GCK's Cybercrime and Cyberforensics-related URLs

6 July 2010

Please direct any questions, comments, suggestions, etc. about this URL list to Gary Kessler.

General Information Resources

Forensics Wiki
Scientific Working Group on Digital Evidence (SWGDE)
e-evidence info — The Electronic Evidence Information Center (C. Siedsma)
The National White Collar Crime Center (NW3C)
NW3C National Cybercrime Training Partnership

National District Attorneys Association (NDAA)
American Prosecutors Research Institute (APRI), The Research, Training, and Technical Assistance Affiliate of the NDAA

Center for Computer Forensics
International Organization on Computer Evidence (IOCE)
Forensic Science and Law Enforcement Links (MSU)
CERIAS (Center for Education and Research in Information Assurance and Security) Forensic Research Projects
High Tech Crime Network
High Tech Crime Consortium
High Technology Crime Investigation Association (HTCIA)
SEARCH - The National Consortium for Justice Information and Statistics
Electronic Crimes Task Force
National Criminal Justice Reference Service (NCJRS)
IFIP WG 11.9 (Digital Forensics): IFIP site | Working Group site
Forensic Association of Computer Technologists (FACT)
National Institute Of Justice (NIJ) Electronic Crime Partnership Initiative (ECPI)
International Association of Computer Investigative Specialists (IACIS)
Computer Forensics, Cybercrime and Steganography Resources

National Forensic Science Technology Center (NFSTC)
Digital Forensics and Emergency Preparedness Institute (Univ. Texas, Dallas)
Computer Cops information portal
CyberScience Laboratory
DiscoveryResources.org
Vermont Internet Crimes Task Force
Homeland Security Policy Institute Group
Computer Forensics, Cybercrime and Steganography Resources page
ForInSect
Computer Forensics World | The Computer Forensics Community | Forensic Focus
Other forensics URL lists: Alex Geschonneck's Resources Site | Wayne's Forensics and Incident Response Resources | Internet Resources for Computer Forensics | Brian Carrier's Open Source Digital Forensics page (Bootable Environments, Data Acquisition, Media Management, File System, and Application tools)
News: inform -- Computer Crime news
National Repository of Digital Forensic Intelligence (NRDFI)

Forensic Magazine
Forensics Organizations: American Academy of Forensic Sciences (AAFS) | Forensic Specialties Accreditation Board (FSAB) | American Society of Crime Laboratory Directors (ASCLD) | European Network of Forensic Science Institutes (ENFSI)
Forensic Science and Criminalistics: Properties of Physical Evidence (S. Carolina Criminal Justice Academy)
MyForensicScienceDegree.com: The Forensic Science Degree Guide
Journals, Conferences, Papers

Digital Forensic Research Workshop (DFRWS)
Digital Investigation (print, but some articles online)
International Journal of Digital Crime and Forensics
International Journal of Digital Evidence (IJDE), an online quarterly journal
International Journal of Electronic Security and Digital Forensics
Journal of Digital Forensic Practice
Journal of Digital Forensics, Security and Law
Small Scale Digital Device Forensics Journal (SSDDFJ) (online)
Digital Forensics Magazine
Digital Forensic Investigator News (online)

Data2Know.com: Internet & Online Intelligence Newsletter (Hetherington Information Services)
Checkmate, an Incident Response and Digital Forensics e-zine (NII Consulting)
Law Technology News
Digital Discovery & e-Evidence (Pike & Fischer)
Forensic Science Communications, a quarterly forensic science journal published by the FBI Laboratory
Law Enforcement Technology Magazine

NIJ DOCUMENTS: Electronic Crime Scene Investigation: A Guide for First Responders, Second Edition (NCJ 219941) [ first edition (NCJ 187736)] | Forensic Examination of Digital Evidence: A Guide for Law Enforcement (NCJ 199408) | Investigations Involving the Internet and Computer Networks (NCJ 210798) | Digital Evidence in the Courtroom: A Guide for Law Enforcement and Prosecutors (NCJ 211314)
"Searching and Seizing Computers and Obtaining Electronic Evidence in Criminal Investigations" (DOJ) ( PDF (2009) | PDF (2002))
"Good Practice Guide for Computer based Electronic Evidence" (Association of Chief Police Officers, U.K.)
CERT First Responder Guides: First Responders Guide to Computer Forensics | First Responders Guide to Computer Forensics: Advanced Topics
FBI "Handbook of Forensic Services", Computer Evidence Examinations
"Best Practices For Seizing Electronic Evidence", V3 (U.S. Secret Service) [V2: HTML | PDF)
SWGDE documents
The Internet Engineering Task Force's "Guidelines for Evidence Collection and Archiving" (RFC 3227)

"Law Enforcement Tools and Technologies for Investigating Cyber Attacks: A National Research and Development Agenda" (ISTS)
"Know Your Enemy: A Forensic Analysis" and other papers
"What is electronic evidence?" (Center for Computer Forensics)
"An Introduction to the Field Guide for Investigating Computer Crime" (T.E. Wright)
"How the FBI investigates computer crimes"
"Tracking a Computer Hacker" (D.A. Morris) | "Criminal Profiling, Computers, and the Internet" (E. Casey)
SECURE DISK WIPING: "Secure Deletion of Data from Magnetic and Solid-State Memory" [alt.] (P. Gutmann) | "The Difficulty of Data Annihilation from Disk Drives: or Exnihilation Made Easy" (D. Devera) | "Can Intelligence Agencies Read Overwritten Data? A repsonse to Gutmann" (D. Feenburg) | Guidelines for Media Sanitization (NIST Special Publication 800-88)
"Recovering Unrecoverable Data: The Need for Drive-Independent Recovery" (C.H. Sobey)
"Evaluating Commercial Counter-Forensic Tools" (M. Geiger)
General forensics: Crime & Clues: The Art and Science of Criminal Investigation | Crime Scene Investigation

Subscribe to DCCI Dispatch

BLOGS: ForensicDev (Martin Siefert) | BitSec Forensics Blog (Mike Webber) | Lance Mueller's Forensics Blog (includes EnScript tutorials!) | Forensic 4cast | exforensics (Larry Daniel/Guardian Digital Forensics) | int for(ensik){blog;} (Andreas Schuster & Mathieu Suiche) | Windows Incident Response (Harlan Carvey) | Volatile memory analysis research (Volatility) | A Geek Raised by Wolves (Jesse Kornblum) | Marc Rogers | CyberSpeak's Podcast | SANS Computer Forensics Blog | Forensic Computing blog | Forensic Incident Response | PC-Eye (Digital Forensics) | Forensic Focus Blog | Solid Forensics Blog
Computer Crime & Legal Issues

U.S. COURTS: Federal Rules of Criminal Procedure | Federal Rules of Evidence (2008) | Federal Rules of Civil Procedure (2008) | Main page
DIGITAL FORENSICS & PRIVATE INVESTIGATION: "To License or Not to License Revisited: An Examination of State Statutes Regarding Private Investigators and Digital" (Lonardo et al.) | "Why computer forensic professionals shouldn’t be required to have private investigator licenses" (Schwerha) | "Case Against P.I. Licensing for Digital Forensic Examiners" (Barbara)
Computer Crime Laws by State
Vermont Statutes

Identity Theft Statutes
International legislation
The Law of Cyber-Space (A. Kamal, U.N. Institute for Training and Research)
U.S. Dept. of Justice Computer Crime and Intellectual Property Section (CCIPS) (Computer Intrusion Cases)

Computer Crime Page

Cybercrimes.net (Univ. of Dayton School of Law)
Internet Law Library
LabMice.net's Computer Forensics and Legal and Cybercrime resource pages
Council of Europe (international computer crime treaty)
Internet Crime Complaint Center (IC3) [FBI & NW3C]
Federal Law Enforcement Training Center (FLETC) Legal Division (Legal Research Links)
Title 18A-Appendix, Federal Rules of Evidence
"Collecting Computer-Based Evidence," New York Law Journal (J.E. Feldman, R.I. Kohn, 1998)
"Model Code of Cybercrimes Investigative Procedure"
Computer Records and the Federal Rules of Evidence (O.S. Kerr)
Electronic Newsletter on the Fight Against Cybercrime (ENAC) (European Commission)
Computer Crime Research Center (CCRC) (based in the Ukraine, site also available in Russian)
The Cyberlaw Encyclopedia
CataLaw: CyberRights (Communications | Information Technology | Intellectual property | Media and Entertainment | Privacy & information)
EFF "Legal Cases" Archive
Georgetown Law Library International Cyberspace Law Research Guide
Electronic Discovery Law (Preston Gates & Ellis LLP)
Regional Information Sharing Systems (RISS)
Guidance Software Legal Resources (including EnCase¡ Legal Journal and several other case citations)
Kroll Ontrack Computer Forensics & Cyber Crime Newsletter and Case Law List
Craig Ball's "Helping Lawyers Master Technology" site... (main page | Six Articles on Computer Forensics for Lawyers)
Computers & Internet Crimes Page
"McAfee Virtual Criminology Report: North American Study into Organized Crime and the Internet
FindLaw
Cryptome.org
"Takedowns: Legendary Successes in Computer Forensics" (Nelson & Simek)
CASE LAW BLOG: CYB3RCRIM3: Observations on technology, law and lawlessness (Brenner)
TESTIMONY AIDS: Computer Hardware Chart |

A little FBI humor....
Cybercrimes & Online Safety

Internet Fraud Complaint Center
IDENTITY THEFT: Federal Trade Commission's ID Theft Page | Identity theft information resources | "Identity Theft" (Federal Reserve Bank of Boston) | Identity Theft Protection | National Center for Victims of Crime | Identity Theft Statutes (U.S.) | Primer on avoiding identity theft | Payment Card Industry data security standard
E-MAIL SCAMS AND PHISHING: Anti-Phishing Working Group | Phish Report Network (PRN) | "Know your Enemy: Phishing -- Behind the Scenes of Phishing Attacks (Honeynet Project) | Nigeria - The 419 Coalition Website ||| Phish of No Phish? (education site by VeriSign) | Horse farmer scam baiter | Ebola Monkey Man: Pissing Off Nigerian Scammers One At a Time!
"Investigating Internet crimes against children: Seeking a new law enforcement paradigm" (Kardasz)
CYBERSTALKING: Cyberstalking and Internet Safety FAQ | CYBER-STALKING.NET | Cyberstalking: A New Challenge for Law Enforcement and Industry (DOJ)
ONLINE SAFETY: Boston Public Schools Cyber Safety Campaign™ | SafeKids.Com | GetNetWise | The Door That's Not Locked (Candian Centre for Child Protection) | webAWARE (Media Awareness Network) | Internet 101 (Canadian law enforcement and educators) | Child Exploitation and Online Protection (CEOP) (U.K.) | NetSmartz.org (NCMEC) | WEBWISEKIDS | GetNetWise (Internet Education Foundation) | Internet Safety 101SM Video Vignettes (Enough Is Enough) | STAYSAFEONLINE (National Cybe Security Alliance) | iKeepSafe.org (Internet Keep Safe Coalition) | i-SAFE | VT INFOSAFE | Internet Safety For Children (HTCIA) | Internet Safety for Kids (L. Chappell) | Microsoft "Security at Home" page | UK Complete Resource of Internet Safety for Kids
WEB SITE FILTERING: K9 Web Protection | Net Nanny | CYBERsitter | CyberPatrol
PERVERTED-JUSTICE.COM
counterfeit library: The Experts Guide to Anonymity
Victim Assistance Online
"Credit Card Validation - Check Digits"
Barcodes, Inc.'s barcode generator
Computer Forensics

Computer Forensics lab accreditation: NIST HANDBOOK 150, National Voluntary Laboratory Accreditation Program | American Society of Crime Laboratory Directors (ASCLD) / Laboratory Accreditation Board | ISO 17025 page
The Computer Forensic Reference Data Sets (CFReDS) Project (NIST) [Simulated digital evidence for examination: Hacking case, Russian Tea Room, and more!]

U.S. Department of Defense Cyber Crime Center (DC3) (including DoD Computer Forensics Laboratory (DCFL))
www.TigerTools.net Forensics Contest
Incident Handling: CERT/CC Steps for Recovering From a Unix or NT System Compromise | SecurityFocus.com
Secure Business Quarterly issue on Digital Forensics
Zeno's Computer Forensics links...
openforensics.org
Linux LEO: "The Law Enforcement and Forensic Examiner's Introduction to Linux"
Bates numbering: "Bates Numbering - Whatøs in a number anyway?" (C. Brown) | Bates_no (Maresware)
AFF (Advanced Forensic Format)
Windows: "Notes On Vista Forensics" (J. Morris) | "Fundamental Computer Investigation Guide For Windows" (MS) | "A Guide to Basic Computer Forensics" (TechNet)
Papers on Oracle forensics
ISSUES RELATED TO ENCRYPTION: Cold Boot Attacks on Encryption Keys (Princeton) | msramdmp: McGrew Security RAM Dumper
Computer Forensics Tools

TEST IMAGES: NIST Computer Forensic Tool Testing site | Brian Carrier's Digital Forensics Tool Testing Images | Digital Corpora site (See "Bringing science to digital forensics with standardized forensic corpora" (Garfinkel et al.))
National Software Reference Library (NSRL) Project (NIST)
TUCOFS - The Ultimate Collection of Forensic Software
COMPUTER FORENSICS TOOLS: dtSearch text finding tool | EnCase (Guidance Software) | AccessData (Forensic Toolkit (FTK), SecureClean, WipeDrive, and password recovery) | Maresware Suite (Mares & Co.) | ProDiscover (Technology Pathways) | SANS Investigative Forensic Toolkit (SIFT) Workstation 2 | Live View (CERT) | Digital Intelligence, Inc. | Paraben Forensic Tools | Sleuth Kit and Autopsy | ILook Investigator (Law Enforcement only) | Forensic Acquisition Utilities (G.M. Garner) [Alt. link] | 10-23 On-Scene Investigator || Network Intrusion's list of forensics tools and forensics toolkits | Windows Forensic Toolchest (WFT) | fbi (E-mail and data forensics software) | KnTTools
FILE CARVING: Simple Carver Suite (Tim Coakley) [Tim's free tools] | DataLifter | Scalpel: A Frugal, High Performance File Carver | Photorec, digital picture recovery | Recover My Files | "Measuring and Improving the Quality of File Carving Methods (Kloet, 2007)
Online conversion utilities (Number base converter, date/time conversion, integer/IPv4 address conversion, string hash, XOR/ADD stream encryption)
Hiren's BootCD (partition, disk clone, recovery, testing, hard disk, system info, MBR, BIOS/CMOS, password, file system, and other tools)
CERT Forensics tools (including LE-only tools)
COMPUTER FORENSICS HARDWARE: Intelligent Computer Solutions | Digital Intelligence, Inc. | wiebeTECH | Data Forensics Engineering | Forensic Computers || iFixit manuals for Macs and iPods
KEYSTROKE LOGGERS: Keylogger.org | KEYKatcher | KeyGhost | Blazing Tools Software Perfect Keylogger || Anti-Keylogger
GCK'S PAPERS: List of File Signatures (includes pointers to magic numbers, file extension pages, and graphics file formats) | The BASE64 and BASE32 Alphabets | ASCII Decimal and Hexadecimal Conversion Table
HASH SETS: HashKeeper (DOJ) | National Software Reference Library | Mares Hash Set CD
PARSING TOOLS: Many parsing tools from Red Wolf (include Gmail, folder, Skype logs, Recycle bin, and more...)
"List of Known Spyware" (unconfirmed list) | SpyArsenal.com
Sysinternals Windows and Linux internals software
File and data recovery software
Karen's Power Tools
BROWSER TOOLS: firefoxforensics | Karen's Cookie Viewer | Computer History Viewer (Elongsoft) | IE History View (NirSoft) | Web Cache Illuminator (Northstar Solutions) | Protected Storage PassView (NirSoft) | FireFox Forensics (Machor) | FoxAnalysis | ChromeAnalysis
RAM ANALYSIS: "The Acquisition and Analysis of Random Access Memory" (Vidas, JDFP, 1(4), Dec. 2006) || Windows 2000 memory parser (Carvey) | The Volatility Framework | memparser (DFRWS 2005) | Memory DD (MDD, ManTech) | Memoryze (Mandiant) | Win32dd | HBGary Responder and Fast Dump | F-Response | BinText | KnTTools | PyFlag | Interrogate: POC to identify crypto keys in RAM || Key Extraction (Brian Kaplan)
REGISTRY: Registry Ripper (Carvey) | Regshot (before and after registry comparison)
Dan Mares' Forensic Software Sources plus another list: A-C, D-F, G-K, L-O, P-S, T-Z
Machor Software (Win Forensic Analysis, Firefox Forensics, Google Chrome Forensics)
MiTeC, a slew of nice utility tools
ANTI-FORENSICS: Network Intrusion's list of antiforensic tools | Metasploit Anti-forensics site (including Metasploit Anti-Forensic Investigation Arsenal (MAFIA)) | Plausible Deniability ToolKit | Detect and Eliminate Computer Assisted Forensics (DECAF) || "How Online Criminals Make Themselves Tough to Find, Near Impossible to Nab" (S. Berinato)
UNIX/LINUX: THE FARMER'S BOOT CD (FBCD) (see also manual) | BackTrack | Linux-Forensics.com (Penguin Sleuth) | The Coroner's Toolkit (TCT), from Dan Farmer and Wietse Venema, a toolkit for incident response/forensic analysis of Unix systems | "Freeware Forensics Tools for Unix" (D. Cheng) | "Basic Steps in Forensic Analysis of Unix Systems" (D. Dittrich) | Bill Stearns' CD of statically linked forensics tools | Forensics Incident Response Environment - F.I.R.E. (Melior, Inc. & DMZS FIRE CD) | Open Source UNIX Forensics Tools
FIRST RESPONSE TOOLS: Phoenix (Drew Fahey) | Helix | Helix Community Edition (HelixCE) | Auditor security collection | Intel(R) Regimented Potential Incident Examination Report (RPIER) | CAINE (Computer Aided INvestigative Environment) | BackTrack | Knoppix STD (Security Tools Distribution) | Raptor (Forensic imaging)
WHOLE-DISK ENCRYPTION DETECTION: ZeroView | Encrypted Disk Detector (EDD)
NOVELL: Captain Nemo - Multi Platform File Manager
MAC OS: Ultimate Guide to Mac OS Forensics | Mac Forensics | The Apple Examiner (formerly MacOS X Forensics | BlackBag Macintosh Forensic Software | SubRosaSoft MacForensicsLab | "FireWire Target Disk Mode Guidelines" (BlackBag Technologies)
Tech Assist Forensics & Secruity Tools | "File Vault Imaging: Apple's Dirty Little Secrets" (Zdziarski)
MAC TIME ALTERATION (WINDOWS): PropertiesPlus | FileTime (VB) | AttributeMagic Pro | febooti fileTweak | ShellToys Change Date & Time | FAQ about PC clocks
Removing/accessing the hard drive from a variety of devices (Sanderson Foresnics)
Wotsit's Format (file format information on hundreds of different file types)
Forensic Acquisition Utilities (Windows versions of dd, md5sum, netcat, and more!)
RDA - Remote Data Acquisition utility
Protected Storage Explorer
Default Password List
Forensic and Log Analysis GUI (FLAG) | PyFlag (FLAG ported to Python
md5deep (cross-platform program to compute MD5 digests on an arbitrary number of files)
Silent Runners (VBS script to identify programs that start up with Windows)
Steganography detection: WetStone Technologies | OutGuess | SpyHunter stego page
JPEG Exif data extraction: exiftags utility | EXIF-O-Matic | Exifer for Windows | jhead | metadata extractor (Java) [D. Noakes] | "Exchangeable Image file Format (ExIF)" (C. Brown) | (While on the topic of JPEG, see JPG Degradation over Successive Saves)
REGISTRY: "Forensic Analysis of the Windows Registry"
Windows EDB file parser
METADATA: Metadata Assistant for Word, Excel and PowerPoint (Payne) | Open Office Metadata Extractor | FOCA | Digital photos as evidence (Hodges)
IMAGES: TinEye, reverse image search engine
"Evidentiary Value of Link Files" (Weilbacher)
Windows Forensics and Incident Recovery site and Forensic Server Project (Carvey)
CASE TIMELINE/VISUALIZATION TOOLS: i2 Analyst's Notebook, visual investigative analysis software | CaseAnalysis (CaseMap, TimeMap)
COMPUTER FORENSICS & VISUALIZATION: "Visual Computer Forensic Analysis" (K. Jones) | rumint
HARDWARE INFORMATION: pc-hardware-faq/enhanced-IDE | Hard Disk Drives (from The PC Guide) | DEW Associates Corporation Knowledge Center (articles on ACPI-compliant BIOS, CMOS, firmware, virtual memory, motherboards, and hard drives) | SCSI Storage Interfaces (T10 Technical Comm.) | ATA drives (T13 Technical Comm.)
FILE SYSTEMS: "FAT (File Allocation Table) File System Tutorial (Seamons) | "FAT: General Overview of On-Disk Format (Microsoft) | "Microsoft Extensible Firmware Initiative, FAT32 File System Specification, FAT: General Overview of On-Disk Format" (Microsoft) | "NTFS file system" (Mikhailov) | "NTFS Documentation" (Russon & Fledel) | "The EXT2 File System" (The Linux Tutorial site) | Apple Computer Technical Note TN1150, "HFS Plus Volume Format"
Video Previewer (Tim Coakley)
MAGNETIC FORCE MICROSCOPY (MFM): MFM overview | "Magnetic Force Microscopy (MFM)" (Alexeev & Popkov) | Magnetic Resonance Force Microscopy (IBM Almaden Research Center), w/ MPEG animation | Scanning Probe Microscopy | "Scanning Probe Microscopy (SPM)" (J.W. Cross)
SOLID-STATE/USB DEVICES: "Solid State Drives and Data Recovery" | "USB Key Analysis vs. USB Drive Enclosure Analysis" (Rob Lee) | "Updated: Computer Forensic Guide To Profiling USB Thumbdrives on Win7, Vista, and XP"
DISK WIPING SOFTWARE: Wipe Free Space | Darik's Boot and Nuke (DBAN) | BCWipe | Eraser
CD Emulator (open source)

See also GCK's pointers to crypto/stego tools and passwords crackers/hacker tools.
Mobile Device Forensics

P3: Purdue Phone Phorensics Knowledge Base
Mobile Forensics World Conference site (Videos from 2008, including GCK's video)
e-evidence info: Cellular/Mobile Phone Forensics papers and pointers
MOBILE PHONE ANALYSIS: "Cell Phone Forensic Tools: An Overview and Analysis" (NIST IR 7250) | "Cell Phone Forensic Tools: An Overview and Analysis Update" (NIST IR 7387) | "Mobile Forensic Reference Materials: A Methodology and Reification" (NIST IR 7617) | "Guidelines on Cell Phone Forensics" (NIST SP 800-101) | "Forensic Examination of a RIM (BlackBerry) Wireless Device" (M.W. Burnette) | Creating a Cell Phone Investigation Toolkit: Basic Hardware and Software Specifications (SEARCH) | SEARCHinvestigative toolbar | phone scoop | Carrier info from NANPA | FCC Antenna Structure Registration site | FoneFinder | Mobile Forensics Central | e-evidence.info pointers... | PhoneNews.com | Forensics Telecommunications Services (FTS) | Phone-Forensics portal
MOBILE PHONE EXAMINATION PRODUCTS: BitPim (CDMA) | SIMCon | Oxygen Forensic Suite | MOBILedit! | CelleBrite | Susteen DataPilot | Paraben | Micro Systemation .XRY | Cell Phone Analyzer | SmartMoto/Smart-Clip | BKFORENSICS | Project-a-Phone | Fernico ZRT (camera/software) | CDMA Software | ESN Converter tool
Cell Phone Erasure instructions
GSM 11.11 specification (SIM card)
PDA ANALYSIS: NIST IR 7100: "PDA Forensic Tools: An Overview and Analysis" (August 2004) | NIST SP 800-72: "Guidelines on PDA Forensics" | "iPod Forensics" (Marsico & Rogers) | "iPod Forensics Update" (Kiley, Shinbara, & Rogers) | DVD Forum || pilot-link (Linux<->PalmOS) | Palm OS Emulator (POSE) | Palm dd (pdd) | ABC Amber BlackBerry Converter
SMS: "SMS and the PDU Format" | "Understanding SMS" (Harrington) || SMS tools (for GSM Phones)
Nokia secret codes
MOTOROLA-RELATED: OpenEZX: Motorola EZX GSM phone wiki | Motorola-Tools.com
iPHONE: iPHONE INSECURITY | The Apple Examiner | iPhones | iPhone Forensics Centre | Mobilyze (Black Bag) | Katana Forensics | SpyCalc, hide videos, programs, and more on an iPhone or iPod
Canon Hacker's Development Kit
GPS: GPSForensics.org | Forensics Wiki | TomTom devices (Forensic Focus) | Paraben | GPSBabel (Free software for GPS data conversion and transfer)
ANDROID OS: Android Forensics (viaForensics) [open source forensics application] | "Five Great Reasons to Root Your Android Phone"
Eoghan Casey on physical analysis of cell phones
MOBILE PHONE SPOOFING (see CALLER ID SPOOFING, below)
Network Forensics

Internet Archive waybackmachine
SEARCH's ISP List
WebCase, The Investigators Internet Collection Tool
Guide to Computer and Network Data Analysis: Applying Forensic Techniques to Incident Response (NIST draft SP 800-86)
FORWARD EDGE II (USSS Interactive Training & Resources To Combat Electronic Crimes)
"Collecting Evidence from a Running Computer: A Technical and Legal Primer for the Justice Community" (SEARCH) | LiveDiscover and LiveWire Investigator (WetStone) | RIP (Remote Information Probe) [Technology Pathways]
Network Forensics products: NetIntercept (Sandstorm Enterprises) | SilentRunner and Unicenter Network Forensics | NIKSUN - Forensics & Compliance
Internet information sites: Sam Spade | DNS Stuff | DomainTools | NETWORK-TOOLS.COM | Domain name registries around the world
UCsniff (sniffing live VoIP conversations)
WEB SITE INFORMATION: Quarkbase | Netcraft Internet Evidence Finder (IEF)
Maltego (Paterva), a data mining, graphical program to link people to Web sites, addresses, phone numbers, etc.
LOG FILE FORMATS: SMTP server log format (sendmail & Exchange) | HTTP Server Log Files
E-MAIL INVESTIGATIONS: Mailbag Assistant | WHO@ (E-mail headers for many e-mail clients) | MHonArc: A mail-to-HTML converter | NEMX || "Understanding E-mail" (NDAA) | "The ECPA, ISPs & Obtaining E-mail (NDAA) | "How to View Email Headers" (SEARCH) | "CSI: Lost e-mails" (S. Ulfelder, Network World, 9/2003) | Yahoo! Messenger Archive Decoder | "Tracking E-mail" (G.E. Boyd)
INSTANT MESSAGING AND CHATTING: "A study of Internet instant messaging and chat protocols" (IEEE Network) || Yahoo! Messenger Protocol (Wiki) | Yahho Messenger Protocol (Venky's World) | Yahoo Protocol Tutorial | Yahoo Messenger Protocol v9 | YMSG Packet Types | AIM/OSCAR Protocol (Wiki) | GAIM protocols | MSN Messenger Protocol page | Msn Messenger Protocol (Venky's World)
Geobytes IP Address Locator Tool (pretty good, usually)
Infobin Information Services ISP Contact List
SOCIAL NETWORKS: Facebook JPG Finder (FJF) | Fchat | Facebook Chat Forensics
CALLER ID SPOOFING: Telespoof | SpoofCard | Star38.com (stealth telecom) | trapcall (Unmask blocked CallerID) || "CID/ANI spoofing on VoIP using Asterisk" | "VoIP hacks gut Caller I.D." (K. Poulsen, July 2004)
TELEPHONE SEARCH SITES: AnyWho | Switchboard Internet Yellow Pages and White Pages (and maps!) | Infobel.com (International) | Canada411 | fonefind.com | FoneFinder
Family Watchdog (National Sex Offender Registry)
ONLINE CHAT TERMS AND VERNACULAR: English internet slang (Wiktionary) | Sharpened Glossary | NetLingo List of Internet Acronyms & Text Message Jargon | Chat, E-Mail, Web, and chat room slang and acronyms | Slang list from NCMEC (PDF) | "A Parents Guide to Internet Lingo" (SpectorSoft) (PDF) Chat site, text messaging, etc. lingo | Chat Abbreviations
PEOPLE SEARCHES: freeality.com Internet Search Engines | skipease — The People Search Network (skiptracing) | Veromi: The Trusted Information Source | DOCUSEARCH | NetDetective | NETR Real Estate Information and Public Records Research | ZabaSearch | Spock People Search | spokeo | wink People Search | SearchBug (includes people search by address | WhitePages.com (includes reverse lookups) | Directory Assistance plus | zoominfo | SearchSystems.net public records directory | l.e.a.d.s.online | Entersect Corp. | peoplefinders | intellus.com | INTELIUS | GorillaTrace - Metasearch for Investigative Professionals
Ziggs, a site that allows a person to be notified when someone Googles them -- and to find out who was Googling!
SOCIAL SECURITY NUMBERS: SSN Verification (SSA.gov) | SSN validation software (Maresware)
SATELLITE PICTURES: TerraFly (Java) | TerraServer | TerraServer-USA | Google maps
SOCIAL NETWORKS: Social network analysis | PieSpy Social Network Bot | Snitch.Name | YoName
BOT NETS: "Know your Enemy: Tracking Botnets (Honeynet Project) | "Botnets as a Vehicle for Online Crime" (CERT) | "An Inside Look at Botnets" | "Attack of the Bots (WIRED, 14.11, Nov. 2006) || ZeuS Tracker
Online Investigator's Handbook
WIFI GEOLOCATION: Windows Incident Response blog (9/27/2009) | Skyhook WiFi Geolocation
VoIP/SKYPE: Paraben Chat Examiner | Red Wolf Skype parser || Skypeex (Extract Skype chats from a RAM dump)
Electronic Discovery

The Sedona Conference
The Electronic Discovery Reference Model (includes data sets, metrics, and jobs)
RenewData (see Resources for white papers, webinars, etc.)
SOFTWARE: Attenex Patterns Document Mapper (FTI) | Concordance (LexisNexis) | CT Summation | iCONECT | Intella (Vound) (indexing search engine and visual presentation)
Federal Rules of Evidence (2008)
Federal Rules of Civil Procedure (2008)
Electronic Discovery Articles (Fios)
Electronic Discovery Blog (Kahn Consulting)
Case studies from Electronic Discovery Law
Terrorism-Related Issues/Investigations

Internet Haganah (טנרטניאב הנגה)
Treadstone 71
Jihadica: Documenting the Global Jihad
International naming issues (e.g., Hispanic, Iranian, Middle East, etc.)
Capability of the People's Republic of China to Conduct Cyber Warfare and Computer Network Exploitation
Commercial Training/Certifications/Investigations

GKS Digital Services, LLC
BitSec Forensics
Computer Forensics, Inc.'s Resource Center
Computer Forensics & eDiscovery Companies
CyberEvidence
CyberSecurity Institute
Deloitte & Touche Analytic & Forensic Technology
Hypertech Forensics, Inc.
InfoSec Institute
netForensics
PROTEX International, Digital Forensic Group
Center for Computer Forensics
Berryhill Computer Forensics
Burgess Forensics
Innovative Digital Forensic Solutions, L.L.C.
Kessler International (no relation to GCK)
KrollOntrack
RenewData
WetStone Technologies
Forensicon
CELL/MOBILE PHONE: BKForensics | Paraben | Mobile Forensics Training
CERTIFICATIONS: Certified Computer Examiner (CCE) [The International Society of Forensic Computer Examiners (ISFCE)] | Certified Information Forensics Investigator (CIFI) [IISFA] | Digital Forensics Certification Board (DFCB) | SANS Computer Forensics || Forensic Specialties Accreditation Board (FSAB)

Law Enforcement Officers should also see Certified Forensic Computer Examiner (CFCE) [IACIS] and courses at NW3C and SEARCH

GCK's Cybercrime and Cyberforensics-related URLs

Please direct any questions, comments, suggestions, etc. about this URL list to Gary Kessler.

Return to your last page...