GCK's Cybercrime and Cyberforensics-related URLs

General Information Resources

• Forensics Wiki
• Scientific Working Group on Digital Evidence (SWGDE)
• The National White Collar Crime Center (NW3C)
  • NW3C National Cybercrime Training Partnership
• National District Attorneys Association (NDAA)
  • American Prosecutors Research Institute (APRI), The Research, Training, and Technical Assistance Affiliate of the NDAA
• National Institute Of Justice (NIJ) Electronic Crime Partnership Initiative (ECPI)
• International Association of Computer Investigative Specialists (IACIS)
• Center for Computer Forensics
• Forensic Science and Law Enforcement Links (MSU)
• CERIAS (Center for Education and Research in Information Assurance and Security) Forensic Research Projects
• High Tech Crime Network
• High Tech Crime Consortium
• High Technology Crime Investigation Association (HTCIA)
• SEARCH - The National Consortium for Justice Information and Statistics
• Electronic Crimes Task Force
• National Criminal Justice Reference Service (NCJRS)
• IFIP WG 11.9 (Digital Forensics): IFIP site | Working Group site
• Forensic Association of Computer Technologists (FACT)
• e-evidence info — The Electronic Evidence Information Center (C. Siedsma)
• Computer Forensics, Cybercrime and Steganography Resources
  
  
• National Forensic Science Technology Center (NFSTC)
• Digital Forensics and Emergency Preparedness Institute (Univ. Texas, Dallas)
• Computer Cops information portal
• CyberScience Laboratory
• DiscoveryResources.org
• Vermont Internet Crimes Task Force
• Homeland Security Policy Institute Group
• Computer Forensics, Cybercrime and Steganography Resources page
• ForInSect
• Forensics Organizations: American Academy of Forensic Sciences (AAFS) | Forensic Specialties Accreditation Board (FSAB) | American Society of Crime Laboratory Directors (ASCLD) | European Network of Forensic Science Institutes (ENFSI)
• Computer Forensics World | The Computer Forensics Community | Forensic Focus
• Other forensics URL lists: Alex Geschonneck's Resources Site | Wayne's Forensics and Incident Response Resources | Internet Resources for Computer Forensics | Brian Carrier's Open Source Digital Forensics page (Bootable Environments, Data Acquisition, Media Management, File System, and Application tools) Forensics Wiki
  
  
• News: inform -- Computer Crime news

Journals, Conferences, Papers

• Digital Forensic Research Workshop (DFRWS)
• Digital Investigation (print, but some articles online)
• International Journal of Digital Evidence (IJDE), an online quarterly journal
• Journal of Digital Forensic Practice
• Journal of Digital Forensics, Security and Law
• Small Scale Digital Device Forensics Journal (SSDDFJ) (online)
  
  
• Data2Know.com: Internet & Online Intelligence Newsletter (Hetherington Information Services)
• Checkmate, an Incident Response and Digital Forensics e-zine (NII Consulting)
• Law Technology News
• Digital Discovery & e-Evidence (Pike & Fischer)
• Forensic Science Communications, a quarterly forensic science journal published by the FBI Laboratory
• Law Enforcement Technology Magazine
  
  
• NIJ DOCUMENTS: Electronic Crime Scene Investigation: A Guide for First Responders (NCJ 187736) | Forensic Examination of Digital Evidence: A Guide for Law Enforcement (NCJ 199408) | Investigations Involving the Internet and Computer Networks (NCJ 210798) | Digital Evidence in the Courtroom: A Guide for Law Enforcement and Prosecutors (NCJ 211314)
• "Law Enforcement Tools and Technologies for Investigating Cyber Attacks: A National Research and Development Agenda" (ISTS)
• "Know Your Enemy: A Forensic Analysis" and other papers
• "What is electronic evidence?" (Center for Computer Forensics)
• "An Introduction to the Field Guide for Investigating Computer Crime" (T.E. Wright)
• "How the FBI investigates computer crimes"
• "Tracking a Computer Hacker" (D.A. Morris) | "Criminal Profiling, Computers, and the Internet" (E. Casey)
• Secure disk wiping: "Secure Deletion of Data from Magnetic and Solid-State Memory" [alt.] (P. Gutmann) | "The Difficulty of Data Annihilation from Disk Drives: or Exnihilation Made Easy" (D. Devera) | "Can Intelligence Agencies Read Overwritten Data? A repsonse to Gutmann" (D. Feenburg) | Case studies from Electronic Discovery Law | Guidelines for Media Sanitization (NIST Special Publication 800-88)
• "Recovering Unrecoverable Data: The Need for Drive-Independent Recovery" (C.H. Sobey)
• "Evaluating Commercial Counter-Forensic Tools" (M. Geiger)
• General forensics: Crime & Clues: The Art and Science of Criminal Investigation | Crime Scene Investigation
  
  
• Subscribe to DCCI Dispatch

Computer Crime & Legal Issues

• Computer Crime Laws by State
  • Vermont Statutes
• Identity Theft Statutes
• International legislation
• The Law of Cyber-Space (A. Kamal, U.N. Institute for Training and Research)
• U.S. Dept. of Justice Computer Crime and Intellectual Property Section (CCIPS) (Computer Intrusion Cases)
  • Computer Crime Page
• Cybercrimes.net (Univ. of Dayton School of Law)
• Internet Law Library
• LabMice.net's Computer Forensics and Legal and Cybercrime resource pages
• Council of Europe (international computer crime treaty)
• Internet Crime Complaint Center (IC3) [FBI & NW3C]
• Federal Law Enforcement Training Center (FLETC) Legal Division (Legal Research Links)
• Title 18A-Appendix, Federal Rules of Evidence
• "Collecting Computer-Based Evidence," New York Law Journal (J.E. Feldman, R.I. Kohn, 1998)
• "Model Code of Cybercrimes Investigative Procedure"
• Computer Records and the Federal Rules of Evidence (O.S. Kerr)
• Computer Crime Research Center (CCRC) (based in the Ukraine, site also available in Russian)
• The Cyberlaw Encyclopedia
• CataLaw: CyberRights (Communications | Information Technology | Intellectual property | Media and Entertainment | Privacy & information)
• EFF "Legal Cases" Archive
• Georgetown Law Library International Cyberspace Law Research Guide
• Electronic Discovery Law (Preston Gates & Ellis LLP)
• Regional Information Sharing Systems (RISS)
• Guidance Software Legal Resources (including EnCase® Legal Journal and several other case citations)
• Kroll Ontrack Computer Forensics & Cyber Crime Newsletter and Case Law List
• Craig Ball's "Helping Lawyers Master Technology" site... (main page | Six Articles on Computer Forensics for Lawyers)
• Computers & Internet Crimes Page
• "McAfee Virtual Criminology Report: North American Study into Organized Crime and the Internet
• FindLaw
• Cryptome.org
• "Takedowns: Legendary Successes in Computer Forensics" (Nelson & Simek)
  
  
• A little FBI humor....

Cybercrimes & Online Safety

• Internet Fraud Complaint Center
• IDENTITY THEFT: Federal Trade Commission's ID Theft Page | Identity theft information resources | "Identity Theft" (Federal Reserve Bank of Boston) | Identity Theft Protection | National Center for Victims of Crime | Identity Theft Statutes (U.S.) | Primer on avoiding identity theft | Payment Card Industry data security standard
• E-MAIL SCAMS: Anti-Phishing Working Group | Phish Report Network (PRN) | "Know your Enemy: Phishing -- Behind the Scenes of Phishing Attacks (Honeynet Project) | Nigeria - The 419 Coalition Website ||| Horse farmer scam baiter | Ebola Monkey Man: Pissing Off Nigerian Scammers One At a Time!
• CYBERSTALKING: Cyberstalking and Internet Safety FAQ | CYBER-STALKING.NET | Cyberstalking: A New Challenge for Law Enforcement and Industry (DOJ)
• ONLINE SAFETY: i-SAFE | VT INFOSAFE | SafeKids.Com | GetNetWise | Internet Safety For Children (HTCIA) | Internet Safety for Kids (L. Chappell) | Microsoft "Security at Home" page
• PERVERTED-JUSTICE.COM
• counterfeit library: The Experts Guide to Anonymity
• Victim Assistance Online
• "Credit Card Validation - Check Digits"
• Barcodes, Inc.'s barcode generator

Computer Forensics

• Computer Forensics lab certification: NIST HANDBOOK 150, National Voluntary Laboratory Accreditation Program | American Society of Crime Laboratory Directors (ASCLD) / Laboratory Accreditation Board | ISO 17025 page
• "Searching and Seizing Computers and Obtaining Electronic Evidence in Criminal Investigations" (DOJ) (HTML | PDF)
• "Good Practice Guide for Computer based Electronic Evidence" (Association of Chief Police Officers, U.K.)
• CERT First Responder Guides: First Responders Guide to Computer Forensics | First Responders Guide to Computer Forensics: Advanced Topics
• FBI "Handbook of Forensic Services", Computer Evidence Examinations
• "Best Practices For Seizing Electronic Evidence", V3 (U.S. Secret Service) [V2: HTML | PDF)
• "Best Practices for Computer Forensics" (SWGDE)
• The Internet Engineering Task Force's "Guidelines for Evidence Collection and Archiving" (RFC 3227)
• The Computer Forensic Reference Data Sets (CFReDS) Project (NIST) [Simulated digital evidence for examination: Hacking case, Russian Tea Room, and more!]
  
  
• U.S. Department of Defense Cyber Crime Center (DC3) (including DoD Computer Forensics Laboratory (DCFL))
• www.TigerTools.net Forensics Contest
• Incident Handling: CERT/CC Steps for Recovering From a Unix or NT System Compromise | SecurityFocus.com
• Secure Business Quarterly issue on Digital Forensics
• Zeno's Computer Forensics links...
• openforensics.org
• Linux LEO: "The Law Enforcement and Forensic Examiner's Introduction to Linux"
• Bates numbering: "Bates Numbering - What’s in a number anyway?" (C. Brown) | Bates_no (Maresware)
• AFF™ (Advanced Forensic Format)
• Windows: "Notes On Vista Forensics" (J. Morris) | "Fundamental Computer Investigation Guide For Windows" (MS) | "A Guide to Basic Computer Forensics" (TechNet)
• Papers on Oracle forensics

Computer Forensics Tools

• NIST Computer Forensic Tool Testing site (See also Brian Carrier's Digital Forensics Tool Testing Images page)
• National Software Reference Library (NSRL) Project (NIST)
• TUCOFS - The Ultimate Collection of Forensic Software
• COMPUTER FORENSICS TOOLS: dtSearch text finding tool | EnCase (Guidance Software) | AccessData (Forensic Toolkit (FTK), SecureClean, WipeDrive, and password recovery) | Maresware Suite (Mares & Co.) | ProDiscover (Technology Pathways) | Digital Intelligence, Inc. | Paraben Forensic Tools | Sleuth Kit and Autopsy | ILook Investigator (Law Enforcement only) | Forensic Acquisition Utilities (G.M. Garner) [Alt. link] | Network Intrusion's list of forensics tools and forensics toolkits | Windows Forensic Toolchest (WFT) | fbi (E-mail and data forensics software)
• Online conversion utilities (Number base converter, date/time conversion, integer/IPv4 address conversion, string hash, XOR/ADD stream encryption)
• Hiren's BootCD (partition, disk clone, recovery, testing, hard disk, system info, MBR, BIOS/CMOS, password, file system, and other tools)
• CERT Forensics tools (including LE-only tools)
• COMPUTER FORENSICS HARDWARE: Intelligent Computer Solutions | Digital Intelligence, Inc. | wiebeTECH | Data Forensics Engineering | Forensic Computers
• KEYSTROKE LOGGERS: Keylogger.org | KEYKatcher | KeyGhost | Blazing Tools Software Perfect Keylogger || Anti-Keylogger
• GCK's papers: List of File Signatures (includes pointers to magic numbers, file extension pages, and graphics file formats) | The BASE64 and BASE32 Alphabets | ASCII Decimal and Hexadecimal Conversion Table
• "List of Known Spyware" (unconfirmed list) | SpyArsenal.com
• Sysinternals Windows and Linux internals software
• File and data recovery software
• Windows 2000 memory parser (Carvey)
• Registry Ripper (Carvey)
• Dan Mares' Forensic Software Sources plus another list: A-C, D-F, G-K, L-O, P-S, T-Z
• ANTI-FORENSICS: Network Intrusion's list of antiforensic tools | Metasploit Anti-forensics site (including Metasploit Anti-Forensic Investigation Arsenal (MAFIA)) | Plausible Deniability ToolKit || "How Online Criminals Make Themselves Tough to Find, Near Impossible to Nab" (S. Berinato)
• UNIX/Linux: THE FARMER'S BOOT CD (FBCD) (see also manual) | BackTrack | Linux-Forensics.com (Penguin Sleuth) | The Coroner's Toolkit (TCT), from Dan Farmer and Wietse Venema, a toolkit for incident response/forensic analysis of Unix systems | "Freeware Forensics Tools for Unix" (D. Cheng) | "Basic Steps in Forensic Analysis of Unix Systems" (D. Dittrich) | Bill Stearns' CD of statically linked forensics tools | Forensics Incident Response Environment - F.I.R.E. (Melior, Inc. & DMZS FIRE CD) | Open Source UNIX Forensics Tools | Helix | Auditor security collection
• Knoppix: Knoppix STD (Security Tools Distribution) | Knoppix Hard Disk Installation HOWTO | Installing Knoppix on a hard drive | FREQUENTLY ASKED QUESTIONS AND ANSWERS ABOUT KNOPPIX
• Novell: Captain Nemo - Multi Platform File Manager
• MacOS: Ultimate Guide to Mac OS Forensics | Mac Forensics | MacOS X Forensics | BlackBag Macintosh Forensic Software | SubRosaSoft MacForensicsLab | "FireWire Target Disk Mode Guidelines" (BlackBag Technologies)
• Tech Assist Forensics & Secruity Tools
• MAC time alteration (Windows): PropertiesPlus | FileTime (VB) | AttributeMagic Pro | febooti fileTweak | ShellToys Change Date & Time | FAQ about PC clocks
• Removing/accessing the hard drive from a variety of devices (Sanderson Foresnics)
• Wotsit's Format (file format information on hundreds of different file types)
• Mares Hash Set CD
• Forensic Acquisition Utilities (Windows versions of dd, md5sum, netcat, and more!)
• RDA - Remote Data Acquisition utility
• Protected Storage Explorer
• Default Password List
• Forensic and Log Analysis GUI (FLAG) | PyFlag (FLAG ported to Python
• md5deep (cross-platform program to compute MD5 digests on an arbitrary number of files)
• Silent Runners (VBS script to identify programs that start up with Windows)
• Steganography detection: WetStone Technologies | OutGuess | SpyHunter stego page
• JPEG Exif data extraction: exiftags utility | EXIF-O-Matic | Exifer for Windows | jhead | metadata extractor (Java) [D. Noakes] | "Exchangeable Image file Format (ExIF)" (C. Brown) | (While on the topic of JPEG, see JPG Degradation over Successive Saves)
• "Forensic Analysis of the Windows Registry"
• Metadata Assistant for Word, Excel and PowerPoint (Payne)
• Digital photos as evidence (Keith Hodges)
• Windows Forensics and Incident Recovery site and Forensic Server Project (Harlan Carvey)
• CASE TIMELINE/VISUALIZATION TOOLS: i2 Analyst's Notebook, visual investigative analysis software | CaseAnalysis (CaseMap, TimeMap)
• HARDWARE INFORMATION: pc-hardware-faq/enhanced-IDE | Hard Disk Drives (from The PC Guide) | "FAT (File Allocation Table) File System Tutorial (Seamons) | "FAT: General Overview of On-Disk Format (Microsoft) | "Microsoft Extensible Firmware Initiative, FAT32 File System Specification, FAT: General Overview of On-Disk Format" (Microsoft) | "NTFS file system" (Mikhailov) | "The EXT2 File System" (The Linux Tutorial site) | Apple Computer Technical Note TN1150, "HFS Plus Volume Format" | DEW Associates Corporation Knowledge Center (articles on ACPI-compliant BIOS, CMOS, firmware, virtual memory, motherboards, and hard drives) | SCSI Storage Interfaces (T10 Technical Comm.) | ATA drives (T13 Technical Comm.)
• MAGNETIC FORCE MICROSCOPY (MFM): MFM overview | "Magnetic Force Microscopy (MFM)" (Alexeev & Popkov) | Magnetic Resonance Force Microscopy (IBM Almaden Research Center), w/ MPEG animation | Scanning Probe Microscopy | "Scanning Probe Microscopy (SPM)" (J.W. Cross)
  
  See also GCK's pointers to crypto/stego tools and passwords crackers/hacker tools.

Mobile Device Forensics

• CELL PHONE ANALYSIS: "Cell Phone Forensic Tools: An Overview and Analysis" (NIST IR 7250) | "Cell Phone Forensic Tools: An Overview and Analysis Update" (NIST IR 7387) | "Guidelines on Cell Phone Forensics" (NIST SP 800-101) | "Forensic Examination of a RIM (BlackBerry) Wireless Device" (M.W. Burnette) | Creating a Cell Phone Investigation Toolkit: Basic Hardware and Software Specifications (SEARCH) | SEARCHinvestigative toolbar | phone scoop | Carrier info from NANPA | FCC Antenna Structure Registration site | FoneFinder | The Cellular Phone Resource Page | Mobile Forensics Central | e-evidence.info pointers... | PhoneNews.com | Forensics Telecommunications Services (FTS) | Phone-Forensics portal
• CELL PHONE PRODUCTS: "Creating a Cell Phone Investigation Toolkit: Basic Hardware and Software Specifications" (SEARCH) | BitPim | SIMCon | Oxygen Software | MOBILedit! | CelleBrite | Susteen DataPilot | Paraben | Cell Phone Analyzer | BKFORENSICS | Mobile Examiner & Hex-Dump.com | Project-a-Phone | Fernico ZRT (camera/software) | Universal CDMA BOX | ESN Converter tool
• PDA ANALYSIS: NIST IR 7100: "PDA Forensic Tools: An Overview and Analysis" (August 2004) | NIST SP 800-72: "Guidelines on PDA Forensics" | "iPod Forensics" (Marsico & Rogers) | DVD Forum || pilot-link (Linux<->PalmOS) | Palm OS Emulator (POSE) | Palm dd (pdd) | ABC Amber BlackBerry Converter
• SMS: "SMS and the PDU Format" | "Understanding SMS" (Harrington)
• Nokia secret codes

Network Forensics

• Internet Archive waybackmachine
• SEARCH's ISP List
• WebCase, The Investigators Internet Collection Tool
• Guide to Computer and Network Data Analysis: Applying Forensic Techniques to Incident Response (NIST draft SP 800-86)
• FORWARD EDGE II (USSS Interactive Training & Resources To Combat Electronic Crimes)
• "Collecting Evidence from a Running Computer: A Technical and Legal Primer for the Justice Community" (SEARCH) | Live View (CERT) | LiveDiscover and LiveWire Investigator (WetStone) | RIP (Remote Information Probe) [Technology Pathways]
• Network Forensics products: NetIntercept (Sandstorm Enterprises) | SilentRunner and Unicenter Network Forensics | NIKSUN - Forensics & Compliance
• Internet information sites: Sam Spade | DNS Stuff | DomainTools | NETWORK-TOOLS.COM
• LOG FILE FORMATS: SMTP server log format (sendmail & Exchange) | HTTP Server Log Files
• E-MAIL INVESTIGATION: "Understanding E-mail" (NDAA) | "The ECPA, ISPs & Obtaining E-mail (NDAA) | "How to View Email Headers" (SEARCH) | "CSI: Lost e-mails" (S. Ulfelder, Network World, 9/2003) | Yahoo! Messenger Archive Decoder | "Tracking E-mail" (G.E. Boyd)
• INSTANT MESSAGING: "A study of Internet instant messaging and chat protocols" (IEEE Network) || Yahoo! Messenger Protocol (Wiki) | Yahho Messenger Protocol (Venky's World) | Yahoo Protocol Tutorial | Yahoo Messenger Protocol v9 | YMSG Packet Types | AIM/OSCAR Protocol (Wiki) | GAIM protocols | MSN Messenger Protocol page | Msn Messenger Protocol (Venky's World)
• Geobytes IP Address Locator Tool (pretty good, usually)
• Infobin Information Services ISP Contact List
• CALLER ID SPOOFING: Star38.com (stealth telecom) | "VoIP hacks gut Caller I.D." (K. Poulsen, July 2004)
• TELEPHONE SEARCH SITES: AnyWho | Switchboard Internet Yellow Pages and White Pages (and maps!) | Infobel.com (International) | Canada411 | fonefind.com | FoneFinder
• Family Watchdog (National Sex Offender Registry)
• TERMS AND VERNACULAR: Chat site, text messaging, etc. lingo | NetLingo The Internet Dictionary | Chat Abbreviations
• PEOPLE SEARCHES: zoominfo | freeality.com Internet Search Engines | skipease — The People Search Network (skiptracing) | DOCUSEARCH | NetDetective | NETR Real Estate Information and Public Records Research | ZabaSearch | SearchBug (includes people search by address | WhitePages.com (includes reverse lookups) | Directory Assistance plus | zoominfo | SearchSystems.net public records directory | l.e.a.d.s.online | Entersect Corp. | peoplefinders | intellus.com | INTELIUS | GorillaTrace - Metasearch for Investigative Professionals
• SOCIAL SECURITY NUMBERS: SSN Verification (SSA.gov) | SSN validation software (Maresware)
• SATELLITE PICTURES: TerraFly (Java) | TerraServer | TerraServer-USA | Google maps
• SOCIAL NETWORKS: Social network analysis | PieSpy Social Network Bot
• BOT NETS: "Know your Enemy: Tracking Botnets (Honeynet Project) | "Botnets as a Vehicle for Online Crime" (CERT) | "An Inside Look at Botnets" | "Attack of the Bots (WIRED, 14.11, Nov. 2006)
• Online Investigator's Handbook

Commercial Training/Certifications/Investigations

• GKS Digital Services, LLC
• Computer Forensics, Inc.'s Resource Center
• CyberEvidence
• CyberSecurity Institute
• Deloitte & Touche Analytic & Forensic Technology
• InfoSec Institute
• netForensics
• PROTEX International, Digital Forensic Group
• Center for Computer Forensics
• Berryhill Computer Forensics
• Burgess Forensics
• Innovative Digital Forensic Solutions, L.L.C.
• KrollOntrack
• WetStone Technologies
• Forensicon
• CELL/MOBILE PHONE: BKForensics | Paraben | Mobile Forensics Training
• CERTIFICATIONS: The International Society of Forensic Computer Examiners (ISFCE) | Certified Computer Examiner (CCE) | Certified Computer Examiner (CCE) [Kennesaw State] | Certified Information Forensics Investigator (CIFI) [IISFA]
• Law Enforcement Officers should also see Certified Forensic Computer Examiner (CFCE) [IACIS] and courses at NW3C and SEARCH