This page is still under construction
Links from the foot notes are included here. Gradually I'll add other links from the book while this page is still under construction. Broken links are included in case their server was down and the link actually does work -and so you know that I didn't miss it. If you see something wrong or find that a broken link works, please let me know at kiter6@nwlink.com.
|
Page |
Link |
|
| 1 | Chapter 1 - Introduction to Computer Forensics | |
|
9 |
Broken link |
|
|
10 |
Resolves to: http://www.accelio.com/ |
|
|
13 |
Data Integrity Assurance |
|
|
14 |
Intelligent Computer Solutions |
|
|
17 |
New Technologies Inc. |
|
|
17 |
Guidance Software |
|
| 21 | http://www.infobin.org/cfid | Computer Forensic Investigators Digest (CFID) |
| 21 | http://www.htcia.org | High Technology Crime Investigative Association (HTCIA) |
| 21 | http://www.thetrainingco.com/html/Conferences.html | Techno Security Conferences |
| 21 | http://www.ne-htcia.org/training.html | list of training and college programs |
| 21 | http://www.forensics-intl.com | New Technologies Incorporated |
| 21 | http://www.search.org | SEARCH |
| 21 | http://www.guidancesoftware.com | Guidance Software |
| 21 | http://www.encase.com | " |
| 21 | http://www.reid.com/training.htm/ | Reid Institute - Broken link |
| 21 | http://www.treas.gov/usss/index.htm?electronic_evidence.htm&1> | Best Practices For Seizing Electronic Evidence |
| 21 | http://www.usdoj.gov/criminal/cybercrime/searching.html | US Dept. of Justice, Computer Crime & Intellectual Property Section |
| 23 | Chapter 2 - Tracking an Offender | |
|
25 |
Index of /in-notes/ |
|
|
25 |
Internet Assigned Numbers Authority |
|
|
28 |
program that changes ethernet network card address -Broken link |
|
|
29 |
ICANN-Accredited Registrars |
|
|
30 |
find out who owns the domain |
|
|
30 |
Search All WHOIS Records |
|
|
46 |
Free Email Software |
|
|
51 |
resolves to Google Groups at: http://groups.google.com/ |
|
|
55 |
Razor Tools from Bindview |
|
|
58 |
Open source software suite |
|
|
58 |
Home of Essential Net Tools & Smart Whois |
|
| 63 | http://www.arin.net/whois/arinwhois.html | American Registry for Internet Numbers (ARIN) |
| 63 | http://www.apnic.net/ | Asia Pacific Network Information Centre (APNIC) |
| 63 | http://www.ripe.net/ | Reseaux IP Europeans (RIPE) |
| 63 | http://home.ag.org/iptools.htm -Broken link | Found at: http://tatumweb.com/iptools.htm "Swiss Army knife of Internet Tools |
| 63 | http://www.samspade.org/ -Not .com | Wide variety of research tools |
| 63 | http://www.webisplist.com | Resolves to CNET |
| 63 | http://ipindex.dragonstar.net/index.html | Broken link... couldn't find |
|
63 |
Snort - network intrusion detection |
|
|
63 |
Windows version " |
|
| 64 | http://ddi.digital.net/~gandalf/spamfaq.html | "Figuring out fake Email & Posts" |
| 64 | http://eddie.cis.uoguelph.ca/~tburgess/local/spam.html | "Fighting Email Spammers" |
| 64 | http://spam.abuse.net | "Fight Spam on the Internet!" |
| 64 | http://www.stopspam.org/email/headers/headers.html | "Reading Email Headers" |
| 65 | Chapter 3 - The Basics of Hard Drives and Storage Media | |
| 69 | ftp://ftp.powerquest.com/pub/utilities/ | Download Partinfo for free |
| 76 | http://www.encase.com/ | Identifies any data in unallocated space |
| 78 | http://www.ontrack.com/ | Data Recovery Services |
| 78 | http://www.ibas.net/ | " |
| 78 | http://www.cablesonline.net/ | Adapters & Stuff |
| 80 | http://www.forensic-computers.com/ | laptop adapters |
|
80 |
Intelligent Computer Solutions |
|
| 82 | http://www.iwar.org.uk/comsec/resources/standards/rainbow/NCSC-TG-025.2.html | Guide to understanding Data Remancence in Automated Information Systems |
| 83 | Chapter 4 - Encryption and Forensics | |
| 84 | http://www.atstake.com/ | Home of L0pht -password cracking tool |
| 95 | http://www.nai.com/ | Network Associates -home of McAfee & PGP |
| 100 | http://www.surety.com/ | Digital Time Stamp |
| 100 | http://www.digistamp.com/trust.htm | " |
| 104 | http://www.counterpane.com/whycrypto.html | "Why Cryptography Is Harder Than It Looks" |
| 105 | Chapter 5 - Data Hiding | |
| 111 | http://www.accessdata.com/ | Password Recovery tools |
| 112 | http://www.lostpassword.com/ | " |
| 112 | http://www.atstake.com/ | Home of L0phtCrack -password cracking tool |
| 113 | http://www.sysinternals.com/ | SAM databases can be copied using NTFSDOS |
| 113 | http://home.eunet.no/~pnordahl/ntpasswd/ | Offline NT Password & Registry Editor |
| 114 | http://www.redhat.com/ | Red Hat - Provider of open source technology |
| 114 | http://www.toms.net/ | "The most GNU/Linux on 1 floppy disk." |
| 114 | http://www.elcomsoft.com/ | "Advanced Zipped Password Recovery" |
| 114 | http://soft4you.com | "ZipPassword" |
| 119 | http://www.wotsit.org/ | The Programmer's File Format Collection |
| 121 | http://www.microsoft.com/ | Microsoft Corporation |
| 122 | http://www.foundstone.com/rdlabs/tools.php?category=Forensic | Many free forensic tools |
| 122 | http://www.sysinternals.com/ntw2k/source/misc.shtml | "Streams from Mark Russinovich of SysInternals" |
| 122 | http://www.crucialsecurity.com/ | "CrucialADS is a GUI-based tool from Crucial Security" |
| 124 | http://www.steganos.com/./en/ | Stego utility |
| 124 | http://members.tripod.com/steganography/stego/software.com | Broken Link |
| 129 | Chapter 6 - Hostile Code | |
| 135 | http://www.usnews.com/usnews/issue/970602/2crac.htm | Broken Link |
| 139 | http://www.sans.org/newlook/resources/IDFAQ/trinoo.htm | Intrusion Detection FAQ |
| 143 | http://www.nmap.org/ | Free Security Scanner |
| 143 | http://www.nessus.org/ | Remote Security Scanner |
| 144 | http://www.atstake.com/ | Home of L0pht -Password cracking tool |
| 146 | http://www.wildlist.org/ | List of Hostile codes in the wild |
| 146 | http://www.trusecure.com/html/tspub/index.shtml | Broken Link |
| 147 | http://www.packetstorm.com/ | Network Emulators |
| 147 | http://www.rootshell.com/ | Broken Link |
| Malware Web Sites | ||
| 147 | http://www.faqs.org/faqs/computer-virus/ | Computer Virus FAQ |
| 147 | http://www.rootshell.com/beta/exploits.html | Broken Links |
| 147 | http://www.packetstorm.securify.com/sniffers/ | Broken Links |
| 147 | http://www.packetstorm.securify.com/dirtree.html | Broken link |
| 147 | http://www.packetstorm.securify.com/Crackers/ |
Broken link |
| 147 | http://www.wildlist.org/ | The Wildlist Organization International |
| 147 | http://www.skyscraper.fortunecity.com/cern/600 |
Broken link |
| 147 | http://www.nwi.net/~pchelp/bo/bo.htm | The Back Orifice page |
| AV Vendor Sites Containing Searchable Malware References | ||
| 147 | http://datafellows.com/v-descs/ | F-Secure Virus Description database |
| 147 | http://vil.nai.com/villib/alpha.asp | McAfee Virus Information Library |
| AV Product Test Sites | ||
| 148 | http://www.virusbtn.com/100 | Virus Bulletin 100% Awards |
| 148 | http://agn-www.informatik.uni-hamburg.de/vtc | Virus Test Center |
| 148 | http://www.check-mark.com/ | Checkmark Information |
| 148 | http://www.icsa.net/html/communities/antivirus/certification/certified_products/ | ICSA certified AV products |
| 149 | Chapter 7 - Your Electronic Toolkit | |
| 150 | http://www.dmares.com/ | Maresware - Computer Forensic Software |
| 150 | http://www.forensics-intl.com/ | New Technologies Inc. |
| 151 | http://www.jasc.com/ | View Mac, PC, and Unix files |
| 151 | http://www.dataviz.com/ | " |
| 153 | http://www.cerious.com/ | ThumbsPlus is distributed only online |
| 156 | http://www.cdrom-prod.com/software.html | CD-R Diagnostics |
| 158 | http://www.dtsearch.com/ | Fast Text Search |
| 163 | http://www.forensics-intl.com/thetools.html | Computer Forensics & Security Software Tools |
| 163 | http://www.foundstone.com/rdlabs/tools.php | Resolves to http://www.foundstone.com/knowledge/free_tools.html |
| 167 | http://www.fish.com/tct/ | The Coroner's Toolkit (for Unix) |
| 167 | http://www.all.net/ | Fred Cohen & Associates - Strategic Security & Intelligence |
| 169 | http://www.forensics-intl.com/ | New Technologies Inc. |
| 174 | http://www.encase.com/encase/encase_v3_features.htm | Broken Link |
| 174 | http://www.forensic-computers.com/ | Forensic Hardware |
| 174 | http://www.exabyte.com/ | " |
| 175 | http://www.ics-iq.com/ | " -Intelligent Computer Solutions |
| 175 | http://www.forensic-computers.com/ | Forensic Hardware |
| 176 | http://www.incident-response.org/irtoolkits.htm | Static linking |
| 176 | http://www.dmares.com/maresware/forensic_tools.htm | Broken link |
| 177 | Chapter 8 - Investigating Windows Computers | |
| 191 | http://www.webdon.com/ | Password Recovery |
| 195 | http://www.sysinternals.com/ | Advanced utilities, technical information, and source code |
| 195 | http://support.microsoft.com/support/kb/articles/Q140/3/65.asp | MS Knowledge Base Article of Default Cluster Size for FAT & NTFS |
| 207 | Chapter 9 - Introduction to Unix for Forensic Examiners | |
| 245 | Chapter 10 - Compromising a Unix Host | |
| 246 | http://www.cert.org/research/JHThesis/Start.html | "An Analysis Of Security Incidents On The Internet" |
| 263 | Chapter 11 - Investigating a Unix Host | |
| 263 | http://www.fish.com/forensics/ | "Forensic Computing & Analysis" |
| 266 | http://www.pimmel.com/ | "Hacking the Linux kernel" |
| 276 | http://ngrep.sourceforge.net/ | TCP Aware - "Network GREP" |
| 283 | http://www.rootshell.com/ | Broken Link |
| 297 | www.cert.org/secuity-improvement/implementations/i002.02.html |
Broken link |
| 297 | www.sans.org/y2k/RPM.html | |
| 305 | www.sans.org/y2k/linux.htm | |
| 311 | Chapter 12 - Introduction to the Criminal Justice System | |
| 312 | http://htcia.org | |
| 314 | http://www.reid.com | |
| 319 | http://www.zdnet.com/zdnn/stories/news/0,4586,2576340,00.html | |
| 321 | http://www.usdoj.gov/criminal/cybercrime/ | Federal computer crime statues |
| 321 | http://uscode.house.gov/usc.htm | Office of Law Revision |
| 325 | Chapter 13 - Conclusion | |
| 325 | http://www.ne-htcia.org/training.html | |