Computer Forensics

Computer Forensics

Information and Whitepapers

Download or Read On-Line

(For Your Knowledge or Curiosity)

SANS Institute GIAC Practical Papers by Mark E. Donaldson

• GSEC: Inside The Buffer Overflow Attack
• GCFW: A Comprehensive Security Plan For GIAC Enterprises
• GCIH: Buffer Overflow In Samba Server
• GCUX: Secure Linux Firewall Deployment

Computer Forensics - Disk Analysis and Diagnostics

• Creating a Backup of System Partitions Using WinHex
• Disk Editing with WinHex by Stephen Fleischman
• WinHex Forensics Manual by Stephen Fleischman
• WinHex Template Tutorial by Paul Mullen
• Seagate DiscWizard User Guide (Seagate Technology)
• SeaTools DOS Guide (Seagate Technology)
• FJDT Status Codes (Fujitsu)
• Western Digital Hard Drive Diagnostic Utility User Guide (Western Digital)
• Hitachi Drive Fitness User Guide (Hitachi)
• Hitachi Feature Tool User Guide (Hitachi)
• Hitachi OGT Diagnostic Tool User Guide (Hitachi)
• Hitachi Drive Fitness Test by Mark E. Donaldson
• MHDD Documentation by Dennis German
• MHDD Manual by Dmitry Postrigan
• MHDD Usage Manual by Dmitry Postrigan
• SpinRite 5.0 Owners Guide Addendum (Gibson Research Corporation)
• SpinRite 5.0 Owners Guide(Gibson Research Corporation)
• SpinRite 5.0 Technical Brochure (Gibson Research Corporation)
• SpinRite Under the Hood by Steve Gibson
• Victoria 3.3.2 User Manual (Russian) by Последняя версия
• Troubleshooting with Disk Probe (Microsoft Corporation)
• Using Disk Edit by Mark E. Donaldson
• Using Disk Probe for Data Recovery by Mark E. Donaldson
• Using Disk Save (Microsoft Corporation)
• Check Disk and Check NTFS by Pat Bloodwell
• Using chkdsk by Mark E. Donaldson
• Using fsck by Mark E. Donaldson
• HDDScan Windows User Manual by Artem Rubtsov
• Windows 2000 CHKDSK Management (Microsoft Corporation)
• Windows 2000 Disk Concepts and Troubleshooting (Microsoft Corporation)

Computer Forensics - File Systems

• FAT32 File System Specification (Microsoft Corporation)
• Linux File Structure
• Theres a Lot in the Dot - Filesystem Permissions and Pathnames by Jerry Peek
• UNIX File System Layout
• The UNIX Filesystem by Mark E. Donaldson
• AFS Administration Guide (IBM)
• Amiga Floppy Disk Format by Laurent Clevy
• Design and Implementation of the Second Extended Filesystem by Remy Card, Theadore Ts'o, and Stephen Tweedie
• Ext2 File System Overview by Gadi Oxman
• FAT Dilemma (Western Digital)
• FAT General Overview On-Disk Format (Microsoft Corporation)
• File System Performance (Sun Microsystems)
• Inside HPFS Part 0 by Dan Bridges
• Inside HPFS Part 1 by Dan Bridges
• Inside HPFS Part 2 by Dan Bridges
• Inside HPFS Part 3 by Dan Bridges
• Inside HPFS Part 4 by Dan Bridges
• Inside HPFS Part 5 by Dan Bridges
• Large Files in Solaris (Solaris OS Group)
• Legacy File Systems by Mark E. Donaldson
• Long File Names Structure by Jeff Prosise
• Long Files Names Specification (Microsoft Corporation)
• Notes on the Structure of the VFAT Filesystem by Galen C. Hunt
• NTFS Security Pitfalls by Mark E. Donaldson
• The BFS Filesystem Structure by unknown
• The FAT File System by Brian Carrier
• The NTFS File System by Brian Carrier
• The NTFS Master File Table by Mark E. Donaldson
• The Second Extended File System by Dave Poirir
• ZFS Administration Guide (Sun Microsystems)
• Linux ext3 FAQ by unknown
• Linux Filesystem Security by Mick Bauer (Linux Journal)
• Anatomy of Linux Journaling File Systems by M. Tim Jones
• Anatomy of ext4 by M. Tim Jones
• ext4 File System - Introduction and Benchmarks by Jeffrey B. Layton
• From ext3 to ext4 - An Interview with Theodore Tso by Jeffrey B. Layton
• ZFS on FUSE by Roderick W. Smith

Computer Forensics - File System Analysis

• Autopsy Installation and Use (Brian Carrier)
• File Activity Timelines by Brian Carrier
• File System Analysis Techniques by Brian Carrier
• MAC-Robber Installation and Use (Brian Carrier)
• Mounting Disks with Linux's loopback Device by Jason Boxman
• Running Sleuthkit and Autopsy Under Windows by Charles Lucas
• Sleuthkit Installation and Use (Brian Carrier)
• TCTUtils Installation and Use (Brian Carrier)
• The Coroners Toolkit (TCT) Installation and Use (Venema & Farmer)
• Encrypted File System (EFS) Recovery by Clark
• How Forensic Tools Recover Digital Evidence
• How To Resize Ext3 Partitions Without Losing Data by Falko Timme
• Repairing Linux Filesystems by Mark E. Donaldson
• Analyzing a Filesystem by Morgan David
• Hidden NTFS Alternate Data Streams by Mark E. Donaldson
• HFS Plus Volume Format (Apple)
• Midnight Commander File Manager by Phillipp Thomas
• ntfsprogs Manual
• Communicating With the Other Half - NTFS Support in Linux by Roderick W. Smith
• Linux ntfsprogs by Barry Shilliday
• The Interoperability Power of Linux-NTFS Tools by Steven Mathis
• Data Hiding in Journaling File Systems by Knut Eckstein and Marko Jahnke
• Data Hiding Tactics for Windows and Unix File Systems by Hal Berghel, David Hoelzer, and Michael Sthultz

Computer Forensics - File System Analysis - TSK Informer

• The Sleuth Kit Informer Issue #1 (Brian Carrier)
• The Sleuth Kit Informer Issue #2 (Brian Carrier)
• The Sleuth Kit Informer Issue #3 (Brian Carrier)
• The Sleuth Kit Informer Issue #4 (Brian Carrier)
• The Sleuth Kit Informer Issue #5 (Brian Carrier)
• The Sleuth Kit Informer Issue #6 (Brian Carrier)
• The Sleuth Kit Informer Issue #7 (Brian Carrier)
• The Sleuth Kit Informer Issue #8 (Brian Carrier)
• The Sleuth Kit Informer Issue #9 (Brian Carrier)
• The Sleuth Kit Informer Issue #10 (Brian Carrier)
• The Sleuth Kit Informer Issue #11 (Brian Carrier)
• The Sleuth Kit Informer Issue #12 (Brian Carrier)
• The Sleuth Kit Informer Issue #13 (Brian Carrier)
• The Sleuth Kit Informer Issue #14 (Brian Carrier)
• The Sleuth Kit Informer Issue #15 (Brian Carrier)
• The Sleuth Kit Informer Issue #16 (Brian Carrier)
• The Sleuth Kit Informer Issue #17 (Brian Carrier)
• The Sleuth Kit Informer Issue #18 (Brian Carrier)
• The Sleuth Kit Informer Issue #19 (Brian Carrier)
• The Sleuth Kit Informer Issue #20 (Brian Carrier)
• The Sleuth Kit Informer Issue #21 (Brian Carrier)
• The Sleuth Kit Informer Issue #22 (Brian Carrier)
• The Sleuth Kit Informer Issue #23 (Brian Carrier)

Computer Forensics - File System Analysis - Fragmentation

• Inside Windows NT Disk Defragmenting by Mark Russinovich
• NTFS and Fragmentation by Mark E. Donaldson
• Defragmentation Tutorial For Windows (Raxco)
• The FragBook (Classic) by Craig Jensen
• The Shortcut Guide to Managing Disk Fragmentation by Mike Danseglio
• JKDefrag Frequently Asked Questions
• JKDefrag Command Line Options
• Identifying Fragmentaion Related Problems (Executive Software)
• Defragmenting RAID by Mark E. Donaldson

Computer Forensics - Data Recovery - Methodology

• Foremost Installation and Use (Kendall and Kornblum)
• The Foremost Open Source Forensic Tool by Ray Strubinger (SysAdmin Magazine)
• Recover Deleted Files with Foremost by Falko Timme
• Recovering Deleted Files in Linux by Brian Buckeye and Kevin Liston (SysAdmin Magazine)
• Recovering Lost ext2 Linux Filesystems by Steve Friedl
• Linux ext2fs Undeletion mini-HOWTO by Aaron Crane
• Undeleting Files on the Linux ext2 Filesysten with debugfs and e2undel by Oliver Deitrich
• Disk Maintenance Under Linux (Disk Recovery) by David A. Bandel
• How a Corrupted USB Drive Was Saved by GNU-Linux by Collin Park
• How to Recover Lost Files After You Accidentally Wipe Your Hard Drive by Shawn Hermans
• HOWTO Undelete Removed Files and Directories on an ext3 File System by Carlo Wood
• Linux Data Hiding and Recovery by Anton Chuvakin
• Tales from the Abyss - UNIX File Recovery by Liam Widdowson and John Ferlito
• Recovering Unrecoverable Data (Classic) by Charles H. Sobey
• When Disaster Strikes - Hard Drive Crashes by Kyle Rankin (Linux Journal)
• When Disaster Strikes - Restoring the Master Boot Record by Kyle Rankin (Linux Journal)
• When Disaster Strikes - Attack of the rm Command by Kyle Rankin (Linux Journal)
• 3D Data Recivery Process by Andrei Shirobokov (DeepSpar Data Recovery Systems)
• Data Recoverability (Runtime Software)
• Data Recovery by Mitchell Dawson, Chris Forgie, Jon Davis, and Steve Tauber
• Easy Recovery User Guide (OnTrack)
• Ext2 File Undeletion by Bill Jonas
• Adding a New Hard Disk by Aeleen Frisch
• Linux Disk Management by Ken Hess
• Disable USB Removable Mass Storage Device Drive Access in Windows by unknown
• How to Data Recovery (GetDataback)
• How to Disable Write Access to USB Hard Disk and Flash Key Drives by unknown
• Open Source Digital Forensics Tools - The Legal Argument by Brian Carrier
• The Linux Kernel and the Forensic Acquisition of Hard Disks with an Odd Number of Sectors by Jesse D. Kornblum
• Using WinHex and MHDD to Fix and Restore Original 20GB HDD by jhonnyp0lak
• VISTA and Windows 7 Shadow Volume Forensics by Rob Lee
• X-Ways Forensics User Manual by Stefan Fleischmann

Computer Forensics - Data Recovery - TestDisk

• TestDisk Step by Step by CGSecurity
• Recovering from File System Corruption Using TestDisk by ido50
• Recovering a Lost Partition With TestDisk by unknown
• TestDisk Installation and Useage (Grenier, Brandt, and Sedory)
• Using the TestDisk Recovery Utility by Daniel B. Sedory

Computer Forensics - Data Recovery - Hardware

• Data Recovery Whitepaper by Scott Moulton
• Data Recovery Whitepaper Revision 16 by Scott Moulton
• Head Stack Replacement by Stanislav Korb
• Technicians Guide to PC Hard Disk Subsystems (Classic) by Nicholas Majors
• Fixing a Seagate 7200.11 Hard Drive by unknown
• Hard Disk Drives Technologies and Configurations by DEW Associates Corporation
• Introduction to Hard Disk Drives by Mark E. Donaldson
• Hard Disk Drive Performance Measures by Mark E. Donaldson
• Revive a Dead Hard Drive (TechRepublic)
• Serial ATA Native Command Queuing (Intel and Seagate)
• Computer Forensics and the ATA Interface by Arne Vidström
• Failure Trends in a Large Disk Drive Population by Eduardo Pinheiro, Wolf-Dietrich Weber, and Luiz Andr´e Barroso
• Legacy Hard Disk Drive Configuration by Mark E. Donaldson
• Matching Hard Drive Serial Numbers by Scott A. Moulton
• Relics Glovebox by unknown
• Seagate RS232 Adapter Schematic and Application
• Seagate RS232 Adapter Schematic
• Using IDE Cable Select by Steve Friedl

Computer Forensics - Data Recovery - Hardware - HPA (Host Protected Area), SA (System Area) and DCO (Device Configuration Overlay)

• Hidden Disk Areas - HPA and DCO by Mayank R. Gupta, Michael D. Hoeschele, and Marcus K. Rogers
• Hidden Protected Areas (IBM)
• HPA Create Diagram
• Analysis of ATA Protected Area by Christopher L.T. Brown

Computer Forensics - Data Recovery - Hardware - CHS-LBA-PBA

• LBA and CHS Format LBA Mapping by unknown
• Proposal of Rules for CHS and LBA Calculation by Dan Colgrove and Mark Evans (IBM)
• When One Billion does not Equal One Billion by James Wiebe
• Proposal to Cleanup Some CHS and LBA Items for ATA-ATAPI-4 by Mark Evans
• Some Notes on LBA by unknown

Computer Forensics - Data Recovery - Hardware - Hard Disk Drive Barriers (Legacy)

• Hard Drive Size Limitations and Barriers (DEW associates Corporation)
• BIOS Barriers (Western Digital)
• Breaking the 8.4 GB Barrier (OnTrack)
• Drive Math by Mark E. Donaldson
• Hard Drive Capacity Barriers (Western Digital)
• The 8.4 GB Barrier (Western Digital)

Computer Forensics - Data Recovery - Hardware - Head Technology

• GMR Head Structure (IBM)
• GMR Head Technology (Western Digital)
• Hard Disk Drive Recording
• The Era of Giant Magnetoresistive Heads by Jim Belleson and Ed Grochowski
• Materials and Processes for MR and GMR Heads and Assemblies by Dr. K. Gilleo, N. Kerrick, and G. Nicholls
• Mr and GMR Technology by Dr. K. Gilleo, N. Kerrick, and G. Nicholls

Computer Forensics - Data Recovery - Hardware - Electronics

• Analysis of Nonlinear Transition Shift and Write Precompensation in Perpendicular Recording Systems by Zheng Wu, Paul H. Siegel, Jack K. Wolf, and H. Neal Bertram
• Atomic Force Microscopy by Alexander Luce
• Capacity of Noiseless and Noisy Two-Dimenstional Channels by Paul H. Siegel
• Codes for Digital Recorders by Kees A. Schouhamer Immink, Paul H. Siegel, and Jack K. Wolf
• Amiga Disk Encoding Schemes by Betty Clay
• Constrained Coding Techniques for Advanced Data Storage Devices by Paul H. Siegel
• Data Encoding Schemes by unknown
• Magnetic Media Recording
• Magnetic Field Sensor with Ferromagnetic Thin Layers Having Magnetically Antiparallel Polarized Components (Classic) Grunberg Patent 1988
• Modulation and Coding for Information Storage by Paul H. Siegel and Jack K. Wolf
• Noise Prediction for Perpendicular Recording by Zheng Wu, Paul H. Siegel, Jack K. Wolf, and H. Neal Bertram
• Receive Signal Decoders by unknown
• Recording Codes for Digital Magnetic Storage by Paul H. Siegel
• Servomotor Information (BPESolutions)
• Spin Stand Microscopy of Hard Disk Data by Craig Wright
• The Power Spectrum of Run-Length-Limited Codes by Ayis Gollopougos, Chris Heegard, and Paul H. Siegel
• The Virtures of Redundancy - An Introduction to Error-Correcting Codes by Paul H. Siegel
• The Continuing Miracle of Information Storage Technology by Paul H. Siegel

Computer Forensics - Data Recovery - Hardware - SSD (Solid State Disks)

• Solid State Drive and Data Recovery by admin
• Design Tradeoffs for SSD Performance by Nitin Agrawal, Vijayan Prabhakaran, Ted Wobber, John D. Davis, Mark Manasse, and Rina Panigrahy
• The SSD Anthology by Anand Lal Shimpi

Computer Forensics - Data Recovery - RAID

• How RAID Arrays Work by Scott A. Moulton
• RAID5 Perl Utility by Mike Hardy
• Recover Broken RAID 5 by Edmundo Carmona
• The R in RAID Stands for What by Admin
• Windows NT RAID by Mark E. Donaldson
• RAID by Mark E. Donaldson

Computer Forensics - Data Recovery - Scrubbing and Sanitization

• Secure Deletion of Data from Magnetic and Solid-State Memory (Classic) by Peter Gutmann
• Secure File Deletion (SANS Institute Paper) by John R. Mallery
• Data Sanitization Tutorial by Gordon Hughes and Tom Caughlin
• Disposal of Disk and Tape Data by Secure Sanitization by Gordon Hughes, Daniel M. Commins, and Tom Caughlin
• Do I Need to Overwrite My Hard Drive Multiple Times by Steve Elderkin
• Information Left After Disk Cleaning by Andy Jones and Christopher Meyler
• NIST Guidelines For Media Sanitation by Richard Kissel, Matthew Scholl, Steven Skolochenko, and Xing Li
• Overwriting Hard Drive Data - The Great Wiping Controversy by Craig Wright, Dave Kleiman, and Shyaam Sundhar
• Overwriting Hard Drive Data by Dr. Craig Wright
• Secure Erase FAQ (CMRR at UCSD)
• Secure Erase Paper (CMRR at UCSD)

Computer Forensics - System Recovery

• System Rescue CD Manual by Francois Dupoux, Gregory Nowak, and Franck Ladurelle
• Windows 2000 Repair, Recovery, Restore (Microsoft Corporation)
• Windows NT Emergency Boot by Mark E. Donaldson
• Emergency Repair Disk (ERD) by Lance Jensen

Computer Forensics - Volume Analysis

Computer Forensics - Volume Analysis - Hale Landis Classics

• ATA FAQ (Hale Landis)
• CHS Translation (Hale Landis)
• DOS Floppy Disk Boot Sector (Hale Landis)
• Facts and Fiction (Hale Landis)
• Master Boot Record (Hale Landis)
• OS2 Boot Sector (Hale Landis)
• Partition Tables (Hale Landis)

Computer Forensics - Volume Analysis - Boot Process

• The Windows 7 Boot Process by Mark E. Donaldson
• Windows 7 Boot Process Illustrated (Graphic) by Mark E. Donaldson
• Computer Boot Sequence (Classic) by Basil Fawlty
• The Boot Process by Mark E. Donaldson
• Das Boot (Classic) by Howard Gilbert
• Inside the Boot Process by Mark Russinovich
• The Master Boot Record and Why it is Necessary (DEW Associates Corporation)
• Windows Boot Process and Simple Troubleshooting by unknown
• Windows Vista Boot Process Overview by Arun Arora
• Windows Vista vs XP Boot Process by Mark E. Donaldson
• BIOS Boot Specification V1.01 by Compaq-Phoenix-Intel
• Booting Linux - History and Future by Werner Almesberger
• Guide to x86 Bootstrapping by unknown
• The Linux 2.0 Boot Sector by unknown
• A Guided Tour of the Linux Boot by Craig Van Degrift
• Dual Boot System with Windows Vista by Ed Bott, Carl Siechert, and Craig Stinson
• Adding Windows 7 to Linux Multiboot by Loko
• How Dual Boot Windows XP and Windows 7 by James Bannan
• Set Up a Dual Boot System with Windows Vista by Ed Bott, Carl Siechert, and Craig Stinson
• An Easy Way to Boot Between Vista and XP by André Boutet
• Master Boot Code on Computer with both Windows Vista and Windows XP by John Savill and Jerold Schulman
• Use the Bootrec Tool to Repair Startup Issues in Vista by Mark E. Donaldson
• Vboot Kit by Nitin Kumar and Vipin Kumar
• Vbootkit 2.0 - Attacking Windows 7 Boot Sectors by Nitin Kumar and Vipin Kumar
• Vbootkit 2 Code by Nitin Kumar and Vipin Kumar

Computer Forensics - Volume Analysis - Boot Process - Loaders and Managers

• Bdcedit by Mark Minasi
• Debugging Windows Vista - The Boot.ini File Bug (Microsoft Corporation)
• Boot with GRUB by Wayne Marshall
• GNU GRUB Manual by Gordon Matzigkeit and Yashinori K. Okuji
• LILO Mini HOWTO by Miroslav "Misko" Skoric
• Multiple Booting Using NT Loader by Mark E. Donaldson
• The Logical Volume Manager (LVM) (SUSE Linux)
• BCD Boot Options Reference (Microsoft Corporation)
• Kick-Start Startup with Boot.ini by Kathy Ivens
• Using LILO - The Linux Loader by Aeleen Frisch
• Recovering the Vista Bootloader from the Windows DVD by Mahmoud Al-Qudsi
• Recovering the Vista Bootloader with EasyBCD by Mahmoud Al-Qudsi
• How Do I Dual Boot an Existing OS with Windows 7 or Windows Server 2008 R2 Installed in a Virtual Hard Disk by John Savill

Computer Forensics - Volume Analysis - Boot Process - Legacy Boot Code

• Daniels NASM Bootstraps Tutorial by Daniel Marjamäki
• The Boot Sector by Chris Lattner
• Windows 95 Boot Sector by unknown
• Bootsector Authoring by Gareth Owen
• Enabling of the A20 Address Line by J. Andrew McLaughlin
• Format of the BIOS Data Segment at Segment 40h
• Format of the CMOS Data Area by James Vahn
• Writing a Bootsector by Jeff Weeks

Computer Forensics - Volume Analysis - Partitioning and Partition Tables - MBR

• Partitioning Primer (Classic) by Mikhail Ranish
• Master Boot Record and Partition Table by Mark E. Donaldson
• Using DiskPart by Mark E. Donaldson
• Windows VISTA Disk Partitioning by Mark E. Donaldson
• Introduction to Partition Tables by Daniel B. Sedory
• Partition Types and Identifiers
• Properties of Partition Tables by unknown
• The GNU parted Manual (2002)
• Windows NT and Large Partitions by Mark E. Donaldson
• Partition Notes by Svend Olaf Mikkelsen
• Advanced Parition Notes by Svend Olaf Mikkelsen
• An Examination of the Standard MBR by Daniel B. Sedory
• How Basic Disks and Volumes Work (Microsoft Corporation)

Computer Forensics - Volume Analysis - Partitioning and Partition Tables - GPT

• EFI Specification 1.10 (Intel Corporation)
• EFI Specification 1.10 Draft (Intel Corporation)
• EFI Specification 1.02 (Intel Corporation)
• EFI How To Guide (Intel Corporation)
• GPT fdisk for Linux (Classic) by Rod Smith
• GUID Partition Table Scheme
• Make the Most of Large Drives with GPT and Linux (Classic) by Roderick W. Smith
• Secrets of the GPT (Apple Computer)
• Using GPT Drives (Microsoft Corporation)
• Windows and GPT FAQ (Microsoft Corporation)

Computer Forensics - Methodology and Evidence Acquisition

• Electronic Crime Scene Investigation (U.S. Department of Justice)
• Searching and Siezing Computers and Obtaining Electronic Evidence in Criminal Investigations (U.S. Department of Justice)
• Forensic Examination of Digital Evidence (U.S. Department of Justice)
• Good Practice Guide Evidence Collection (Association of Chief Police Officers)
• Five On Forensics by Craig Ball
• Six On EDD by Craig Ball
• Six On Forensics by Craig Ball
• Forensic Discovery (Classic) by Wietse Vinema
• Computer and Network Forensics by unknown
• Digital Evidence in the Courtroom (National Center for Forensic Science)
• Encase Legal Journal (Guidance Software)
• Evidence Acquisition (Purdue University)
• Evidence Acquisition II (Purdue University)
• KNOPPIX Bootable CD Validation by Ernest Baca
• KNOPPIX First Responder Guide
• Law Enforcement and Forensic Examiner Guide to Linux by Barry J. Grundy
• Network Forensic Analysis by Vicka Corey, Charles Peterman, Sybil Shearin, Michael S. Greenberg, and James Van Bokkelen
• Preservation of Fragile Digital Evidence By First Responders by Jesse Kornblum
• Procedural Aspects of Obtaining Computer Evidence by Christopher L.T. Brown
• Steps for Recovering from a UNIX or NT System Compromise (CERT)
• Useful Computer Forensic Tools (Technology Pathways)
• Understanding Computer Investigation (Thompson Course Technology)
• Detection of Data Hiding in Computer Forensics by James E. Martin
• A Digital Forensics Primer by unknown

Computer Forensics - Disk and Forensic Imaging

• AFF - A New Format for Storing Hard Drive Images by Simson L. Garfinkle
• AFF - The Advanced Forensic Format (Basis Technology)
• Advanced Forensic Format - An Open Extensible Format For Disk Imaging by S. Garfinkel, D. Malan, K. Dubec, C. Stevens and C. Pham
• 
• Disk Imaging with the Advanced Forensics Format, Library and Tools by S. Garfinkle, D. Malan. K Dubek, C. Stevens, and C. Pham
• Providing Cryptographic Security and Evidentiary Chain-of-Custody with the Advanced Forensic Format, Library, and Tools by Simson L. Garfinkle
• Forensic Disk Imaging Step-by-Step by Synjunkie
• Using dd within UNIX to Create Physical Backups and Restore Images by Thomas Rude
• Linux DD by AwesomeMachine
• Disk Imaging Tool dd Test Results (U.S. Department of Justice)
• How to Duplicate your Hard Drive with Ghost 6 by Spot
• Deep Spar Disk Imaging Whitepaper by Andrei Shirobokov (DeepSpar Data Recovery Systems)
• Cloning an Entire PC Over the Network by Gerrit Renker
• How to Make a Forensic Copy Through the Network by Geert Van Acker
• Benchmarking Hard Disk Duplication Performance in Forensic Applications by Robert Botchek
• Building a Windows PE Image (Microsoft Corporation)
• Create a Custom Windows PE Image (Microsoft Corporation)
• Creating a dd-dcfldd Image Using Automated Image and Restore by Falko Timme
• dd by Sam Chessman
• Dealing with PC Guardians Encryption Plus Hard Drive by Keven Murphy
• Forensic Acquisition Utilities by George M. Garner Jr.
• FTK Imager User Guide (AccessData)
• Ghost Reference Guide (Symantec)
• Ghost Windows for Free with DriveImage XML by Brian Bondari
• Ghost Windows for Free with Macrium Reflect by Brian Bondari
• Ghost Windows for Free with Paragon Drive Backup Express by Brian Bondari
• PING - Partimage is not Ghost HowTo (Effitek)

Computer Forensics - Forensic Booting and Bootable Images - Technical

• Constructing a Bootable CD (1995) by Phoenix Technologies
• Primer On CD-R by Mike Richter
• El Torito Bootable CD Format Specification Version 1.0 (1995) by Phoenix Technologies
• El Torito Bootable CD-ROM Format Specification Version 1.0 (1995) by Phoenix Technologies
• Information Specification for Bootable CD-ROM by SFF Committee
• Volume and File Structure of CDROM for Information Interchange by ECMA
• ISO9660 Simplified for DOS-Windows by Philip J. Erdelsky
• Joliet Specification (Microsoft Developer Relations Group)
• Introduction to ISO 9660 by Clayton Summers

Computer Forensics - Forensic Booting and Bootable Images - CD-DVD

• How to Create a Windows Vista Boot CD with WinPE by Brian Posey
• Bootable Image Creation Techniques and Methods by Mark E. Donaldson
• Installing and Configuring Windows PE by Rhonda Layfield
• How to Setup Barts PE by unknown
• nLite Guide (nLite)
• Slipstream SP3 into Your Windows XP Installation CD by Kevin Purdy (LifeHacker)
• Getting Hotfixes Onto A Windows Image the Easy Way by Mark Minasi
• Slipstream Windows Vista with SP1 by Amit Agarwal
• Using Magic ISO Maker by Mark E. Donaldson
• How to Create a Bootable Live Windows CD Using UBCD4WIN by Dedoimedo
• How to Build the Ultimate Boot CD for Windows by unknown
• How to Make a Bootable Disk in Vista by Lamar Stonecypher
• Creating Your Own Linux Live CD by Luc Parson
• Create a Bootable Windows PE RAM Disk on CD (Microsoft Corporation)
• Create a Live XP CD Without Using BartPE (intowindows.com)
• How to Create a Windows PE Boot CD by Jay-R Barrios
• Using CreateCD by Luc Parson

Computer Forensics - Forensic Booting and Bootable Images - USB

• Windows in Your Pocket (Classic) by Bjorn Frohlecke Tom's Hardware Guide
• Boot Windows XP From a USB Flash Drive by Brian Posey
• How to Install SystemRescuecD on USB by unknown
• Bootable USB Keys by Martin List-Peterson
• Making openSUSE 11 USB by unknown
• Backtrack USB by unknown
• Boot From a USB Flash Drive by unknown
• Building a Bootable BackTrack 4 Thumb Drive with Persistent Changes and Nessus by Kevin Riggins
• Creating a Backtrack 3 Live USB Drive by Madhatter
• Gparted Live by unknown
• How to Create a Bootable USB Memory Key by (Bay-Wolf.com)
• How to Create Bootable USB Drive to Install Windows Vista by unknown
• Installing Knoppix 5.1.1 to a USB Flash Drive by unknown
• Installing Knoppix 6.0 to a USB Flash Drive by unknown
• XP USB Boot by unknown
• Install Linux on a USB Drive with UNetbootin by unknown
• Little Boots - unetbootin by Kristian Kissling
• Using UNetbootin to create a Live USB Linux by unknown
• BackTrack 4 Install by jabra (remote-exploit.org)
• BackTrack Hard Drive Installation by jabra (remote-exploit.org)
• Clonezilla Live on USB Flash Drive or USB Hard Drive by unknown
• Creating the Parted Magic Live USB by unknown
• How to Make Backtrack 4 Persistent Installation on USB Disk by unknown
• Install Install Windows 7 and Vista From USB Drive (intowindows.com)
• Use a USB Key to Install Windows 7 by Matthew Graven
• Creating Bootable Vista-Windows 7 Flash Drive by Kevin
• Install Ubuntu 6.10 Edgy to USB Using Windows by unknown

Computer Forensics - Forensic Booting and Bootable Images - Network

• Etherboot User Manual by Ken Yap and Markus Gutschke
• Setting up a Server for PXE Network Booting by unknown

Computer Forensics - Memory Forensics and Analysis

• Windows Memory Diagnostic User Guide (Microsoft Corporation)
• Digital Forensics of the Digital Memory by Mariusz Burdach
• An Introduction to Windows Memory Forensic by Mariusz Burdach
• Reverse Engineering: Memory Analysis by nologin
• Forensic RAM Dumping by Arne Vidstrum
• Hardware Based Memory Acquisition Procedure for Digital Investigations by Brian Carrier and Joe Grand
• Address Translation and Storage Management for Persistent Objects by Sheetal Vinod Kakkad
• Win32 Memory Management by Matt Pietrek
• Legacy Memory Management by Mark E. Donaldson
• Memory by Mark E. Donaldson
• Physical Memory Forensics by Mariusz Burdach
• Cold Boot Attack Tools for Linux by Kyle Rankin (Linux Journal)
• Cold Boot Attacks on Encryption Keys by J. Alex Halderman et. al.
• Windows Memory Analysis by Jesse Kornblum
• When Memory Serves You - Using ramfs and tmpfs.pdf by Ken Hess

Computer Forensics - Application and File Analysis

• Identifying Almost Identical Files Using Context Triggered Piecewise Hashing by Jesse Kornblum
• Digital Forensics How Experts Uncover Doctored Images by Hany Farid (Scientific American June 2008)
• Digital Forensics Five Ways To Spot A Fake Photo by Hany Farid (Scientific American June 2008)
• Analysis of the WinZip Encryption Method by Tadayoshi Kohno
• Exchangeable Image File Format (ExIF) by Christopher L.T. Brown
• Attacking and Repairing the WinZip Encryption Scheme by Tadayoshi Kohno
• A Quick Start for lsof by Vic Abell
• An lsof Tutorial and Primer by unknown
• Find Open Files with lsof by Sean Walberg
• Finding Things in UNIX by Dru Lavigne
• lsof Examples and Tips by unknown
• The file Command by unknown
• Using lsof in the Real World by Chris Harrison
• GNU Core Utils by David Alan Gilbert
• Scalable Exploitation of and Responses to Information Leakage Through Hidden Data in Published Documents by Simon Byers
• Original Blair Document
• Ashland Sniper Letter
• Ashland Snipper Letter Unredacted

Computer Forensics - Steganography

• An Overview of Steganography for the Computer Forensics Examiner by Gary C. Kessler
• Debath Image Stego
• debath-stego.gif
• Discovering Covert Digital Evidence by Chet Hosmer and Christopher Hyde
• efdtt.c Image Stego
• efdtt-dataglyphs.gif
• Efficient Wet Paper Codes by Jessica Fridrich, Miroslav Goljan, and David Soukal
• Exploring Steganography - Seeing the Unseen by Neil F. Johnson and Sushil Jajodia
• Fast Steganography-based Multi-Party Protocols for Privacy-Preserving Association Rule Mining in Vertically Partitioned Data by Dragos Trinca and Sanguthevar Rajasekaran
• Hide and Seek - An Introduction to Steganography by Niels Provos and Peter Honeyman
• Hiding in Plain Sight - Steganography and the Art of Covert Communication by Eric Cole
• Hiding in Plain Sight - Using Steganography to Avoid Observation by Sean-Philip Oriyano
• Higher-Order Wavelet Statistics and their Application to Digital Forensics by Hany Farid and Siwei Lyu
• Improving Data Hiding Performance By Using Quantization in a Projected Domain by Fernando Perez-Gonzalez and Felix Balado
• Introduction to Steganography by unknown
• Matrix Embedding for Large Payloads by Jessica Fridrich and David Soukal
• Natural Language Steganography and an AI-complete Security Primitive by Richard Bergmair
• On Estimation of Secret Message Length in LSB Steganography in Spatial Domain by Jessica Fridrich and Miroslav Goljan
• Performance Analysis of Existing and New Methods for Data Hiding with Known-Host Information in Additive Channels by Fernando Perez-Gonzalez, Felix Balado, and Juan R. Hernandez
• Perturbed Quantization Steganography with Wet Paper Codes by Jessica Fridrich, Miroslav Goljan, and David Soukal
• Provably or Probably Robust Data Hiding by Felix Balado and Fernando Perez-Gonzalez
• Quantized Projection Data Hiding by Fernando Perez-Gonzalez and Felix Balado
• Searching for the Stego-Key by Jessica Fridrich, Miroslav Goljan, and David Soukal
• Secret Messages Come in .Wavs by Declan McCullagh
• Soft Tempest - Hidden Data Transmission Using Electromagnetic Emanations by Markus G. Kuhn and Ross J. Anderson
• Steganography - Hiding Data Within Data by Gary C. Kessler
• Steganography - How to Send a Secret Message by Bryan Clair
• Steganography - Implications for the Prosecutor and Computer Forensic Examiner by Gary C. Kessler
• Steganography and Steganalysis by J.R. Krenn
• Steganography Examples with Outguess by unknown
• Steganography via Codes for Memory with Defective Cells by Jessica Fridrich, Miroslav Goljan, and David Soukal
• Steganography - Implementation and Detection by Robert Krenn
• Steganography by Neil F. Johnson
• StegBreak Manual by unknown
• StegDetect Manual by Unknown
• StegFS - A Stegnography File System for Linux by Andrew D. McDonald and Markus G. Kuhn
• Steganography Poster
• Wet Paper Codes with Improved Embedding Efficiency by Jessica Fridrich, Miroslav Goljan, and David Soukal
• Writing on Wet Paper by Jessica Fridrich, Miroslav Goljan, and David Soukal
• A Robust Data Hiding Technique Using Multidimensional Lattices by J.J. Chae, D. Mukherjee, and B.S. Manjunath
• Applications for Data Hiding by W. Bender, W. Butera, D. Gruhl, R. Hwang, F. J. Paiz, and S. Pogreb
• Chaffing and Winnowing - Confidentiality Without Encryption by Ronald L. Rivest
• Coding at the Sample Level for Data Hiding - Turbo and Concatenated Codes by Felix Balado and Fernando Perez-Gonzalez
• Data Hiding Capacity and Embedding Techniques for Printed Text Documents by Aravind K. Mikkilineni et al
• Data Hiding in Video by J. J. Chae and B. S. Manjunath
• Digital Steganography - Hiding Data Within Data by Donovan Artz
• Echo Hiding by Daniel Gruhl, Walter Bender, and Anthony Lu
• Hexagonal Quantizers are not Optimal for 2-D Data Hiding by Felix Balado and Fernando Perez-Gonzalez
• Hiding Secrets with Steganography by Dru Lavigne
• LLRT Based Detection of LSB Hiding by K. Sullivan, O. Dabeer, U. Madhow, B.S. Manjunath, and S. Chandrasekaran
• Maximum Likelihood Estimation of Length of Secret Message Embedded Using K (PMK) Steganography in Spatial Domain by Jessica Fridrich, David Soukal, and Miroslav Goljan
• New Blind Steganalysis and its Implications by Miroslav Goljan, Jessica Fridrich, and Taras Holotyak
• Perturbed Quantization Steganography by Jessica Fridrich, Miroslav Goljan, and David Soukal
• Printer Mechanism-Level Data Hiding for Halftone Documents by Sungjoo Suh1
• Steganography FAQ by Aelphaeis Mangarae
• StegHide Manual by unknown
• Stochastic Approach to Secret Message Length Estimation in k Embedding Steganography by Taras Holotyak, Jessica Fridrich, and David Soukal

Computer Forensics - Steganography - Image

• A Framework for Evaluating the Data-Hiding Capacity of Image Sources by Pierre Moulin and M. Kivanc
• A Joint Source-Channel Coding Scheme for Image-in-Image Data Hiding by K. Solanki, O. Dabeer, B. S. Manjunath, U. Madhow, and S. Chandrasekaran
• A Review of Data Hiding in Digital Images by Eugene T. Lin and Edward J. Delp
• A Technique for Image Data Hiding and Reconstruction without Host Image by J. J. Chae and B. S. Manjunath
• An Analytical Study of JPEG 2000 Functionalities (ISO/IEC JTC1/SC29/WG1)
• An Evaluation of Image Based Steganography Methods by Kevin Curran and Karen Bailey
• Approaching the Capacity Limit in Image Watermarking - A Perspective on Coding Techniques for Data Hiding Applications by Fernando PeHrez-Gonzalez, Juan R. Hernandez, and Felix Balado
• Attacking the OutGuess by Jessica Fridrich, Miroslav Goljan, and Dorin Hogea
• Detecting Steganographic Content in Images Found on the Internet by Jeremy Callinan and Donald Kemick
• Detecting Steganographic Messages in Digital Images by Hany Farid
• Digital Image Steganography Using Stochastic Modulation by Jessica Fridrich, and Miroslav Goljan
• Dither Modulation Data Hiding with Distortion-Compensation - Exact Performance Analysis and an Improved Detector for JPEG Attacks by Fernando Perez-Gonzalez, Pedro Comesana and Felix Balado
• Estimation of Primary Quantization Matrix in Double Compressed JPEG Images by Jan Lukas and Jessica Fridrich
• Feature-Based Steganalysis for JPEG Images and its Implications for Future Design of Steganographic Schemes by Jessica Fridrich
• High Volume Data Hiding in Images - Introducing Perceptual Criteria Into Quantization Based Embedding by K. Solanki, N. Jacobsen, S. Chandrasekaran, U. Madhow, and B. S. Manjunath
• Higher-Order Statistical Steganalysis of Palette Images by Jessica Fridrich, Miroslav Goljan, David Soukal
• Image Adaptive High Volume Data Hiding Based on Scalar Quantization by N. Jacobsen et al
• Image and Video Coding Standards by Bernd Girod
• Image Steganography - Concepts and Practice by Mehdi Kharrazi, Husrev T. Sencar, and Nasir Memon
• Image Steganography and Steganalysis by unknown
• Introduction to Digital Image Steganography by David P. Holmes
• JPEG Image Coding Standard by Thomas Wiegand
• Multi-class Blind Steganalysis for JPEG Images by Tomas Pevny and Jessica Fridrich
• New Methodology for Breaking Steganographic Techniques for JPEGs by Jessica Fridrich, Miroslav Goljan, and Dorin Hogea
• Optimal Strategies for Spread-Spectrum and Quantized-Projection Image Data Hiding Games with BER Payoffs by Pedro Comesana, Fernando Perez-Gonzalez, and Felix Balado
• Practical Steganalysis of Digital Images - State of the Art by Jessica Fridrich and Miroslav Goljan
• Quantitative Steganalysis of Digital Images - Estimating the Secret Message Length by Jessica Fridrich, Miroslav Goljan, Dorin Hogea, and David Soukal
• Reliable Detection of LSB Steganography in Color and Grayscale Images by Jessica Fridrich, Miroslav Goljan, and Rui Du
• Robust Image-Adaptive Data Hiding - Modeling Source Coding and Channel Coding by K. Solanki, O. Dabeer, U. Madhow, B. S. Manjunath, and S. Chandrasekaran
• Secure Steganographic Methods for Palette Images by Jiri Fridrich and Du Rui
• Steganalysis Based on JPEG Compatibility by Jessica Fridrich, Miroslav Goljan, and Rui Du
• Steganalysis of Block-DCT Image Steganography by Ying Wang and Pierre Moulin
• Steganalysis of Images Created Using Current Steganography Software by Neil F. Johnson and Sushil Jajodia
• Steganalysis of JPEG Images - Breaking the F5 Algorithm by Jessica Fridrich, Miroslav Goljan, and Dorin Hogea
• Steganalysis Using Higher-Order Image Statistics by Siwei Lyu and Hany Farid
• Steganalysis Using Image Quality Metrics by Ismail Avcibas and Blent Sankur
• The JPEG 2000 Image Coding Standard by Diego Santa Cruz, Touradj Ebrahimi, and Charilaos Christopoulos
• Towards Multi-class Blind Steganalyzer for JPEG Images by Tomas Pevny and Jessica Fridrich

Computer Forensics - Steganography - Steganalysis

• Approach to Blind Steganalysis by Benjamin M. Rodriguez, SosS. Agaian, Ph.D., and James C. Collins
• Blind Statistical Steganalysis of Additive Steganography Using Wavelet Higher Order Statistics by Taras Holotyak, Jessica Fridrich, and Sviatoslav Voloshynovskiy
• Blind Steganography Detection using a Computational Immune System - A Work in Progress by Jacob T. Jackson, Gregg H. Gunsch, Roger L. Claypoole, Jr., and Gary B. Lamont
• Detecting Hidden Messages Using Higher-Order Statistical Models by Hany Farid
• Detecting Hidden Messages Using Higher-Order Statistics and Support Vector Machines by Siwei Lyu and Hany Farid
• Detection of Hiding in the Least Significant Bit by O. Dabeer, K. Sullivan, U. Madhow, S. Chandrasekharan, and B. S. Manjunath
• Forensic Steganalysis - Determining the Stego Key in Spatial Domain Steganography by Jessica Fridrich, Miroslav Goljan, David Souka, and Taras Holotyak
• Steganalysis - The Investigation of Hidden Information by Neil F. Johnson and Sushil Jajodia
• Steganalysis of Additive Noise Modelable Information Hiding by Jeremiah J. Harmsen and William A. Pearlman
• Steganalysis of Audio Based on Audio Quality Metrics by Hamza Ozer, Ismail Avcibas, Blent Sankur, and Nasir Memon
• Steganalysis of Recorded Speech by Micah K. Johnson, Siwei Lyu, and Hany Farid
• Steganalysis Using Color Wavelet Statistics and One-Class Support Vector Machines by Siwei Lyu and Hany Farid

Computer Forensics - Binary and Code Analysis

• Exploring Leopard with DTrace by Greg Miller
• Attacking the Code Source Code Auditing by David D. Rudd II
• Advanced Software Vulnerability Assessment by Neel Mehta, Mark Dowd, Chris Spencer, Halvar Flake, and Nishad Herath
• Distinguishing 16 Bit from 32 Bit Programs by Mark E. Donaldson
• 16 Bit to 64 Bit Computing by Karen
• DTrace User Guide (Sun Microsystems)
• Five Simple Ways to Troubleshoot Using Strace by unknown
• SoftIce Tutorial by CoRN2
• Strace by unknown
• Talking Dirty with GDB and SSH Tunneling by unknown
• Using Strace to Debug Application Errors by unknown
• Working with UFC ProcDump32 by hades

Computer Forensics - Binary and Code Analysis - Windows

• Bluescreen Troubleshooting by Doug Allen
• 3 Steps to Troubleshooting Device Drivers by Steven Daugherty
• Administrators Intro to Debugging by Michael Morales
• Capturing ADPlus CLR Crashes by Trey Nash
• Checking Your Memory Dump before Calling Support by East
• Conquer Desktop Heap Problems by Michael Morales
• Debugging a Bugcheck 0xF4 by Ryan Mangipano
• On-Off Transition Performance Analysis of Windows Vista (Microsoft Corporation)
• Resolve Memory Leaks Faster by Michael Morales
• Reversing in Reverse - Linked List Pool Corruption - A Complete Walkthrough Part 1 by Ryan Mangipano
• Reversing in Reverse Part 2 - More Linked-List Coruption by Ryan Mangipano
• Runaway Processes by Michael Morales
• Simplify Process Troubleshooting with DebugDiag by Michael Morales
• Troubleshooting the Infamous Event ID 333 Errors by Michael Morales
• Uncovering the Cause of a Server Hang by Nischay Anikar
• Under the Covers with Xperf by Michael Morales
• Using the Debug Diagnostic Tool (FaultWire)
• Using Xperf to Take a Trace (Pigs Can Fly)
• Windows Performance Analysis - Using Windows Performance Tools by Michael Milirud
• Windows Performance Analysis Tools
• Loading EXE and DLL Programs by Matt Pietrek
• What Goes On Inside Windows 2000 - Solving the Mysteries of the Loader (Classic) by Russ Osterlund
• Deciphering the Blue Screen of Death by Brian M. Posey
• Exploiting Windows Device Drivers by Piotr Bania
• Advanced Driver Debugging (Microsoft Corporation)
• Advanced Software Vulnerability Assessment by Neel Mehta, Mark Dowd, Chris Spencer, Halvar Flake, and Nishad Herath
• Debugging Win32 Code - Troubleshooting Beneath the Abstractions by Kent Forschmeidt
• Debugging Win32 Code - Troubleshooting Beneath the Abstractions Example by Kent Forschmeidt
• Driver Debugging Basics by Khalil Nassar
• Kernel Debugging 1394 by Tom Green
• Windows Driver Crash Analysis by Bruce Mackenzie
• Troubleshooting Windows Server Crashes and Memory Leaks by Bruce Mackenzie-Low
• Why Do Windows Servers Hang by Bruce Mackenzie-Low
• Production Debugging for NET Applications (Microsoft Corporation)
• Link-time Code Generation by Matt Pietrek
• The Win32 Debugging Application Programming Interface by Randy Kath
• What is a Linker and How Does it Work by Matt Pietrek
• Windows NT and 16 Bit Programs by Matt Pietrek
• A Guide to DEBUG by Daniel B. Sedory
• Further Adventures in Debugging by Ryan Mangipana
• Got High CPU Usage Problems - ProcDump Em by Michael Morales
• Troubleshooting Your Toughest Windows Server Crashes by Bruce Mackenzie-Low
• Examining Xperf by Michael Morales
• Get a Handle on Windows Performance Analysis by Michael Morales
• The Blue Screen of Death by Mark T. Edmead
• Troubleshooting Windows Application Crashes or Hangs by Bruce Mackenzie-Low
• Bit Flips - Was That a Zero or a One by Ryan Mangipano

Computer Forensics - Binary and Code Analysis - Windows - DLL's

• DLL's the Dynamic Way by MicHael Galkovsky
• Dependency Walker Requirently Asked Questions by unknown
• Escape from DLL Hell with Custom Debugging and Instrumentation Tools and Utilities (Classic) by Christophe Nasarre
• Escape from DLL Hell with Custom Debugging and Instrumentation Tools and Utilities Part 2 (Classic) by Christophe Nasarre
• Implementing Side-by-Side Component Sharing in Applications - Expanded (Classic) by David D'Souza, BJ Whalen, and Peter Wilson
• Multiple Running DLLs with The Same Name by Matt Pietrek
• The End of DLL Hell (Classic) by Rick Anderson
• What is a DLL (Microsoft Corporation)

Computer Forensics - Binary and Code Analysis - Windows - Mark Russinovich Papers

• Crash Dump Analysis by Mark Russinovich
• Advanced DPCs by Mark Russinovich
• An Explosion of Audit Records by Mark Russinovich
• Buffer Overflows by Mark Russinovich
• Pushing the Limits of Window - Physical Memory by Mark Russinovich
• Pushing the Limits of Windows - Paged and Nonpaged Pool by Mark Russinovich
• Pushing the Limits of Windows - Processes and Threads by Mark Russinovich
• Pushing the Limits of Windows - Virual Memory by Mark Russinovich
• Running Windows with No Services by Mark Russinovich
• The Case of the Crashed Phone Call by Mark Russinovich
• The Case of the Periodic System Hangs by Mark Russinovich
• The Case of the Phantom Desktop Files by Mark Russinovich
• The Case of the Random IE and WMP Crashes by Mark Russinovich
• The Case of the Slooooow System by Mark Russinovich
• The Case of the Slow Keynote Demo by Mark Russinovich
• The Case of the System Process CPU Spikes by Mark Russinovich
• The Case of the Temporary Registry Profiles.pdf by Mark Russinovich

Computer Forensics - Binary and Code Analysis - Executable File Formats

• Peering Inside the PE - A Tour of the Win32 Portable Executable File Format (Classic) by Matt Pietrek
• An In-Depth Look into the Win32 Portable Executable File Format (Classic) by Matt Pietrek
• An In-Depth Look into the Win32 Portable Executable File Format Part 2 (Classic) by Matt Pietrek
• Common Object File Format - COFF (Microsoft Corporation)
• Common Object File Format (Texas Instruments)
• Viewing ELF Binary Signatures by skape
• Advanced Linking Techniques by Ervin
• Appending Files to EXE by Charles Jones
• COM File Format by Max Maischein
• Object File Symbol Table Format Specification (Digital)
• DWARF Debugging Information Format v1.1 (UNIX International)
• DWARF Debugging Information Format v2.0 (UNIX International)
• EXE File Format by unknown
• Executable and Linkable Format (ELF) (TIS)
• LIB File Format by unknown
• Linier Executable (LX) Module Format Descriptor by Edd Doutre
• Microsoft Symbol and Type Information (TIS)
• Portable Executable (PE) Formats (TIS)
• Relocatable Object Module Format (OMF) 1.1 (TIS)
• SYS File Format by Brian Fraser

Computer Forensics - Reverse Engineering

• Reverse Engineering - Anti-Cracking Techniques by Nicoloau George and Charalambous Glafkos
• Introduction to Reverse Engineering Win32 Applications by trew
• Reverse Engineering - Smashing the Signature by Nicoloau George and Charalambous Glafkos
• Reverse Engineering Cheat Sheet by Lenny Zeltzer

Computer Forensics - Malware

• Reverse Engineering Malware by Lenny Zeltzer
• How To Own the Internet in Your Spare Time by Staniford, Paxson, and Weaver
• A Study of Malcode Bearing Documents by Wei-Jen Li, Salvatore Stolfo, Angelos Stavrou, Elli Androulakiee, and Angelos D. Keromytis
• Shoulder Surfing a Malicious PDF Author by Didier Stevens

Computer Forensics - Malware - Historical

• History of Viruses and Antivirus by David Emm (Kaspersky Lab UK)
• The First Computer Bug

Computer Forensics - Malware - Denial-of-Service (DOS)

• Distributed Denial-of-Service in Depth by badpacl3t
• Denial-of-Service Technical Primer by Chris McNab
• Distributed Reflection Denial-of-Service Attack by Steve Gibson
• Denial-of-Service Topology by Coretez Giovanni
• Gibson DOS Attack (Original) by Steve Gibson
• Gibson DOS Attack (Expanded) by Steve Gibson
• Inferring Internet Denial-of-Service Activity by David Moore, Geoffrey M. Voelker, and Stefan Savage
• Introduction to Denial-of-Service by Brian Hatch and James Lee
• Analyzing Distributed Denial-of-Service Tools - The Shaft Case by Sven Dietrich, Neil Long and David Dittrich
• The Mstream Distributed Denial-of-Service Attack Tool by David Dittrich, George Weaver, Sven Dietrich, and Neil Long
• The Shaft Distributed Denial-of-Service Attack Tool by Sven Dietrich, Neil Long, and David Dittrich
• The Stacheldraht Distributed Denial-of-Service Attack Tool by David Dittrich
• The Tribe Flood Network(TFN) Distributed Denial-of-Service Attack Tool by David Dittrich
• The Tribe Flood Network 2000(TFN) Distributed Denial-of-Service Attack Tool by Jason Barlow and Woody Thrower
• The Tribe Flood Network 3000(TFN) Distributed Denial-of-Service Attack Tool by Mixter
• The Trinoo Distributed Denial-of-Service Attack Tool by David Dittrich
• Thwarting Denial-of-Service Attacks by Hari Balakrishnan
• TCP SYN Flood DoS Attack Wireless Network Experiments by Ashif Adnan, Omair Alam, and Akhtaruzzaman

Computer Forensics - Malware - Root Kits

• Concepts for the Stealth Windows Rootkit by Joanna Rutkoska
• Implementation of Passive Covert Channels in the Linux Kernel by Joanna Rutkoska
• Introducing Stealth Malware Taxonomy by Joanna Rutkoska
• Rootkit Detection with Patchfinder2 by Joanna Rutkoska
• Linux Kernel Backdoors and Detection by Joanna Rutkoska
• Thoughts About Crossview Rootkit Detection by Joanna Rutkoska
• Subverting the Vista Kernel for Fun and Profit by Joanna Rutkoska
• Advanced Windows 2000 Rootkit Detection by by Jan K. Rutkoska
• Detecting Windows Server Compromises by Joanna Rutkoska
• fnord Loadable Kernel Integrity Tools by Eric Brandwine and Todd MacDermid
• Invisibility on NT Boxes by Holy_Father
• Linux Kernel Vulnerabilities by Last Stage of Delirium Research Group
• (nearly) Complete Linux Kernel Loadable Modules by pragmatic (THC)
• Passive Covert Channels Implementation in Linux Kernel by Joanna Rutkoska
• Postmortem of Rootkit Attack by Martin Khoo
• Rootkits Detection on Windows 2000 Systems by Joanna Rutkoska
• System Virginity Verifier by Joanna Rutkoska

Computer Forensics - Malware - Virus and Worms

• Anti-Virus is Dead by Robin Bloor Hurwitz and Associates
• Worm Detection by Weaver, Staniford, Paxson, and Cunningham
• Worm Detection, Early Warning, and Response Based on Local Vitim Information by Guofei Gu, Monirul Sharif, Xinzhou Qin, David Dagon, Wenke Lee and George Riley
• Taxonomy of Computer Worms by Todd Haberlein
• Computer Viruses Theory and Experiments (Classic) by Cohen Classic
• Computer Viruses - Prevention, Detection, and Treatment (Classic) by Mario Tinto
• Nimda by Unknown
• SandboxII - Internet by Kirt Natvig
• Who Wrote Sobig by unknown
• Witty Worm Analysis by Matthew Murphy
• Bymer Worm by Monty McDougal
• The Internet Worm Incident by Eugene H. Spafford
• Sparse - Hybrid System to Detect Malcode Bearing Documents by Wei-Jen Li and Salvatore Stolfo
• Classification of Packed Executables for Accurate Computer Virus Detection by Roberto Perdisci, Andrea Lanzi, and Wenke Lee

Computer Forensics - Malware - Trojans

• Back Orifice 2000 - Ultimate Remote Network Administration Tool by Thomas DeVoss
• Back Orifice 2000 Tutorial by Mark E. Donaldson
• Hunt for RingZero by John Green
• Subseven by (Commodon Communications)

Computer Forensics - Malware - Bots

• The Botnet Business by Vitaly Kamluk (Kaspersky Lab)
• BotHunter: Detecting Malware Infection Through IDS-Driven Dialog Correlation by Guofei Gu, Phillip Porras, Vinod Yegneswaran, Martin Fong, and Wenke Lee
• Alternative Medicine - The Malware Analyst's Blue Pill Presentation by Paul Royal (Damballa)
• Alternative Medicine - The Malware Analyst's Blue Pill Presentation by Paul Royal (Damballa)
• Analysis of the Kraken Botnet by Paul Royal
• Botminer by Guofei Gu, Roberto Perdisci, Junjie Zhang, and Wenke Lee
• Kraken Bot Army Notice Damballa)
• On the Kraken and BoBax Botnets by Paul Royal

Computer Forensics - Malware - Attacks

• Tsutomu Shimomura Attack by Tsutomu Shimomura
• Readying Your Network for an Attack Attack by unknown
• Stealth and Coordinated Probes and Attacks (Shadow)

Computer Forensics - Malware - Vulnerabilities and Exploits

• Red Button Vulnerability by Mark E. Donaldson
• Windows NT Deconstruction Tatics by vacuum (Rhino9)
• Exploiting Systems through ActiveSync by Seth Fogie

Computer Forensics - Malware - Shellcode and Buffer Overflows

• A Buffer Overflow Study Attacks and Defenses by Fayolle and Glaume
• Attacking the Code Source Code Auditing by David D. Rude II
• Beyond Stack Smashing by Pincus and Baker
• Buffer Overflows Complete by hackaholic
• Bypassing Windows Heap Protections by Nicholas Falliere
• Creating Arbitrary Shellcode in Unicode by Chris Anley
• Introduction to Shellcoding by Michel Blomgren
• Stack Based Overflows Windows Part 1 by Nish Bhalla
• Stack Based Overflows Windows Part 2 by Nish Bhalla
• Stack Overflow Windows XP SP2 by Ali Rahbar
• The Basics of Shellcoding by Angelo Rosiello
• Understanding Windows Shellcode by nologin
• Writing Small Shellcode by Dafydd Studdard
• x86-64 Buffer Overflow Exploits and Borrowed Code Chunks Exploitation Technique by Sebastian Krahmer
• Defeating Stack Based Buffer Overflow Prevention Windows 2003 by David Litchfield
• Format String Attacks by Tim Newsham
• MSSQL Hello Buffer Overflow by benjury of XFocus
• Stack Smashing Vulnerabilities in UNIX (The Classic Paper) by Nathan P. Smith
• Stack Overflow Exploits by Unknown

Computer Forensics - IDS (Intrusion Detection and Systems)

• TCP Wrappers - The Complete Storey by Mark E. Donaldson
• Active Mapping Resisting NIDS Evasion Without Altering Traffic by Umesh Shankar and Vern Paxson
• Advanced Evasion of IDS Buffer Overflow Detection by jeru
• Benchmarking Intrusion Detection Systems by Marcus J. Ranum
• Complex Signature IDS by Mike Poor
• Coverage in Intrusion Detection Systems by Marcus J. Ranum
• A Data Mining Framework for Building Intrusion Detection Models by Wenke Lee, Salvatore J. Stolfo, and Kui W. Mok
• Deploying and Tunning Network Intrusion Detection Systems (Intrusion.com)
• Detecting Intrusions On Encrypted Data by Sachin Prakash Goregaoker
• Developing an IDS Simulator for Black-Box Testing of Network Intrusion Detection Systems by Darren mutz, Giovanni Vigna, and Richard Kemmerer
• Event Correlation (SANS Institute)
• False Positives A Users Guide To IDS Alarms by Marcus J. Ranum
• Deploying the Shomiti Century Tap (Metases)
• Performance Analysis of Content Matching Intrusion Detection Systems by S. Antonatos, K. G. Anagnostakis, E.P. Markatos, M. Polychronakis
• IDS Zone Theory Diagram by Scott C. Sanchez
• Intrusion Detection Methodologies Demystified (Enterasys Networks)
• Intrusion Detection Systems HOWTO by Brian Laing
• Monitoring and Controlling Suspicious Activity with IP-Watcher by Michael Neuwman
• An Overview of Issues Testing Intrusion Detection Systems by Peter Mell
• Passive Mapping Offensive Use of IDS by Coretez Giovanni
• Probalistic Alert Correlation by Alfonso Valdez and Keith Skinner
• Software Decoy Design by J. Bret Michael, Georgios Fragkos, and Mikhail Auguston
• Traceback - A Concept for Tracing and Profiling Malicious Computer Attackers by Ofir Arkin
• Distributed IDS Framework Based on Strategy Analysis by Ming-Yuh Huang and Thomas M. Wicks

Computer Forensics - Log Analysis

• Artificial Ignorance: How to Implement Artificial Ignorance Log Analysis by Marcus Ranum
• Log Entries that Show You Been Hacked by Dr. Tina Bird
• Logwatch Notes by Mark E. Donaldson
• Syslog Notes by Mark E. Donaldson
• Syslog by John Coleman

Computer Forensics - Timestamping

• Timestamping Documents by Petros Maniatis, T.J. Giuli, and Mary Baker

Computer Forensics - Password Recovery and Password Cracking

• Cisco PIX Password Recovery (Cisco)
• How to Recover a Lost Password on a Cisco Switch by David Davis
• Windows Server Password Recovery Techniques courtesy of Daniel Petrie
• John The Ripper Illustrated Guide by Ethernet
• Rainbow Crack Tutorial by Zhu Shuanglei
• Offline NT Password Walkthrough by H. Peter Anvin
• Ophcrack HOWTO (Ophcrack Documentation)
• How to Reset Recover Forgotten Windows NT 2000 XP 2003 Administrator Password by unknown
• Theory And Practice Of Password Auditing And Recovery In Windows by unknown

Computer Forensics - Windows

• Initial Response to Windows NT-2000 (Classic) by Kevin Mandia (Foundstone)
• Checking Microsoft Windows Systems for Signs of Compromise by Simon Baker, Patrick Green. Thomas Meyer, and Garaidh Cochrane
• Forensic Tools for Windows XP by Larry Leibrock
• Forensic Analysis of Internet Explorer Activity Files by Keith J. Jones
• Forensic Analysis of Microsoft Internet Explorer Cookie Files by Keith J. Jones
• Forensic Analysis of Microsoft Windows Recycle Bin Records by Keith J. Jones
• Windows Access Control Demystified by Sudhakar Govindavajhala and Andrew W. Appel
• Bypassing Windows Hardware Enforced DEP by No Login
• Windows Genuine Advantage (WGA Removal Procedure

Computer Forensics - UNIX and Linux

• Improving the Security of Your Site by Breaking Into It (Classic) by Dan Farmer and Wietse Venema

Database Forensics

• Oracle Forensics Part 1 - Dissecting the Redo Logs by David Litchfield
• Oracle Forensics Part 2 - Locating Dropped Objects by David Litchfield
• Oracle Forensics Part 3 - Isolating Evidence of Attacks Against the Authentication Mechanism by David Litchfield
• Oracle Forensics Part 4 - Live Response by David Litchfield
• Oracle Forensics Part 5 - Finding Evidence of Data Theft by David Litchfield
• Oracle Forensics Part 6 - Examining Undo Segments, Flashback and the Oracle Recycle Bin by David Litchfield
• Oracle Forensics by David Litchfield
• BliBlind SQL Injection Discovery by Sheeraj Shah
• Advanced SQL Injection by Chris Anley
• More Advanced SQL Injection by Chris Anley
• Cracking Microsoft SQL Server Passwords by David Litchfield
• Exploiting and Protecting Oracle by Pete Finnigan
• Extracting Oracle PGA Passwords by Pete Finnigan
• Hack Proofing Oracle Application Server by David Litchfield
• Hardening Oracle by Ivan Butler
• NCSC-TR-005-1 - Inference and Aggregation Issues In Secure Database Management Systems (NCSC Classic)
• NCSC-TR-005-2 - Entity and Referential Integrity Issues In Multilevel Secure Database Management (NCSC Classic)
• NCSC-TR-005-3 - Polyinstantiation Issues In Multilevel Secure Database Management Systems (NCSC Classic)
• NCSC-TR-005-4 - Auditing Issues In Secure Database Management Systems (NCSC Classic)
• NCSC-TR-005-5 - Discretionary Access Control Issues In High Assurance Secure Database Management Systems (NCSC Classic)
• Oracle Default User Password List by PenTest Limited
• Oracle Object Tampering by Pete Finnigan
• Oracle Password Thoughts by Pete Finnigan
• SQL Injection by SPI Labs
• Threat Profiling Microsoft SQL Server Passwords by David Litchfield
• Violating Database Security Mechnisms by Chris Anley
• Web Application Disassembly With ODBC Error Messages by David Litchfield
• Hunting Flaws in MSSQL Server by Cesar Cerruso and Aaron Newman
• The Next Level of Oracle Attacks by vonJeek (THC)
• Time-Based Blind SQL Injection Using Heavy Queries by by Chema Alonso et al

Database - Relational Database Management Systems

• A Relational Model of Data for Large Shared Data Banks (Classic) by E.F. Codd
• A Relational Model of Data for Large Shared Data Banks (Original Manuscript) by E.F. Codd
• Codd's 12 Rules by Mark E. Donaldson
• Data Base Technology (Classic) by W.C. McGee
• Middleware in Action by Ken North

Database - SQL

• SQL Basics by Mark E. Donaldson

Database - Oracle

• Oracle Backup and Recovery Abbreviated by Mark E. Donaldson
• Oracle Database Administration Abbreviated by Mark E. Donaldson
• Oracle Database Tuning Abbreviated by Mark E. Donaldson
• Oracle Network Administration Abbreviated by Mark E. Donaldson
• Oracle SQL-PLSQL Abbreviated by Mark E. Donaldson
• ORA-01555 Error by Boris Milrud
• Oracle Architecture Function by Mark E. Donaldson
• Oracle Data Access From NET (Compuware Corporation)
• Oracle OS Authentication by Mark E. Donaldson

Database - SQL Server

• The Definitive Guide to Scaling Out SQL Server 2000 by Don Jones
• The Definitive Guide to Scaling Out SQL Server 2005 by Don Jones

Definitive Guide To SQL Server Performance Optimization

by Don Jones

• Foreword
• Introduction
• Chapter 1
• Chapter 2
• Chapter 3
• Chapter 4
• Chapter 5
• Chapter 6

SQL Server 2000 Operations Guide

Microsoft Corporation

• Chapter 1
• Chapter 2
• Chapter 3
• Chapter 4
• Chapter 5
• Chapter 6
• Chapter 7
• Chapter 8

Database - DB2

• DB2 Backup and Recovery (IBM)
• DB2 Data Placement (IBM)
• DB2 Database Access (IBM)
• DB2 Monitoring Activity (IBM)
• DB2 Server Management (IBM)
• DB2 Utilities (IBM)
• IBM DB2 - The Big Picture (IBM)

Database - MySQL and PostgresSQL

• MySQL Enterprise Solutions by Alexander Sasha Pachev

Hardware Forensics

• Designing and Implementing Malicious Hardware by Smanuel T. King et al
• Computer Troubleshooting Guide by Mark E. Donaldson
• Technician Field Notes by Mark E. Donaldson

Hardware Forensics - CPU

• Understanding the Miocroprocessor by Jon "Hannibal" Stokes
• The Arithmetic Logic Unit by Russell Hitchcock
• How To Clean A CPU by Mark E. Donaldson
• The AMD K6-3 by Mark E. Donaldson
• CPU Sockets Chart
• Crusoe Technology by Alexander Klaiber (Transmeta Corporation)
• Floating Point Arithmetic by David Goldberg
• Inside the Legacy CPU by Mark E. Donaldson
• Legacy CPU Performance Factors by Mark E. Donaldson
• Math Coprocessors by Mark E. Donaldson
• Pentium II Processor by Mark E. Donaldson
• Pentium III Chip ID by Mark E. Donaldson
• The Segment Descriptor Cache by Robert R. Collins
• IA64 Architecture Tutorial by Sverre Jarp
• Cache Coherency by Russell Hitchcock
• Multi Core CPUs by Russell Hitchcock
• Intel Core i7 Processor White Paper (Intel Corporation)
• The Effects of CPU Cooling - Movie (Media Player Required) (Tom's Hardware Guide)

Hardware Forensics - CPU Programming-Architecture-Specification

• Alpha Architecture Handbook (Compaq)
• Intel 8086 Architecture Howard Huang
• AMD MMX Manual (AMD)
• AMD x86 Code Optimization (AMD)
• ATX Specification (Intel)
• DOS Protected Mode (DPMI) Specification (DPMI Committee)
• DWARF Debugging Information Format Specification (TIS Committee)
• Embedded 486 Processor Family Developer's Manual (Intel)
• Embedded 486 Processor Hardware Reference Manual (Intel)
• Executable and Linking Format (ELF) Specification (TIS Committee)
• Formats Specification for Windows (TIS Committee)
• IA64 Application Developers Architecture Guide (Intel)
• IA-64 Software Conventions and Runtime Architecture Guide (Intel)
• Intel 80386 Programmer's Reference Manual (Intel)
• Intel Architecture Optimization Manual (Intel)
• Intel Architecture Software Developer's Manual Volume 1 - Basic Architecture (Intel)
• Intel Architecture Software Developer's Manual Volume 2 - Instruction Set Reference (Intel)
• Intel Architecture Software Developer's Manual Volume 3 - System Programming (Intel)
• Intel MultiProcessor Specification (Intel)
• Microsoft Symbol and Type Information (TIS Committee)
• MIPS Pro Programmer's Guide (Silicon Graphics)
• Pentium II Processor Developer's Manual (Intel)
• Relocatable Object Module Format (OMF) Specification (TIS Committee)
• Sparc V8 Architecture Manual (SPARC International)
• SpaSparc V9 Architecture Manual by David L. Weaver and Tom Germond (SPARC International)
• The VIS Instruction Set Users Manual (Sun Microsystems)

Hardware Forensics - Memory

• DRAM Design Guidelines (Micron)
• Memory Guide by Mark E. Donaldson
• Memory Modules 101 by Mark E. Donaldson
• PC 100 Whitepaper (Vanguard)
• RAM Guide by Dean Kent
• VG4616321A SGRAM (VISV)
• Memory and Storage by Russell Hitchcock
• Unsung Hero by Benjamin Fulford (Forbes)
• USB Flash Drive Wear Leveling (Corsair)
• RAM Structure in Application by Mark E. Donaldson
• RAM Types and Timing by Mark E. Donaldson

Hardware Forensics - Hard Disk Drives (HDD)

• SCSI by Warren Block
• ATA and IDE Drive Interface by Mark E. Donaldson
• Autotyping ATA Disk Drives by Phoenix Technologies
• Hard Disk Drive Interfaces and Technical Specifications by Mark E. Donaldson
• IDE Hardware Reference by filip
• The SCSI Drive Interface by Mark E. Donaldson
• Ultra2 SCSI (SCSI Trade Association)
• SCSI by Warren Block
• Enhanced IDE Fast-ATA-ATA-2 FAQ (Classic) by John Wehman and Peter den Haan

Hardware Forensics - SSD (Solid State Disks)

• Faster Oracle Performance with SSD by Woody Hutsell and Mike Ault
• SDHC Cards vs Hard Drive vs SSD by Jerry Jackson
• Understanding Flash SSD Performance by Woody Hutsell and Mike Ault
• What is a Solid State Disk by Mark E. Donaldson
• Windows 7 Support for Solid State Drives by e7blog

Hardware Forensics - Hard Disk Storage Device Specifications

• Disk Atbus Specification 1989
• ATA-ATAPI-1 Specification 1994
• ATA-ATAPI-2 Specification (1996)
• ATA-ATAPI-3 Specification (1995)
• ATA-ATAPI-4 Specification (1998)
• ATA-ATAPI-5 Specification (2000)
• ATA-ATAPI-6 Specification (2001)
• ATA-ATAPI-7-1 Specification (2003)
• ATA-ATAPI-7-2 Specification (2003)
• ATA-ATAPI-7-3 Specification (2003)
• ATA-ATAPI-8 Architectural Model (January 10, 2006)
• ATA-ATAPI-8-2 Specification (January 10, 2006)
• ATA-ATAPI-8-6 Specification (June 25, 2008)
• ATA Packet Interface For CD ROMs Revision 1.2 by SFF Committee
• ATA Packet Interface For CD ROMs Revision 2.2 by SFF Committee
• ATA Packet Interface For CD ROMs Revision 2.3 by SFF Committee
• ATA Packet Interface For CD ROMs Revision 2.6 by SFF Committee
• ATA Packet Interface For Streaming Tape by QIC
• Device Bay Specification Version 0.90 by Compaq-Intel-Microsoft
• Fiber Channel Specification
• Serial ATA by Serial ATA Workgroup
• Media Status Notification Support Specification for SCSI and ATAPI Devices by unknown

Hardware Forensics - CD and DVD

• Blu-Rey vs HD DVD By Ryan Block
• The DVD by Mark E. Donaldson
• The DVD FAQ by Jim Taylor
• CD Roller User Manual (Digital Atlantic Corporation)

Hardware Forensics - BIOS

• BIOS Survival Guide (Classic) by Jean-Paul Rodrigue and Paul Croucher
• BIOS Password Hacking by Mark E. Donaldson
• How to Reset Remove Bypass a BIOS or CMOS Password by unknown
• CMOS Password Recovery by Mark E. Donaldson
• BIOS Boot Specification v1.01 (Compaq-Phoenix-Intel)
• The CMOS by Mark E. Donaldson
• The Flash BIOS Upgrade by Mark E. Donaldson
• Interrupt Vector Table by Mark E. Donaldson
• PCI BIOS Specification (PCI Special Interest Group)
• PNP BIOS Specification Version 1.0a (Compaq-Phoenix-Intel)
• BIOS ASM by Hicks
• Linux BIOS at Four by Ronald G. Minnick
• Award BIOS CMOS Setup Utility (Award Software)
• BIOS Flasing and Hotflashing by Kivilcim Hindistan
• BIOS Mussing by Akov Miles
• BIOS Backup by Gabriel Torres
• BIOS Setup by Gabriel Torres
• Deciphering the BIOS Serial Number by Gabriel Torres
• How To Perform a BIOS Upgrade by Gabriel Torres (Hardware Secrests)

Hardware Forensics - Power

• Electrostatic Discharge (Intel Corporation)
• SFX Power Supply Design Guide (Intel Corporation)
• ATX Power Supply Function by Mark E. Donaldson
• AT Power Supply Chart by Mark E. Donaldson
• ATX Power Supply Chart by Mark E. Donaldson

Hardware Forensics - UPS (Uninteruptable Power Supply) and Surge Protectors

• Battery Technology for Data Centers and Network Rooms - VRLA Reliability and Safety (APC)
• Battery Technology for Data Centers and Network Rooms - Lead-Acid Battery Options by Stephen McCluer
• The Different Types of UPS Systems by Neil Rasmussen
• Explaining Watts and Volt Amps by John Savageau
• Watts and Volt-Amps - Power Confusion by Neil Rasmussen
• The Different Types of AC Power Connectors in North America (APC)
• How Surge Protectors Work by Tom Harris

Hardware Forensics - KVM Switches

Hardware Forensics - USB and Firewire

Hardware Forensics - Multimedia (Audio-Sound-Video)

• A Complete Guide to the Digital Video Interface by Anthony van Winkle
• Digital Video Standards (Agilent Technologies)
• Dive into the Details of HDMI by unknown
• DVI Specification (DDWG)
• HDMI Cables - An Overview by Anthony van Winkle
• HDMI Specification Version 1.3a (Hitachi et al)
• HDMI White Paper by Bob O’Donnell
• HDMI (HDMI Working Group)
• HDMI-DVI-Component Video (Various Sources)
• Sound Blaster Hardware Programming Guide (Creative Technology)
• Summary of Video Standards by unknown
• Video and Monitor Terminology and Specifications by unknown
• Codec Chart

Hardware Forensics - Cables and Connectors

• Cables and Connectors by Mark E. Donaldson
• SATA Cables, Connectors, and Ports by Mark E. Donaldson
• How to Select the Right eSATA Connector and Cable (Sata-IO.org)
• Cabling Cisco Devices by Mark E. Donaldson
• CAT 5 Patch Cable Guide by TechRepublic
• Connecting External SCSI Devices by Adaptec
• Glossary Common Computer Port Connectors by Mark E. Donaldson
• Glossary Common SCSI Connectors by Mark E. Donaldson
• Null Modems by Mark E. Donaldson
• RJ-45 Install Guide by TechRepublic
• RS-232 Cables and Connectors by Mark E. Donaldson
• Telco Wire Colors by Mark E. Donaldson
• Wide SCSI Connections and Connectors by Mark E. Donaldson
• The Ethernet Crossover Cable (Compiled from Various Sources)
• How to Make a Crossover Cable by Fido (littlewhitedog.com)
• Copper and Glass - A Guide to Network Cables by Russell Hitchcock
• Create a Direct Connection Using Ethernet Crossover Cable in Windows XP by Mark E. Donaldson
• Fiber Optics by Russell Hitchcock
• Cabling Guide for Console and AUX Ports (Cisco Systems)
• The Network Administrator Cable by Michael Ossmann
• What is a Cisco Console Cable by David Davis

Hardware Forensics - Communication Ports

• Modem Standards by Mark E. Donaldson
• Interfacing to the ECP Port
• Interfacing to the Enhanced Parallel Port
• Interfacing to the Serail Port
• Interfacing to the Standard Parallel Port
• PNP External Serial Specification v1.00 (Microsoft Corporation)
• PNP ISA Specification v1.0a (Microsoft Corporation)
• PNP Parallel Specification v1.0b (Microsoft Corporation)
• Serial Communication with Hyperterminal by unknown

Data Representation

• ASN1 Complete by John Larmouth

Encryption

• FIPS Pub 140-1 - Security Requirements Cryptographic Modules
• FIPS Pub 140-2 - Security Requirements Cryptographic Modules
• FIPS Pub 140-2 Annex A - Security Requirements Cryptographic Modules
• FIPS Pub 140-2 Annex B - Security Requirements Cryptographic Modules
• FIPS Pub 140-2 Annex C - Security Requirements Cryptographic Modules
• FIPS Pub 140-2 Annex D - Security Requirements Cryptographic Modules
• FIPS Pub 180-1 - Secure Hash Standard
• FIPS Pub 180-2 - Secure Hash Standard
• FIPS Pub 180-3 - Secure Hash Standard
• FIPS Pub 18186-3 - DSS Draft
• FIPFIPS Pub 196 - Entity Authentication PKI
• FIPS Pub 191 - Assessing LAN Security
• FIPS Pub 197 - AES
• Key Iterations and Cryptographic Salts by Adam Berent
• Learning About Cryptography by Terry Ritter
• Making Faster Cryptanalytic Time-Memory Trade-Off by Philippe Oeshslin
• PKI Abbreviated by Mark E. Donaldson
• PKI Diagram by unknown
• RSA Crypto FAQ (RSA Laboratories)
• The Great CRC Mystery by Terry Ritter
• Encryption and Security Tutorial Part 1 by Peter Gutmann
• Encryption and Security Tutorial Part 2 by Peter Gutmann
• Encryption and Security Tutorial Part 3 by Peter Gutmann
• Encryption and Security Tutorial Part 4 by Peter Gutmann
• Encryption and Security Tutorial Part 5 by Peter Gutmann
• Encryption and Security Tutorial Part 6 by Peter Gutmann
• Encryption and Security Tutorial Part 7 by Peter Gutmann
• Encryption and Security Tutorial Part 8 by Peter Gutmann
• Shortcut Guide to Managing Certificate Lifecycles by Kevin Behr

ITIL (Information Technology Information Library) - Network and Change Management

• The Shortcut Guide to Improving IT Service Support through ITIL by Rebecca Herold
• DefDefinitive Guide to Building Highly Scalable Enterprise File Serving Solutions by Chris Wolf
• Definitive Guide to Controlling Malware, Spyware, Phishing, and Spam by Dan Sullivan
• Essential Series IT Compliance by Rebecca Herold
• Essential Series IT Compliance Volume II by Rebecca Herold
• Essential Series Managing Access to Privileged Accounts by Ed Tittel
• Essential Series Messaging and Web Security by Dan Sullivan
• Essential Series Messaging and Web Security Volume II by Dan Sullivan
• Essential Series Messaging and Web Security Volume III 1-6 by Dan Sullivan
• Essential Series Messaging and Web Security Volume III 7-12 by Dan Sullivan
• Essential Series Messaging and Web Security Volume III 13-18 by Dan Sullivan
• Essential Series Messaging and Web Security Volume III 19-24 by Dan Sullivan
• Essential Series Messaging and Web Security Volume III 25-30 by Dan Sullivan
• Essential Series Optimizing Database Connection Performance by Mark Scott
• Essential Series PCI Compliance by Rebecca Herold
• Essential Series Security Information Management by Dan Sullivan
• Executive Guide to IT Process Automation by Chad Marshall
• ShoShortcut Guide to Automating Network Management and Compliance by Don Jones
• Shortcut Guide to Network Compliance and Security by Don Jones
• Shortcut Guide to Optimized WAN Application Delivery by Ed Tittel
• Shortcut Guide to SQL Server Infrastructure Optimization by Don Jones
• Shortcut to IT Service Management and Automation by Rebecca Herold
• The Definitive Guide to Converged Network Management by Ken Camp
• The Definitive Guide to Enterprise Change Management by Dan Sullivan
• The Definitive Guide to Enterprise Network Configuration and Change Management by Don Jones
• The Definitive Guide to Security Inside the Perimeter by Rebecca Harold
• Tips and Tricks Guide to Network Configuration Management by Don Jones
• Tips and Tricks Guide to Secure Content Appliances by Dan Sullivan
• PCI Data Security Standard (Xirrus)

The Rainbow Books (DOD/NCSC Classics)

Original DOD and NCSC Documents

• CSC-STD-001-83 - Orange Book
• CSC-STD-002-85 - Green Book
• CSC-STD-003-85 - Light Yellow Book
• CSC-STD-004-85 - Yellow Book
• NCSC-TG-001 - Tan Book
• NCSC-TG-002 - Bright Blue Book
• NCSC-TG-003 - Neon Orange Book
• NCSC-TG-004 - Teal Green Book
• NCSC-TG-005 - Red Book
• NCSC-TG-006-88 - Amber Book
• NCSC-TG-007 - Burgundy Book
• NCSC-TG-008 - Dark Lavender Book
• NCSC-TG-009 - Venice Blue Book
• NCSC-TG-010 - Aqua Book
• NCSC-TG-011 - Red Book
• NCSC-TG-013-2 - Pink Book
• NCSC-TG-014 - Purple Book
• NCSC-TG-015 - Brown Book
• NCSC-TG-016 - Yellow Green Book
• NCSC-TG-017 - Light Blue Book
• NCSC-TG-018 - Light Blue Book
• NCSC-TG-019-2 - Blue Book
• NCSC-TG-020A - Sliver Grey Book
• NCSC-TG-021 - Lavender Purple Book
• NCSC-TG-022 - Yellow Book
• NCSC-TG-023 - Bright Orange Book
• NCSC-TG-024-1 - Purple Book
• NCSC-TG-024-2 - Purple Book
• NCSC-TG-024-3 - Purple Book
• NCSC-TG-025-2 - Forrest Green Book
• NCSC-TG-026 - Hot Peach Book
• NCSC-TG-027 - Turquoise Book
• NCSC-TG-028 - Violet Book
• NCSC-TG-029 - Blue Book
• NCSC-TG-030 - Light Pink Book

Contributed by the FAS (Federation of American Scientists)

• CSC-STD-001-83 - Orange Book
• CSC-STD-002-85 - Green Book
• CSC-STD-003-85 - Light Yellow Book
• CSC-STD-004-85 - Yellow Book
• NCSC-TG-001 - Tan Book
• NCSC-TG-002 - Bright Blue Book
• NCSC-TG-003 - Neon Orange Book
• NCSC-TG-004 - Teal Green Book
• NCSC-TG-005 - Red Book
• NCSC-TG-006-88 - Orange Book
• NCSC-TG-007 - Burgundy Book
• NCSC-TG-008 - Dark Lavender Book
• NCSC-TG-009 - Venice Blue Book
• NCSC-TG-011 - Dark Red Book
• NCSC-TG-013-2 - Pink Book
• NCSC-TG-014 - Purple Book
• NCSC-TG-015 - Brown Book
• NCSC-TG-016 - Yellow Green Book
• NCSC-TG-017 - Light Blue Book
• NCSC-TG-018 - Light Blue Book
• NCSC-TG-019-2 - Blue Book
• NCSC-TG-020A - Sliver Grey Book
• NCSC-TG-021 - Lavender Purple Book
• NCSC-TG-022 - Yellow Book
• NCSC-TG-025-2 - Forrest Green Book
• NCSC-TG-026 - Hot Peach Book
• NCSC-TG-027 - Turquoise Book
• NCSC-TG-028 - Violet Book
• NCSC-TG-029 - Blue Book
• NCSC-TG-030 - Light Pink Book

Contributed By Windows Security

• CSC-STD-001-83 - Orange Book
• CSC-STD-002-85 - Green Book
• CSC-STD-003-85 - Light Yellow Book
• CSC-STD-004-85 - Yellow Book
• NCSC-TG-001 - Tan Book
• NCSC-TG-002 - Bright Blue Book
• NCSC-TG-003 - Neon Orange Book
• NCSC-TG-004 - Teal Green Book
• NCSC-TG-005 - Red Book
• NCSC-TG-006 - Orange Book
• NCSC-TG-007 - Burgundy Book
• NCSC-TG-008 - Dark Lavender Book
• NCSC-TG-009 - Venice Blue Book
• NCSC-TG-010 - Aqua Book
• NCSC-TG-011 - Dark Red Book
• NCSC-TG-013 - Pink Book
• NCSC-TG-014 - Purple Book
• NCSC-TG-015 - Brown Book
• NCSC-TG-016 - Yellow Green Book
• NCSC-TG-017 - Light Blue Book
• NCSC-TG-018 - Light Blue Book
• NCSC-TG-019 - Blue Book
• NCSC-TG-020A - Grey Book
• NCSC-TG-021 - Lavender Book
• NCSC-TG-022 - Yellow Book
• NCSC-TG-023 - Bright Orange Book
• NCSC-TG-025 - Green Book
• NCSC-TG-026 - Hot Peach Book
• NCSC-TG-027 - Turquoise Book
• NCSC-TG-028 - Violet Book
• NCSC-TG-029 - Blue Book
• NCSC-TG-030 - Light Pink Book

NSA (National Security Agency) Security Guides

• NSA 60 Minute Network Security Guide
• NSA Defense-in-Depth
• NSA Email Security in the Wake of Recent Malicious Code Incidents
• NSA Group Policy Reference
• NSA Guide to Securing Microsoft Windows 2000 AD
• NSA Guide to Securing Microsoft Windows 2000 DNS
• NSA Guide to Securing Microsoft Windows 2000 EFS
• NSA Guide to Securing Microsoft Windows 2000 File and Disk Resources
• NSA Guide to Securing Microsoft Windows 2000 Group Polic Security Configuration Tool Set
• NSA Guide to Securing Microsoft Windows 2000 Group Policy
• NSA Guide to Securing Microsoft Windows 2000 Schema
• NSA Guide To Securing Microsoft Windows NT Networks
• NSA Guide To Securing Microsoft Windows XP
• NSA Guide to Securing Windows NT-9x Clients in a Windows 2000 Network
• NSA Guide to the Secure Configuration and Administration of iPlanet Web Server Enterprise Edition 4.1
• NSA Guide to the Secure Configuration and Administration of Microsoft Exchange 5.x
• NSA Guide to the Secure Configuration and Administration of Microsoft Internet Information Server 4.0 Checklist Format
• NSA Guide to the Secure Configuration and Administration of Microsoft Internet Information Server 4.0
• NSA Guide to the Secure Configuration and Administration of Microsoft Internet Information Services 5.0
• NSA Guide to the Secure Configuration and Administration of Microsoft Windows 2000 Certificate Services Checklist Format
• NSA Guide to the Secure Configuration of Windows 2000 Certificate Services
• NSA Guide to Using DoD PKI Certificates in Outlook 2000
• NSA Guide to Windows 2000 Kerberos Settings
• NSA IDS Protection Profile
• NSA Microsoft NetMeeting 3.0 Security Assessment and Configuration Guide
• NSA Microsoft Office 2000 Executable Content Security Risks and Countermeasures
• NSA Microsoft Office 97 Executable Security Risks and Countermeasures
• NSA Microsoft Windows 2000 Router Configuration Guide
• NSA Microsoft Windows 2000 Network Architecture Guide
• NSA Router Configuration Guide
• NSA Secure Configuration of the Apache Web Server

NIST (National Institute for Standards and Technology) Security Guides

• FIPS-200 Minimum Security Requirements for Federal Information and Information Systems
• NIST 800-10 Introduction To Internet Firewalls
• NIST 800-14 Generally Accepted Principles and Practices for Securing IT Systems
• NIST 800-18 Guide for Developing Security Plans for Information Technology Systems
• NIST 800-24 PBX Vulnerability Assessment
• NIST 800-26 Security Self-Assessment Guide for IT Systems
• NIST 800-31 Intrusion Detections Systems
• NIST 800-41 Guidelines on Firewalls and Firewall Policy
• NIST 800-42 Guideline on Network Security Testing
• NIST 800-43 System Administration Guidance for Windows 2000 Professional Systems
• NIST 800-44 Guidelines on Securing Public Web Servers
• NIST 800-45 Guidelines on Electronic Mail Security
• NIST 800-47 Security Guide For Interconnecting IT Systems
• NIST 800-51 Use of CVE Naming Scheme
• NIST 800-53A Guide for Assessing the Security Controls in Federal Information Systems
• NIST 800-55 Security Metrics Guide for IT Systems
• NIST 800-56 Recommendation for Pair-Wise Key Establishmnet Schemes Using Descrete Logarithm Cryptography
• NIST 800-57 Recommendation for Key Management - Part 1 - General
• NIST 800-57 Recommendation for Key Management - Part 2 - Best Practices for Key Management
• NIST 800-77 Guide to IPsec VPNs
• NIST 800-79 Guidelines for the Certification and Accreditation of PIV Card Issuing Organizations
• NIST X-X Guide to Firewall Selection and Policy
• NIST 800-58 Security Considerations for Voice Over IP Systems
• NIST 800-81 Secure DNS Deploymnet Guide

Whitepapers from SecurityFocus.com

• Click Here to Access Whitepapers from SecurityFocus.com

  

Technical Books