensics Is that a Felony on Your Computer? [PDF] October 2003 Is That Data Gone Forever? [PP Presentation] May 2001 Is your data ready for its day in court? [PDF] November 2002 (from archive.org) ISObuster as a Forensic Tool [PDF] September 2002 Issue of newsletter devoted to 'Computer Crime' [PDF] Summer 1999 Issues in Computer Forensics [PDF] May 2003 Issues surrounding the need to develop laboratory protocols for computer forensic science that meet critical technological and legal goals. IT Autopsy March 2001 IT Forensic Investigation [PP Presentation] April 2003 IT Forensics: the collection of and presentation of digital evidence [PDF] July 2005 IT Security and Forensics: A Complementary Approach [PDF Presentation] 2004 Kazaa Hash values and their use as criminal 'proof' April 2006 Key Registry Locations [PDF] January 2005 Keystroke Logging Investigation [PDF] 2004 Keyword Searching and Indexing of Forensic Images (using PyFlag) January 2005 Kick-Starting Forensics at Your School [PP Presentation] April 2006 KNOPPIX Bootable CD Validation Study for Live Forensic Preview of Suspects Computer [PDF] 2003 Knoppix First Responders Guide [PDF] July 2003 Knowledge discovery and experience modeling in computer forensics media analysis [PDF] 2004 (Registration required) Lakewood PD Digital Policy Language and Gender Author Cohort Analysis of E-mail for Computer Forensics [PDF] August 2002 Language and Gender Author Cohort Analysis of E-mail for Computer Forensics [PP Presentation] August 2002 Laptop Hard disk removal page (from archive.org) Large download - 5.5 MB / 329 slides Law Enforcement and Digital Evidence [PDF] April 2005 Law Enforcement Challenges in Digital Forensics [PDF Presentation] 2002 Law Enforcement Quarterly Winter 2005-2006 Law Enforcement Tools and Technologies for Investigating Cyber Attacks [PDF] June 2002

Law Enforcement Tools and Technologies for Investigating Cyber Attacks: Gap Analysis Report [PDF] February 2004 Law Enforcement Training Manual [PDF] Law enforcement uses high-tech tools to spot Internet crime (Page 1) [Word Document] July 2002 Law Enforcement, Forensics and Mobile Communications [PDF] March 2006 Layer 2, Routing Protocols, Router Security & Forensics [PP Presentation] 2002 Learning by Doing April 2002 Learning from what Intruders Leave Behind December 2000 Learning the Computer Forensic Way [PDF] Legal Aspects of Collecting and Preserving Computer Forensic Evidence [PDF] April 2001 Legal Constraints for the Protection of Privacy and Personal Data in E-evidence Handling [PP Presentation] May 2003 Legal Methods of Using Computer Forensics Techniques for Computer Crime Analysis and Investigation [PDF] 2004 Link to theZipped Tools associated with presentation Linkin' Logs To Fraud November 2002 Linux and Forensic Discovery - Thread started January 2003 Linux as Forensic Platform of Choice [Presentation in PDF] April 2003 Linux Computer Forensics: Forensic Disk Imaging [PDF Presentation] July 2005 Linux Data Hiding and Recovery March 2002 Linux Forensics [PDF Presentation] October 2004 Linux Forensics [PP Presentation] June 2004 Linux Forensics Weekly March - April 2004 Linux Memory Forensics March 2004 Linux OS, Networking and Forensics [PDF] Linux/UNIX Security Response Cookbook [PDF Presentation] June 2004 LINX Best Current Practice - Traceability May 1999 List of all vehicles with EDRs Live Forensics on a Windows System: Using Windows Forensic Toolchest (WFT) [PDF Presentation] June 2006 Live forensics: diagnosing your system without killing it first [PDF] February 2006 Live Solaris Evidence Gathering Instructions (V 1.0) [PDF] May 2006 Live Solaris Evidence Gathering Instructions (V 1.2) [PDF] May 2006 LiveWire Investigator [PDF Presentation] November 2005 Local Copy Log Analysis (using PyFlag) January 2005 Log Analysis in Windows [PDF Presentation] April 2004 Log files can make or break your case in court. Here's how to preserve the evidence. Log Parser (Microsoft) June 2006Logfile Analysis: Identifying a Network Attack [PDF] July 2001 Logging and Log Analysis - The Essential [PDF Presentation] July 2004 Logs & Forensics [PDF Presentation] April 2004 Looking for foul play - digital forensics Part 2 August 2006 Lost? No. Found? Yes. Those Computer Tapes and Emails are Evidence [PDF] 2001 Loudoun's AOL Detective Finds Clues in E-mail August 2000 Low-Intrusive Consistent Disk Checkpointing: A Tool for Digital Forensics [PDF] February 2005 Mac Acquisition using Target Disk Mode Macintosh Forensic Analysis Using OS X [PDF] October 2002 Macintosh Forensics [PDF Presentation] November 2005 Macintosh Forensics [PDF Presentation] September 2005 Magnetic Data Recovery – The Hidden Threat [PDF] April 2006 Maintaining Credible IIS Log Files November 2002 Maintaining Forensic Evidence for Law Enforcement Agencies from a Federation of Decoy Networks: An Extended Abstract [PDF] Fall 2002 Maintaining System Integrity During Forensics August 2003 Maintaining The Digital Chain of Custody [PDF] April 2003 Maintaining the Forensic Viability of Logfiles [PDF] May 2001 Making a case for reporting and prosecution of a cyber incident [PDF] January 2003 Making It Big: Large Scale Network Forensics (Part 1 of 2) March 2003

Making It Big: Large Scale Network Forensics (Part 2 of 2) March 2003 Making sense of Windows Install Dates and Times [Word doc] Malware analysis for windows administrators [Available by request] 2005 Malware Detection - Known File Filtering [PDF] February 2004 Malware Forensics by Automatic Experiments [PDF] June 2005 Manager Offers Primer On Computer Forensics July 2000 Managing your Evidence Problems associated with proper collection procedures [PDF] MD5 collisions and the impact on computer forensics [PDF] 2005 md5bloom: Forensic filesystem hashing revisited [PDF] August 2006 Meeting the Challenge: E-mail in Civil Discovery Meeting the Challenge: E-Mail in Civil Discovery [PDF] 2004 Memory Imaging and Forensic Analysis of Palm OS Devices [PDF Presentation] June 2002 Metadata, The Mac, and You Methodologies for the use of VMware to boot cloned/mounted subject hard disk images [PDF] March 2005 Methods for evidencing illicit use of a computer system or device [A Patent Application] April 2003 Methods of Data Transportation MFP: The Mobile Forensic Platform [PDF] Spring 2003 Microsoft Word MetaData Forensics Tutorial March 2004 Mining E-mail Content for Author Identification Forensics [PDF] Mobile Device Forensic Software Tools [PDF Presentation] November 2005 Mobile Device Insecurity [PDF Presentation] April 2005 Mobile Device Security page - small collection of tools Mobile Forensic Platform [PP Presentation] January 2004 Mobile Forensics: Bridging the Gap between Cops and Examiners [PDF Presentation] November 2005 Mobile Phone Forensic Examination - Basic Workflow & Preservation Select options from drop-down menu at left Modeling of Post-Incident Root Cause Analysis [PDF] Fall 2003 Monitoring Access to Shared Memory-Mapped Files [PDF] August 2005 More Than CSI: High-Tech Crime Investigation [PP Presentation] 2004PDF Format Nailing the Intruder [PDF] July 2001 National Security, Forensics and Mobile Communications [PP Presentation] March 2006 netForensics® – A Security Information Management Solution [PDF] Netmon forensic tools and tipsApril 2006 Network Forensic Traffic Reconstruction with Tcpxtract January 2006 Network Forensics - CSI: Enterprise December 2004 Network Forensics - Hacker, You cannot Escape! [Presentation in PDF] February 2004 (from archive.org) Network Forensics (from archive.org) Network Forensics Analysis [PDF] 2002 Network Forensics Analysis Tools: An Overview of an Emerging Technology [PDF] January 2003 Network Forensics Analysis with Evidence Graphs [PDF] August 2005 Network Forensics and Auditing [PDF Presentation] June 2003 Network Forensics and Covert Channels Analysis in Internet Protocols [PDF Presentation] April 2006 Network Forensics Evasion: How to Exit the Matrix March 2006 Network forensics in a post GE world [PDF Presentation] October 2005 Network Forensics June 2004 Network Forensics Primer [PP Presentation] August 2005 Network Forensics Tools November 2004 Network Forensics: Tapping the Internet April 2002 Network Intrusion and Attack Signatures [PDF Presentation] Spring 2002Network Monitoring and Forensics [PDF] May 2004 Network Support For IP Traceback [PP Presentation] April 2000 Network Traffic as a Source of Evidence: Tool Strengths, Weaknesses, and Future Needs [PDF] December 2003 New Approaches to Digital Evidence [PDF] New Directions in Disk Forensics [PDF Presentation] January 2006 New Incident Response Best Practices [PDF] September 2003

Next Generation Data Forensics & Linux [PDF Presentation]Next Generation Data Forensics & Linux [PDF] July 2002 NGN Network Security Forensics and the Data Retention Directive [PDF Presentation] January 2006 NIJ Technology Program Publication Collection: Electronic Crime NIJ’s Electronic Crime Program: An Overview [PDF Presentation] 2004 NIST Special Publication 800-86 (Draft) No Stone Unturned Series No Thanks for the Memories January 2001 Nobody’s Anonymous — Tracking Spam and Covert Channels [PDF Presentation] July 2004 Nobody's Anonymous - Tracking Spam [PDF Presentation] January 2004 Norton Ghost 2003 as a Forensic Image Acquisition Tool (GCFA Practical) [PDF] December 2002 Not Just a Game Anymore 1999 Notes on dd and Odd Sized Disks [Word Document] NT Information Gathering Commands NT/2K Incident Response Tools August 2001 NTFS compression white paper (from archive.org) NYECTF Homeland Defense Document [PP Presentation] NYECTF's Approach to Cybercrime [PP Presentation] Obtaining And Protecting Electronic Information For Prosecution Purposes [PDF] August 2001 Obtaining Computer Evidence [Zipped PP Presentation] April 2002 On the role of file system metadata in digital forensics [PDF] December 2004 One Big File Is Not Enough: A Critical Evaluation of the Dominant Free-Space Sanitization Technique [PDF] June 2006 Online evidence gathering and the Evidence Bin [PDF] October 2005 Online Forensics of Win32 System Guide [Zipped] May 2004 On-line Fraud [PDF Presentation] On-line Investigations [PDF Presentation] 2003 Online lecture material/notes for the classOpen Resources to Improve Your Forensic Analysis [PDF Presentation] November 2005 Open Source Digital Forensic Acquisition and Analysis on Mac OS X [PDF Presentation] October 2004 Open Source Digital Forensics Tools: The Legal Argument [PDF] October 2002 Open Source in Computer Forensics [PDF Presentation] Operation CyberSweep [PP Presentation] January 2004 Operation Ore – The Tip of the Iceberg? [PDF] March 2003Operation Websnare [PP Presentation] September 2004 Operational Computer Forensics - The New Frontier [PDF] 2000 Oracle Database Forensics using LogMiner [PDF] January 2005 Orphans in the NTFS World [PDF] 2005 Our Perspective of Computer Forensics and Electronic Discovery in Our Corporate Environment [PDF Presentation] November 2005 Overview and Impact on 21st Century Legal Practices: Digital Forensics and Electronic Discovery, The Good, The Bad and The Ugly [PP Presentation] August 2004 Overview of Computer Forensics [Presentation] Fall 1999 Overview of fcopy [PP Presentation] Spring 2002 Overview of Legal Aspects, E-Evidence and Data Protection [PP Presentation] May 2003 P0st-M0rt3m 0f 4 R00tk1t 4tt4ck [PP Presentation] April 2001 Packet forensics using TCP August 2005 Packet Sniffing for Automated Chat Room Monitoring and Evidence Preservation [PDF] June 2001 Pages 4-6 of 'Know Fraud' Paper presented at USENIX. Discusses issues in static and dynamic RAM, CMOS circuitry, and EEPROMs and flash memory. Part 1 [PDF Presentation] July 2005 Part 1 February 2002 Part 1: An Introduction to the Field Guide for Investigating Computer Crime Part 2 - Make the most of your security log data July 2005 Part 2 [PDF Presentation] July 2005 Part 2 March 2002 Part 2: Overview of a Methodology for the Application of Computer Forensics

Part 3 April 2002 Part 3: Search and Seizure Basics Part 4 May 2002 Part 4: Search and Seizure Planning Part 5 June 2002 Part 5: Search and Seizure Approach, Documentation, and Location Part 6 August 2002 Part 6: Search and Seizure - Evidence Retrieval and Processing Part 7: Information Discovery - Basics and Planning Part 8: Information Discovery - Searching and Processing Part of their'Hands-On Honeypots' course taught at Blackhats USA 2005 Part Two: A Forensics Inquiry, Step by Step September 2004 PC Forensics Analysis [PP Presentation] August 2003 PC-Based Partitions [PDF] March 2005PDA Forensic Tools: An Overview and Analysis [PDF] August 2004 PDA Forensic Tools: An Overview and Analysis [PDF] August 2004 PDAs and Forensic Science [PP Presentation] Spring 2002 pdd: Memory Imaging and Forensic Analysis of Palm OS Devices [PDF] March 2002 PDF Presentation PDF Presentation PDF version PDF version PDF version Performing a Forensic Investigation [PDF] March 2004 Performing a Security Forensics Review [PDF Presentation] October 2005 Performing an Autopsy Examination on FFS and EXT2FS Partition Images: An Introduction to TCTUTILs and the Autopsy Forensic Browser [PDF] Performing Effective Incident Response [PDF Presentation] July 2005 Phishing and Federal Law Enforcement [PP Presentation] August 2004 Physical Memory Forensics [PDF Presentation] July 2006 Picking Up the Slack: A Peek Behind the Curtain of Computer Forensics Pinpointing and Locating Data on Digital Media [PDF Presentation] September 2004 Planning for Failure: Developing an Effective Incident Response Plan for HIPPA Compliance [PP Presentation] September 2003 Playing Hide and Seek, Unix style Playing in the Devil's Playground [PP Presentation] July 1999 Discusses the merit of using statically linked binaries for forensic applications Police Posing as Juveniles Online to Catch Sex Offenders: Is It Working? [PDF] July 2005 Police Reserve Specialists - Local Application of Global Concept [PP Presentation] March 2002 Police Tighten the Net September 1998 Policies to Enhance Computer and Network Forensics [HTML Presentation] June 2001 Policies to Enhance Computer and Network Forensics [PDF] Policies to Enhance Computer and Network Forensics [PDF] June 2001 Policies to Enhance the Forensic of Computer Security (complete presentation, 63 slides) April 2000 Policies to Enhance the Forensic of Network Security April 2000 [Ghostscript Reader Required] Policing Cyberspace [PDF] January 1995 Policing the Digital Frontier 2003 Possession of Child Pornography July 2001 (updated September 2002) Powerpoint Briefing Powerpoint Briefing Powerpoint Briefing Powerpoint Briefing Powerpoint Briefing Powerpoint Briefing Powerpoint Briefing PowerPoint Presentation PowerPoint version

PP Presentation PP Presentation PP Presentation August 2002 Practical Approaches to Recovering Encrypted Digital Evidence [PDF] August 2002 Practical Network Support For IP Traceback [PDF Presentation] October 2000 Practical Network Support For IP Traceback [PDF] April 2000 Practical Windows Forensics [HTML-framed Presentation] July 2001 Practice effective security log analysis July 2005 Pre-Forensic Setup Automation for Windows 2000 [PDF] May 2002 Preparing for Large-Scale Investigations with Case Domain Modeling [PDF] August 2005 Preparing for the Unexpected: Is it Possible? [PDF] Secure Business Quarterly 2001 Preparing to be an Expert Witness [PDF Presentation] November 2005 Presentations/Forms/Publications - Internet Safety page Preservation of Fragile Digital Evidence by First Responders [PDF] August 2002 Preserve and Protect February 2004Principal Current Data Types [PDF] March 2003 Principles of Digital Forensics as applied to Law Enforcement [PDF Presentation] July 2006 Principles, Practices and Procedures: an Approach to Standards in Computer Forensics [PDF] April 1995 Principles-Driven Forensic Analysis [PDF] September 2005 Privacy and Online Investigation by Copyright Management Bodies [PP Presentation] May 2003 Proactive & Reactive Forensics [PDF Presentation] September 2005 Probing into Digital Image Tampering [PDF] December 2004 Problem Clearing Internet Explorer's History Data Problems of Investigation of Crimes in the Field of Banking Computer Systems Procedural Aspects of Obtaining Computer Evidence with Highlights from the DoJ Search & Seizure Manual [Zipped file] February 2002 Procedures for Seizing Computers [PDF] May 2000 Process Dump Analyses - Forensical acquisition and analyses of volatile data [Zipped PDF] July 2006 Process Forensics: A Pilot Study on the Use of Checkpointing Technology in Computer Forensics [PDF] Summer 2004 Processing Flash Memory Media Processing Flash Memory Media [PDF] October 2005 Proficiency Test Program Guidelines [PDF] July 2004 Profiling Computer Criminals - Methodology or Myth [PP Presentation] July 2002 Project Internet Forensics [PDF Presentation] September 2004 Project PFC - Personal Filing Cabinet Converter Properly Obtaining and Securing Evidence in a Computer Crime Investigation (bottom of page) [PP or PDF Presentations] February 2005 Proposal to Formalize Test and Evaluation Activities Within the Forensic and Law Enforcement Communities [PDF] August 2004Protocols for the Recovery, Maintenance and Presentation of Motor Vehicle Event Data Recorder Evidence [PDF] June 2003 Providing Process Origin Information to Aid in Computer Forensic Investigations [PDF] September 2004 Proving the Integrity of Digital Evidence with Time [PDF] Spring 2002 Questions About the Future Secure Business Quarterly 2001 [PDF]Quick Reference Guide: [Disclosure of] Stored Wire and Electronic Communications [PDF] RAC Computer Forensic Institute Annual Report [PDF] January 2006 RAID Reassembly - A forensic Challenge (using PyFlag) February 2005 RAID Reconstruction - And the search for the Aardvark [PDF Presentation] April 2005 RCFL National Program [Presentation in PDF] May 2003 (from archive.org) Reacting to Cyberintrusions: Technical, Legal and Ethical Issues [Postscript file Real Digital Forensics: Computer Security and Incident Response Real Evidence, Virtual Crimes: The Role of Computer Forensic Experts [PDF] Fall 2005 Realizing - Risk Sensitive Evidence Collection [PDF Presentation] August 2005 Real-Time and Forensic Network Data Analysis Using Animated and Coordinated Visualization [PDF Presentation] June 2005 Real-Time and Forensic Network Data Analysis Using Animated and Coordinated Visualization [PDF] June 2005 Real-time Forensic Evidence Collection [PP Presentation] September 2005 Real-Time Forensics Strategies: An Executive Briefing [Word document] Realtime Intrusion-Forensics - A First Prototype Implementation [PDF Paper & PP Presentation] February 2004

Reasons to Challenge Digital Evidence and Electronic Photography June 2003 Recent Advances in Computer Forensics [PDF Presentation] May 2005 Recent Federal Opinions on the Search and Seizure of Computer Files [PDF] Recognizing the Importance of Network Enabled Computer Forensics [Presentation in PDF] November 2003 Recommended Guidelines for Developing Standard Operating Procedures [for Digital Forensic Examinations] [PDF] July 2004 Recommended Guidelines for Validation Testing [PDF] July 2004 Recovering and Examining Computer Forensic Evidence October 2000Recovering Computer-Generated Evidence Recovering Deleted Files in Linux April 2002 Recovering Digital Evidence from Linux Systems [PDF] 2005 Recovering Unrecoverable Data [PDF] April 2004 Recovering, Examining and Presenting Computer Forensic Evidence in Court [Word document] 2004PP Presentation Recovery of Digital Evidence Refining the Taxonomy of Forensic Computing in the Era of E-crime: Insights from a Survey of Australian Forensic Computing Investigation (FCI) Teams [PDF] November 2003 Regional Computer Forensic Laboratories Nov/Dec 2003 Registered Forensic Practitioner: A New Breed of Expert March 2006 Registry key list [Zipped excel spreadsheet] April 2005 Registry Processing: Determining What Files/Folders are Shared Registry Quick Find Chart [PDF] August 2005 Related PDF Briefing Related PowerPoint Briefing Related PowerPoint Briefing Related Tools [Zipped file] Remembrance of Data Passed: Used Disk Drives and Computer Forensics [PDF Presentation] 2004 Remote physical device fingerprinting [PDF] 2005 Removing hard drives from computer systems for direct drive-to-drive imaging [PDF] Report on Defendant-Name vs. State-Name November 2001Report on Digital Evidence [PDF] October 2001 Report on the Digital Evidence Needs Survey Of State, Local and Tribal Law Enforcement [PDF] March 2005 Report on the Investigation into Improper Access to the Senate Judiciary Committee's Computer System [AKA The Pickle Report] March 2004 Reporting probes/intrusion attempts from an IP address 2000 Reproducibility of Digital Evidence in Forensic Investigations [PDF Presentation] August 2005 Reproducibility of Digital Evidence in Forensic Investigations [PDF] August 2005 Resolve Corrupted Cache Problem Responding and Investigating a Unix Incident with Risk Analysis and Steps to Secure the System [PDF] June 2004 Responding to a Security Incident 2000 Responding to a security incident on a Unix workstation 2000 Responding to Cybercrime in the Post-9/11 World [PDF] Responding to Security Incidents on a Large Academic Network: A Case Study May 2003 – October 2005 [PDF] February 2006 Restore Point Forensics May 2006 Restoring Images via the DD Command Resurrecting the Smoking Gun: How to Find and Recover Evidence [PDF] April 2003 Rethinking Computer Management of Sex Offenders Under Community Supervision [PDF] Summer/Fall 2002 Retrieval of Video Evidence and Production of Working Copies from Digital CCTV Systems [PDF] March 2006 Review of Digital Intelligence Firefly and Ultrablock products Risk Sensitive Evidence Collection [PDF Presentation] 2004 Risks and Solutions to problems arising from illegal or Inappropriate Online Behaviours: Two Core Debates within Forensic Computing. [PDF] 2001 Robots, Wanderers, Spiders and Avatars: The Virtual Investigator and Community Policing Behind the Thin Digital Blue Line [PDF] March 1997 Router Forensics DDOS/worm Updates [PP Presentation] 2002 Running an IT Investigation in the Corporate Environment [PDF] February 2003 Ruxcon 2004 [PP Presentation] Safe-KIDS - Known Image Database System [PDF] Salon On Computer Forensics - Thread started April 2002 Sam Spade: A Multifunction Information Toolkit May 2001

Sample Chapter 12 from Know your enemy Sample Chapter 16: Analyzing a compromised computer in GermanSample Chapter book Sample Chapter from File System Forensic Analysis Sample chapter from Honeypots for Windows Sample Issue [PDF] April 2004 Sample: Chapter 2; Tracking the Offender [PDF] Saving Your Data After a Head Crash: An Inside Look at a Disk Recovery Service May 2005 Sawing Linux Logs with Simple Tools September 2004 Scalpel: A Frugal, High Performance File Carver [PDF] August 2005 Scan of the month - Scan 24 Scan of the month - Scan 26 Scene of the Cybercrime: Assisting Law Enforcement in Tracking Down and Prosecuting Cybercriminals [PP Presentation] July 2001 Scene of the Cybercrime: Computer Forensics HandbookSearch and Seizure in Cases of Computers and Child Pornography April 1999 Search and Seizure of Canadian Computer Environments 1993 Search and Seizure of Computers: Key Legal and Practical Issues Search Warrants Computers & Digital Evidence [HTML-framed Presentation] November 2005 Search, Seizure and Production Orders Considering the Privacy Environment [PP Presentation] March 2005 Searching and Seizing Computers and Obtaining Electronic Evidence in Criminal Investigations January 2001 Searching and Seizing Computers and Obtaining Electronic Evidence in Criminal Investigations July 2002 Searching for Outlook Compressible Encryption (PST Data) in the Unallocated Clusters January 2006 Searching for processes and threads in Microsoft Windows memory dumps [PDF] August 2006 Searchtools, Indexed searching in forensic images September 2004 Secrets of Computer Espionage: Tactics and CountermeasuresChapter 1: Spies [PDF] June 2003 Secure Audit Logs to Support Computer Forensics [PDF] Secure Data Deletion for Linux File Systems 2001 Secure Deletion and the Effectiveness of Evidence Elimination Software [PDF] Septemner 2005 Secure Deletion of Data from Magnetic and Solid-State Memory July 1996 Secure Digital Camera [PDF] August 2004Secure File Deletion, Fact or Fiction? [PDF] July 2001Securing Electronic Evidence the Right Way [PP Presentation] 2001 Securing Evidence and Preparing it for Court [PDF] July 2005 Security Applications of Bootable Linux CD-ROMs [PDF] November 2001 Security Essentials Toolkit: Forensic BackupsSecurity Essentials Toolkit: Forensic BackupsSecurity Event Correlation – Security's Holy Grail? [PP Presentation] Security Forensic on E-commerce [PDF] Security Incident Investigation [PDF Presentation] November 2000 Security Information Management Tools: NetForensics Leads a Weary Fleet April 2002 Security Reference Guide [See Data Forensics Section] Security Tools for the Budget Conscious ISP, Part III: Analysis and Forensics February 2004 Security Warrior: How to Tell if you Unix System is Hacked [PDF] March 2004 Seizing a Computer System for Digital Forensic Systems Examination Seizing and Searching Computers and Computer Data [RTF doc] 2000 Seizing Computers - Important Considerations (Page 7) [Word Document] April 2000 Seizing Computers and other Electronic Evidence Best Practice Guide [PDF] February 2003 Selection of Hashing Algorithms [Word Document] June 2000 Selective and intelligent imaging using digital evidence bags [PDF] August 2006 Self-reported computer criminal behavior: A psychological analysis [PDF] August 2006 Semantic Forensics: An Application of Ontological Semantics to Information Assurance [PDF] July 2004 SERIES: DBB Kazaa Database File - 1st 9 Fields plus Kazaa Hash Decoded Setting the Rules on Digital Evidence Setting up a Cyber Crime Investigation Cell & Cyber Forensics Laboratory 2004

Setting up an Electronic Evidence Forensics Laboratory [PDF] February 2004 Setting up an Online Investigative Computer: Hardware, Connectivity and Software Recommendations [PDF] June 2004 Setting up for Forensics July 2003 Several PDF and PP Presentations Several presentations and publications Sex Offender Computer Examinations [PDF Presentation] June 2005 Shadowcrew: Web Mobs March 2005 Sharing Network Logs for Computer Forensics [PP Presentation] September 2005 Sharing Network Logs for Computer Forensics: A New Tool for the Anonymization of NetFlow Records [PDF] 2005 Shell Game June 2002 Sherlock in Linux December 2003Sherlock is Back January 2004Should a Corporation Report a Breach to Law Enforcement? [PDF] Fall 2001Shrinking the Ocean: Formalizing I/O Methods in Modern Operating Systems [PDF] June 2002 Silicon Pathology? [PDF] June 2003 The future of forensic computing Simple but Sound Tools for First Responders [PDF Presentation] January 2003 Simple Law Enforcement Monitoring [PDF] July 2003 Discusses Lawfully Authorized Electronic Interception SIRT & Forensics [PDF Presentation] March 2005 Six articles on Computer Forensics for Lawyers Sleuthkit, the Digital Forensic Toolkit [PDF] October 2003 SleuthKit: a collection of new forensic tools SmartMedia, CompactFlash & Memory Stick Data Recovery 2001 So Much Evidence... So Little Time November 1999 Software Engineering Project (Honours): ZSAT [PDF] October 2004 Software ForensicsSoftware Forensics Overview [PDF Presentation] April 2003 Software Write Block - Testing Support Tools Validation [PDF Papers] March 2005 Solving Computer Crime: An Introduction to Digital Forensics [PP Presentation] November 2003 Solving Crimes Through Digital Forensics July 2005 Solving Network Mysteries [PP Presentation] 2001 Some Golden Rules for Investigating On-Line Child Sexual Exploitation 2001 Source of graphichttp://www.pittsburghlive.com/images/static/newsextra/0113cyber.pdf Spam & Chips - A Discussion of Internet Crime [PDF] April 2002 Stand-alone PC Examination Basic Forensic Guidelines Standard Operation Procedures for Electronic Evidence Handling [PDF] November 2002 Standardization of Computer Forensic Protocols and Procedures [PDF Presentation] 2002 (from archive.org) Standardizing digital evidence storage [PDF] February 2006 Starting a Computer Forensic Lab [PDF Presentation] July 2003 Starting your own Computer Forensics Company [PP Presentation] 2005 Starting your own Computer Forensics Company [Word doc] State Machine Theory of Digital Forensic Analysis 2004 State Machine Theory of Digital Investigations [PP Presentation] 2005 Statement on the Budget Leak Investigation [PDF] August 2005 Static Linking Under Solaris Statistical Tools for Digital Forensics [PDF] 2004 Statistical Tools for Digital Image Forensics [PDF] 2005 Steganalysis: Detecting hidden information with computer forensic analysis [PDF] April 2003 Steganography: Implications for the Prosecutor and Computer Forensics Examiner April 2004Steganography-based Forensic Techniques Using EnCase® 4.0 [PDF] 2003 Stego Forensic Techniques [PP Presentation] 2003 Stego Intrusion Detection System [PDF] August 2004Step Away from the Keyboard! [PDF Presentation] Februsry 2004 Step by step instructions for using TCT Steps for Recovering from a Unix or NT System Compromise

Strangers In the Night July 2001 Strengthening the collaboration between the Investigator and the Information System Manager Through Methodical Computer Traces Management [PDF Presentation] September 2003 (Local copy) Structured Investigation of Digital Incidents in Complex Computing Environments [PDF] 2003 Stuff [HTML or PP Presentation] January 2001 Submitting Computers for Forensic Examination (Page 10) [Word Document] June 2000 Summer Workshop 2002 on Network Security Supportive tools Surplus Disk Drive Vulnerability – Information leakage November 2003 Survey of Disk Image Storage Formats [PDF] September 2006 SWGDE and SWGIT Glossary of Terms [PDF] (Posted for review) April 2005 System Administration and Network Security Course (2005) System Baselining - A Forensic Perspective [PDF] System Documentation - The "RegistryExtractor" [PDF] October 2005 System Forensics [PP Presentation] August 2004 System Rescue with Knoppix [Presentation] September 2005 Tactical Features of Inquiry Actions at Computer Crime Investigation May 2003 Tales from the Abyss: UNIX File Recovery Teaching Computer Forensics Using Student Developed Evidence Files [PP Presentation] March 2006 Teaching Computer Forensics: Uniting Practice with Intellect [PDF] June 2004 Techniques for Identifying the Threat to your Systems from Researching the Apparent Source of an Attack [PDF] July 2000 Techniques for Now, Problems for the Future October 2000 Technological Aspects of Internet Crime Prevention February 1998 Technology Crime and Computer Forensics [PDF Presentation] January 2005 Technology Crime Investigation in Hong Kong [PDF Presentation] Technology Report: Forensic Security ToolsTen Forensics Toolkit November 2002 Testifying in a Computer Crimes Case April 2005 Testing BIOS Interrupt 0x13 Based Software Write Blockers [Paper, PP Presentation & Poster] March 2005 Testing the Date Maintenance of the File Allocation Table File System [PDF] 2003 The "Art" of Log Correlation [PDF] July 2004 The "Swiss Army Knife" for Intrusion Investigators and Computer Forensics Examiners The Advanced Forensics Format Library and Tools [PDF Presentation] January 2006 The Application of Intrusion Detection Systems in a Forensic Environment (Extended Abstract) [PDF] 2000 The Art of Defiling: Defeating Forensic Analysis on Unix File SystemsThe Art of Key Word Searching [PDF] October 2003 The Art, Science & Practice of Digital Evidence [PP Presentation] 2004 The Basics of Digital Evidence Recovery The Byte Stops Here: Duty and Liability for Negligent Internet Security [PDF] 2000 The CERT Virtual Training Environment: Information Assurance and Forensics Training Anywhere, Anytime [PDF Presentation] March 2006 The Certified Computer Examiner Certification January 2004 The challenge of electronic evidence: the European response [PDF Presentation] November 2003 The Computer Caper The Computer Forensics and Cybersecurity Governance Model April 2003 The Computer Forensics Expert Witness - CV, Preparation, Testimony [PDF Presentation] 2004 The Computer Forensics Process and Conducting Web-Based E-mail Searches July 2005 The Computer Under the Microscope Images The Continuing Evolution of Computer Forensics (pages 18-25) [PDF]The Coroner’s Toolkit March 2005 The Coroner's Toolkit The Coroners Toolkit - In depth [PDF] February 2002 The Coroner's Toolkit (TCT) [PP Presentation] Spring 2002 The Coroner's Toolkit [PDF Presentation] March 2005 The Coroners Toolkit: A Handy Suite of Utilities [PDF] December 2000 The Critical Challenges from International High-Tech and Computer-Related Crime [PDF]

The Dark Side of NTFS (Microsoft’s Scarlet Letter)The Debtor’s Digital Reckonings [PDF] Fall 2003 The DFRWS Framework Classes [PDF] 2003 The Difference Between Paper and Electronic Files [PDF] March 2006 The Difficulty of Data Annihilation from Disk Drives: or Exnihilation Made Easy [PDF] December 2001 The Digital Crime Scene: A Software Prospective [PDF] March 2004 The Digital Evidence in the Information Era March 2004 The Discipline of Internet Forensics August 2003 The Eavesdropper’s Dilemma [PDF] February 2006 The Economics of Digital Forensics [PDF] May 2006 The effectiveness of commercial erasure programs on BitTorrent activity [PDF] September 2006 The electronic autopsy - digital forensics Part 1 August 2006 The Enemy Within - Investigating Computer Crime in the 21st Century [PDF] 2005 The Enemy Without.. The Enemy Within.. ‘Poisoned’ e-mails can be traced back to their creators July 2001 The Enhanced Digital Investigation Process Model [PDF] August 2004The Enhanced Digital Investigation Process Model [PDF] May 2004Related PowerPoint Briefing May 2004 The Essential Conflict Between "Computer" and "Forensics" [PP Presentation] April 2006 The Essentials of Computer Based Discovery [PDF] 2002 The Essentials of Computer Discovery [Word document] 2002 The Evidential Value of Email [PDF] 2003 The Evolution of Incident Response [PDF Presentation] 2004 The Exchange Principle [PDF] September 2004 The Expert's Role in Computer Based Discovery [PDF] 2002 The Fallacy of Software Write Protection in Computer Forensics [PDF] May 2004 The Farmer's Boot CD [PDF] April 2006 The FBI and the Internet [PDF Presentation] November 2005 The Federal Court, the Music Industry and the Universities: Lessons for Forensic Computing Specialists [PDF] November 2003 The Fight against Cyber-Crime: The Need for Special Training on Digital Evidence The final HTML drafts that were sent to the publisher; minus the final formatting and a few minor changes The Foremost Open Source Forensic Tool September 2003 The Forensic Chain-of-Evidence Model: Improving the Process of Evidence Collection in Incident Handling Procedures [PDF]The Forensic Lifecycle [PDF] 2005 The Future of Computer Forensics: A Needs Analysis Survey [PDF] 2003 The Future of Forensic Computing [PDF] February 2002 (from archive.org) The Future of High Tech Crime [PP Presentation] The Future of Network Digital Evidence [PDF Presentation] November 2005 The Global Enterprise - Forensic Audits Across the Large Scale Network [PDF Presentation] November 2003 The Impact of Forensic Computing on Telecommunications [PDF] 2000 The Investigation of Computer Crime and Crime Scene ComputersLesson Sample [PDF] The joys of complexity and the deleted file [PDF] July 2005 (Requires registration) The Latest in Live Remote Forensics Examinations [PDF Presentation] June 2006 The Law Enforcement Paradigm in DoD Environments [PP Presentation] April 2002 The Legal Duty of IAP's to Preserve Traffic Data : a Dream or a Nightmare? [PP Presentation] May 2003 The Linux Kernal and the Forensic Acquisition of Hard Discs with an Odd Number of Sectors [PDF] Fall 2004 The Managers Role: Incident Response, Electronic Evidence and Forensics [PP Presentation] October 2003 (from archive.org) The Metasploit Framework - A DigitalDefence Technical Note [PDF] April 2006 The Necessity for Computer Forensics January 2002 The Need for a Technical Approach to Digital Forensic Evidence Collection for Wireless Technologies [PDF Presentation] June 2006 The Need for an 802.11b Toolkit [PP presentation] July 2002 The Need For Forensic Capabilities In The Commercial Sector [PP Presentation] July 2000 The Network-Centric Incident Response and Forensics Imperative [PDF Presentation] June 2006 The New De-Tech-Tives [PDF] Spring/Summer 1999The new field of computer forensics is keeping security experts on the trail of cybercriminals - December 1998 The New Zealand Hacker Case: A Post Mortem [PDF] September 2005

The Plaintiffs' Practical Guide to E-Discovery [PDF] 2004 The Reality of Computer Forensics [PDF] (from archive.org) The Role of Computer Forensics in Stopping Executive Fraud October 2004 Sample chapter from "Defend IT: Security by Example" The Role of Computer Forensics in the Investigation of Network Intrusion Activity [PDF Presentation] June 2002 (from archive.org) The Role of Digital Forensics within a Corporate Organization [PDF Presentation] May 2006 The S.A.N.E. approach to computer forensics The Sleuth Kit Informer The SMS Murder Mystery: The dark side of technology [PDF] September 2005 The Social Secuirty Administration Office of the Inspector General's Experience (Page 39) The Technical Side of Internet & Computer Crime [PP Presentation] April 2003 The Technology of CSI and Computer Forensics [PP Presentation] 2003 The Third Step - Preserve the Electronic Crime Scene The Top EnCase Tech Support Questions & What’s new at Guidance Software? [PP Presentation] May 2002 The Trojan Horse Defence [PDF] December The Trojan Made Me Do It: A First Step in Statistical Based Computer Forensics Event Reconstruction [PDF] Spring 2004 The types of computer crimes in Hong Kong and the difficulties in prosecuting such crimes [PDF] The unique challenges of collecting corporate evidence [Available by request] 2005 The use of Levenshtein distance in computer forensics [PDF] June 2005The Use of Random Forest to Develop an Intelligent Computer Forensic Tool [PDF] 2004 The Value of Computer Forensics [PP Presentation] February 2004 The Weight of Electronic Traces [PP Presentation] May 2003 The Windows Registry as a forensic resource [Available by request] 2005 The Windows XP Startup Disk [An Example in Basic Forensics / Data Recovery] 2004 There is Something Fishy About Your Evidence… or How to Develop Inconsistency Checks for Digital Evidence Using the B Method [PDF] June 2006 This document describes how to make a 'jump kit' for investigating Linux systems that are potentially compromised. This documentation discusses the use of two TCT tools, unrm and lazarus, on the Sun Solaris operating system, version 2.x. You can use this approach with other UNIX operating systems and hosts. Through the Looking Glass: Finding Evidence of Your Cracker 1999 Throwing out the Enterprise with the Hard Disk 2004 Thumbs DB Files Forensic Issues [PDF] 2005 Time and Date Issues in Forensic Computing - A Case Study [Available by request] 2004 Time Change Captured in Event Log - Event 577 2005 Time is of the Essence March 2000 Time Stamps and Timing in Audit-Based Digital Forensic Systems Examination Time: the Currency of Computer Crime [PDF] 2003 Time-Lining Computer Evidence [PDF] Timestamps in Digital Forensics 2004 Tips for Tracking the E-Mail Trail January 2001 TKS1 - An anti-forensic, two level, and iterated key setup scheme [PDF] July 2004 To Cache a Thief: How Litigants and Lawyers Tamper with Electronic Evidence and Why They Get Caught [PDF] January 2004 To Catch a Thief: Computer Forensics in the Classroom [PDF] October 2005 To Catch a Thief: Digital Forensics in Storage Networks [PDF Presentation] Spring 2006 To identify a potential compromised Unix box is some what of an arcane art, though there are some simple things to look for. To Revisit: What is Forensic Computing? [PDF] 2004 TOC and Chapter 1 [PDF] 2004 TOC, Introduction, and Chapter 8 [PDF] Tool review – remote forensic preservation and examination tools [PDF] December 2004 Tool review - WinHex [PDF] April 2004 Tools for Discovering Credit Card and Social Security Numbers in Computer File Systems [PDF] July 2006 Tools of Evidence March 2003 Tools Tested: AccessData Ultimate Toolkit, EnCase Forensic Edition, Freeware and open-source tools, NetWitness Professional Edition, ProDiscover Incident Response, Vogon Investigation Software, Wiebetech Forensic ComboDock Topics: The Windows Event Log file format; Tracking USB storage devices across Windows systems; File/document metadata. Torn Pieces Toward Defining the Intersection of Forensics and Information Technology [PDF] May 2005 Towards a validation framework for forensic tools in Australia [PDF] March 2005

Towards Hippocratic Log Files [PDF] November 2004Towards Identifying Criteria for the Evidential Weight of System Event Logs [PDF] 2004 Towards Proactive Computer System Forensics [PP Presentation] Trace-Back: A Concept for Tracing and Profiling Malicious Computer Attackers [PDF] 2002 Tracing an E-mail Address to an Owner [PDF] January 2000 Tracing Anonymous Packets to Their Approximate Source 2000 Tracing E-mail Headers [PDF] 2004 Tracing the Source of an Email Track down lost data with the EnCase computer forensics tool January 2003 Tracking a Computer Hacker May 2001 Tracking Down the Criminal in Cyberspace [PP Presentation] May 2003 Tracking Hackers on IRC 1999 Tracking Hackers with Cyber Forensics [PDF] March 2002 (from archive.org) Tracking the hackers Transborder Search A new perspective in law enforcement? [PDF] March 2004 Tripwire for Servers in a Forensics Environment [PDF] Trojan Defence: A Forensic View (Part 1) [PDF] January 2005 Trojan Defence: A Forensic View (Part 2) [PDF] January 2005 True Expertise April 2003 Trusted computing and forensic investigations [Available by request] 2005 TULP2G – An Open Source Forensic Software Framework for Acquiring and Decoding Data Stored in Electronic Devices [PDF] Fall 2005 Tutorial - Forensics for Windows XP Clients [PDF Presentation] June 2002 (from archive.org) Two Views from the Data Mountain [PDF] June 2003 U.S. Department of Energy Cyber Incident Response Handbook [RTF document] 2003 Undeleting Files in the Linux OS 2000 Understanding Computer Forensics [PDF Presentation] April 2005 Understanding index.dat Files Part 1 2005 Understanding index.dat Files Part 2 May 2006 Understanding the Computer and How Child Pornography Cases are Made [PDF] Unification of Digital Evidence from Disparate Sources (Digital Evidence Bags) [PDF] August 2005 Unification of relative time frames for digital forensics [PDF] 2004Unique File Identification in the National Software Reference Library [PDF] May 2006 UNIX Computer Forensics [PDF] April 2004Unix DD command and image creation Unix Forensic Techniques for Incident Response [PP Presentation - from archive.org] December 2000 Unix Forensics February 2004 Unix Investigations [PDF] Unix Security 101 - forensic examples [Javascript Slideshow] Unix Security: Diagnostics and Forensics Updated May 2006 UNIX Time Stamp ID and Hotmail Unix Tools Track Hackers Unleash the Cyberhounds! April 2002 Unleashing the Power of JumpStart: A New Technique for Disaster Recovery, Cloning, or Snapshotting a Solaris System 2000 Unofficial F.I.R.E. FAQ 2003 Unredacted copy of this report (also available as a PDF) from Cryptome.org Update to "Using File Hashes to Reduce Forensic Analysis" July 2002 Use A Linux Bootable CDROM to Image Your Hard Drive August 2003 Use of Dates and Times in Forensic Exams/Investigations [PDF] 2003 Using ATA commands on hard disks ... why bother? April 2006 Using Computer Forensics in Investigating Internal Abuse [PDF Presentation] May 2005 Using Computer Forensics When Investigating System Attacks [PDF] April 2005 Using Digital Evidence To Ferret Out The Dishonest Employee [PDF] Autumn 2004 Using Digital Forensics to Maintain the Integrity of our Nation’s Critical Infrastructure [PDF Presentation] August 2005 Using EnCase to Decode DBB Record Field Values

Using Extended File Information (EXIF) File Headers in Digital Evidence Analysis [PDF] Winter 2004 Using Fport on Windows NT to Map Applications to Open Ports [PDF] April 2001 Using hash values to identify fragments of evidence [PDF] August 2004 Using Helix for Recovering from PC Hacks [PDF Presentation] November 2005 Using Linux for Incident Response & Data Forensics [PDF Presentation] March 2004 Using Linux for Today's Data Forensics [PDF Presentation] November 2003 Using Linux VMware and SMART to Create a Virtual Computer to Recreate a Suspect's Computer [PDF] October 2002 Using Local Loopback and Kazaa Port to View Kazaa Shared Files in Browser Using Memory Dumps in Digital Forensics (page 43) [PDF] December 2005 Using The Coroner's Toolkit : Harvesting information with grave-robber Using The Coroner's Toolkit : Rescuing files with lazarusUsing the Forensic Server Project November 2004 Very good presentation describing in detail specific issues, and possible command utilities that may be used to address them. Viewing Email Headers [PDF] August 2005 Viewing the Kazaa DBB File in EnCase Viewing the Kazaa DBB File in EnCase - Meaning of the "Last Shared Date/Time" Virtual - Reality: A Preliminary Forensic Assessment Relating to Child Pornography in the Prosecutorial/Defense Effort [PDF] November 2003 Virtual Digital Evidence Lab: A Distributed Forensic Resource Network [PDF] May 2006Virtual Training Environment (VTE) January 2006 Virtual War's Computer Forensic page VM Forensics – Dealing with Funky Data [PDF Presentation] November 2005 VMWare as a forensic tool May 2006Volume 1 Issue 3 - Registartion required Volume 1 Issue 3 - Registration required Volume Serial Numbers & Format Verification Date/Time [PDF] October 2003 Vulnerability Identified in Fax Machines and Printers August 2001WACIRC - Law Enforcement Guidelines for Reporting and Responding to Computer Crimes [PDF] 2003 Warning! Microsoft Word stores hidden information about you May-June 2005 Watching the Detectives June 2002 Web Application Forensics [PDF Presentation] February 2003 Web Application Forensics: The Uncharted Territory [PDF] 2002 Web Application Incident Response & Forensics: A Whole New Ball Game! [PDF Presentation] August 2006 Web Browser Forensics, Part 1 March 2005 Web Browser Forensics, Part 2 May 2005 Web Forensics [PDF Presentation] February 2006 WebMail Forensics [PDF Presentation] July 2003 Week 1 - Linux Forensics of CDR Media Week 2 - Accessing and Analyzing the Windows Registry Week 3 - Linux Anti-Virus Tools and Techniques for Forensic Investigation Week 4 - Using Linux VMware Workstation and Raw Disk Images to view the Suspect Workstation What Are MACtimes? July 2001 What evidence is left after disk cleaners? [PDF] 2004 Volume 1 Issue 3 [Registration required] What Forensic Analysts should know about NT Alternate Data Streams What is a Forensic Network? What is Computer Forensics? [PP Presentation] September 2002 What is Computer Forensics? September 2003 What is Forensic Computing? [PDF] June 1999 What is the meaning of evidence in an environment where crime scenes themselves are mutable and can be altered, destroyed, or even created in milliseconds? What is the Scope of Computer Forensics? December 2005 What Time is it? The Problem What to Do After the Break-in: Preparing an Incident Report for Law Enforcement May 2001 What You Don’t See On Your Hard Drive [PDF] April 2002 What's on that Hard Drive? July 2001 When When things goes wrong: Digital Forensics Essential [PDF Presentation] May 2006

Where Data Hides and Resides - Understanding Hidden Data in Windows [PDF] April 2004 Where Data Resides – Data Discovery from the Inside Out [PDF] Where Litigation Support Ends and Electronic Discovery Begins [PDF] November 2002 While reporting an incident enables law enforcement to investigate, it also may subject the corporate victim to adverse publicity, regulatory scrutiny, and business losses. Who’s At The Keyboard? Authorship Attribution in Digital Evidence Investigations [PDF] May 2005 Whodunnit? March 2001 Why Conduct Computer Forensics Examinations? [PP Presentation] 2003 Why Recovering a Deleted Ext3 File Is Difficult . . . August 2005 Win2K First Responder's Guide September 2002 Win32 – Evidence Gathering [PDF Presentation] April 2004 Windows Explorer Properties July 2001 (updated September 2002) Windows File Header Signatures Windows Filesystems Recovery Windows Forensic How-to: Incident Response Plan for Abuse of Corporate Assets [PDF] February 2003 Windows Forensic Toolchest [PDF Presentation] May 2005 Windows Forensics: A Case Study, Part One December 2002 Windows Forensics: A Case Study, Part Two March 2003 Windows Forensics: Have I been Hacked?February 2004 Windows Installation Timestamps [Word doc] Windows Live Incident Response Volatile Data Collection: Non-Disruptive User & System Memory Forensic Acquisition (From archive.org) Windows Media Imaging (First 17 pages) [PDF] April 2002 Windows NT/2000 Event Log Management and Intrusion Detection [PP Presentation] Windows NTFS Alternate Data Streams February 2005 Windows Responder’s Guide [PDF] 2003 Windows, NTFS and Alternate Data Streams [PDF] May 2001 WinHex as a professional data recovery and computer investigation tool Wireless Forensics [PDF Presentation] November 2005 Wireless Intrusion Investigation [PP Presentation] 2005Wireless Network Security and Forensic Analysis [PP Presentation] October 2004 Without a Trace: Forensic Secrets on a Windows Server [Presentation in PDF] January 2004Wonders of 'dd' and 'netcat' :: Cloning Operating Systems August 2001 Working with Images Working with Law Enforcement to Abate Cybercrime [PDF] Working With Obsolete Data March 2006 Working with Police [PDF] January 2001 (from archive.org) Discusses ACPO's Good Practice Guide for Computer-based Evidence Workshop: Recovering From an Attack November 2004 Writing a Computer Forensic Technical Report [PDF] August 2004 Wrong Conclusions, Bad Testimony [PDF Presentation] November 2005 Xbox security issues and forensic recovery methodology (utilising Linux) [PDF] 2004XIRAF – XML-based indexing and querying for digital forensics [PDF] August 2006 XIRAF: Ultimate Forensic Querying 2006 XMeta: a Bayesian approach for computer forensics [PDF] November 2004 X-Ways Software Technology AG [PDF Presentation] June 2006 You Are What You Type: Non-Classical Computer Forensics [PDF Presentation] August 2006 Your Pal, Enscript [PP Presentation] Zipped Tools & Related docs ZSAP (Zero Skill Analysis Program) [PDF] January 2006

Analyzing a computer intrusion takes significantly more time than it takes the perpetrator to commit the crime. The more prepared an organization is for an incident, the faster it can respond.

Basic Considerations in Investigating Computer Crime, Executing Computer Search Warrants and Seizing High Technology Equipment [PDF] March 1999

Computer Crime Point-of-Contact (CCPC) list A list of people responsible for investigating and prosecuting cybercrime in their particular jurisdictions, and who can provide assistance to law officers seeking electronic evidence stored outside their states.

Cyber Crime: The Next Challenge An Overview of the Challenges Faced by Law Enforcement While Investigating Computer Crimes in the Year 2000 and Beyond [PDF] 2000

Discusses Zert, a tool which allows you to image mobile phones and PDAs, produced by the Netherlands Forensic Institute (http://www.forensischinstituut.nl/) and available only to law enforcement.

E-mail and WWW browsers: A Forensic Computing Perspective on the Need for Improved User Education for Information Systems Security Management [PDF] 2002

Forensic Accounting - the recorded electronic data found on Computer Hard Disk Drives, PDAs and numerous other Digital Devices September 2004

How to prepare your department for a forensics investigation, the importance of developing a methodology, as well as the steps to take when seizing evidence.

Implementing Policies and Procedures for Effectively Supervising CyberOffenders: U.S. Probation Department-EDNY [PDF Presentation] June 2005

In this case, the prosecution claims that Mr. Defendant-Name knowingly possessed and accessed specific contraband data. The question posed to Mr. Cohen in regard to this matter is whether these assertions made by the prosecution are supported by the evidence.

Overview and Impact on 21st Century Legal Practices: Digital Forensics and Electronic Discovery, The Good, The Bad and The Ugly [PP Presentation] August 2004

Refining the Taxonomy of Forensic Computing in the Era of E-crime: Insights from a Survey of Australian Forensic Computing Investigation (FCI) Teams [PDF] November 2003

Strengthening the collaboration between the Investigator and the Information System Manager Through Methodical Computer Traces Management [PDF Presentation] September 2003 (Local copy)

There is Something Fishy About Your Evidence… or How to Develop Inconsistency Checks for Digital Evidence Using the B Method [PDF] June 2006

This documentation discusses the use of two TCT tools, unrm and lazarus, on the Sun Solaris operating system, version 2.x. You can use this approach with other UNIX operating systems and hosts.

Tools Tested: AccessData Ultimate Toolkit, EnCase Forensic Edition, Freeware and open-source tools, NetWitness Professional Edition, ProDiscover Incident Response, Vogon Investigation Software, Wiebetech Forensic ComboDock

What is the meaning of evidence in an environment where crime scenes themselves are mutable and can be altered, destroyed, or even created in milliseconds?

While reporting an incident enables law enforcement to investigate, it also may subject the corporate victim to adverse publicity, regulatory scrutiny, and business losses.

Computer Crime Point-of-Contact (CCPC) list A list of people responsible for investigating and prosecuting cybercrime in their particular jurisdictions, and who can provide assistance to law officers seeking electronic evidence stored outside their states.

In this case, the prosecution claims that Mr. Defendant-Name knowingly possessed and accessed specific contraband data. The question posed to Mr. Cohen in regard to this matter is whether these assertions made by the prosecution are supported by the evidence.