Forensics

From ChekMate Security Group

• AccessData Corporation's Registry Quick Find Chart
• Computer Crime Research Center A non-profit organization which conducts extensive research on the problems of computer crime and cyber terrorism.
• DoD Cyber Crime Center http://www.dcfl.gov/dc3/home.htm
• Breakwater Security Associates - A leading provider of information protection and forensics solutions for business and government.
• The Forensic Science Service - Supplier of forensic science services to police forces, as well as being a source of training, consultancy and scientific support.
• US Secret Service - Forensic examiners in the Secret Service Forensic Services Division (FSD) provide analysis for questioned documents, fingerprints, false identification, credit cards, and other related forensic science areas.
• The Coroner's Toolkit http://www.porcupine.org/forensics/tct.html http://www.fish.com/tct
• Independent Validation & Verification of SMART for Linux by Thomas Rude, CISSP
  An Independent Validation and Verification for the data forensic program SMART, developed by ASR Data Acquisition and Analysis, LLC. In this paper I verified the four critical functions all forensic examiners need; authentication, imaging, restoring, and wiping. (PDF format)
• Next Generation Data Forensics & Linux by Thomas Rude, CISSP
  I wrote this article so that folks new to Linux could get a clear grasp of what makes Linux so powerful and an excellent platform for performing Data Forensics work, whether it be the analysis of standalone personal computers or network investigations. It was originally published in the June 2002 edition of Under the Brim, the monthly Red Hat publication. It is part one of a two part series. (PDF format)
• Building a Super Kernel for Data Forensics Updated January 2003 by Thomas Rude, CISSP
  After receiving a number of e-mails and wanting to make updates I set out to revise my original paper. However, after a bit of work I opted for a clean start, a new write. So here it is, my new kernel paper. Please discard the old copy if you have it! This paper focuses on recompiling the Linux kernel for the benefit of data forensics.
• Independent Validation & Verification of SMART for BeOS by Thomas Rude, CISSP
  This paper is the result of an validation I performed on the SMART utility written by ASR Data & Acquisition, LLC. I tested four functions of the program; hashing, imaging, wiping, and restoring. View the results in this paper (PDF format).
• Poor Man's Guide to Multi-Booting by Thomas Rude, CISSP
  A KISSing (Keeping it simple stupid) approach on partitioning a hard disk so that numerous operating systems can be installed and booted. Take you from A to Z, including some key technical information. Read this to jump start your system!
• Analysis of Microsoft's AutoComplete Function by Thomas Rude, CISSP
  An in-depth analysis of how this function is used within Internet Explorer. I've also included a list of tools that can be used to monitor this activity.
• And You Thought DELETE Meant DELETE! by Thomas Rude, CISSP
  This is a very high level article aimed at the average computer user. When you delete a file, is it really deleted? Read this article to find out!
• Evidence Seizure Methodology for Computer Forensics by Thomas Rude, CISSP
  I started writing this paper as a guideline for evidence seizure - sort of a step-by-step approach. As I got more and more involved with this subject area, I became aware that there is no one methodology for seizing evidence. From that, this paper branched out into how to prepare your department for a forensics investigation, the importance of developing a methodology, as well as the steps to take when seizing evidence.
• Examples of using DD within UNIX to Create Physical Backups by Thomas Rude, CISSP
  In response to some questions I've received as well as listening to a few individuals at the Computer Crime Symposium, I decided to write a short paper on the UNIX DD command and how useful it is when creating a physical backup of evidence.