Forensic Computing

knowlesy

knowlesy

knowlesy

Soldato
Joined
6 Jan 2006
Posts
4,663
Location
Newcastle
This is a forensic computing thread with the intention to help and aid anyone with following or partaking in the element of forensics in computing, as I'm currently studying computer forensics I thought I'd give a help in hand to anyone else so here isa list of programs ive come across, websites and books etc to help you all, any additions or edits please suggest :D hope you all enjoy!

Books
Journals & Whitepapers
Course's
Software
Extra Information


Updates
28/11/08
-Added a lot more information sites!

23/11/08
-More easier to find info now
-Added New Programs
-Added White Papers
-Added New Websites
 
Last edited:
ive used ghost v9 and found it to work just fine ...... av just started to mess on with this software so i havent tried v9 or below ive seen an old as version of ghost before and it work the same way from what i can remember was a year ago though :S


EDIT:

Ghost 12 Review
 
Last edited:
Kronologic said:
Mostly because I'm much better and comfortable in Windows than I am in Unix and Linux, also I am documenting my activities in Word/excel so rebooting between searching for something and documenting it will be a PITA (this is a non-professional forensics investigation)

NB I'm not saying windows is a better OS just that I have a better understanding of it.
Click to expand...


this still part of your uni work ?
 
am usin solaris 8 :S :( am assuming therd be the same commands etc on a basic level any guides that helpd you would be awsome to be honest its just a database thing at a job am at for the summer
 
Last edited:
basicaly go to most of the forensic forums as itll be most of the same people on there that you may meet in courses etc and most of them will actualy be able to help you out ill list a few sites yu can google as (if i remember correctly where not allowed to put forums up)

computer forensics world
forensic focus
forensics.nl
multi media forensics


the books are the books ive personaly read, there is a few more however it can depend if youre just going into data retrival or more of an ethical hacking standing point of view either way myself personaly i like all aspects so just read up on a few terms in forsensic wikki which i linked about and always keeping yourself in the news etc

torrent freak - news website
digg - major techy news site
ars technica
bbc
google

and keep on reading the news realy as theres always somthing happening find out who what where and why and read into it how the laws are in different countrys as from what ive been told in lectures and what not is mainy e-fraud or summit wrotten whoch im asuming you can guess but anyways most e-fraud does come out of the country in places such as south america etc.... so read up on what that prson has been arrrested for how they did it and how they were caught because you dont know how to ctch some one unless they make an obvious mistake or unless you can do it yourself realy can you.


best advice i could give is put your mind in the place of the crimal and itll come .... stupid maybe but its true, google books is a good site up on things such as grey hat.



however here is a reading list i was given it should help

a few stuff has been removed due to its content as i dont want to annoy the mods as i dunno how sensitive this subject can be in here but here you go this will help books wise none the less

Recommended Reading

Kruse, W.G. and Heiser, J. G. (2002) Computer Forensics: Incident Response Essentials Addison Wesley

Davies, M. Croall, H. and Tyrer, J. (2004) Criminal Justice: An Introduction to
the Criminal Justice System in England and Wales Third Edition. London:
Longman

Suggested Reading

Britz, M. J. (2004) Computer Forensics and Cyber Crime; an Introduction. Pearson Prentice Hall

Croall, H. (1998) Crime and Society in Britain, Longman.
Marsh, I. (2004) Criminal Justice. Longman.

Newburn, T. (2002) Crime and Criminal Justice Policy London: Longman

Padfield, N. (2000) Text and Materials on Criminal Justice 2nd edition, Butterworths

Stephens, M. (2000) Crime and Social Policy: Gildredge Social Policy, The Gildredge Press

Wasik, M. Gibbons, T and Redmayne, M. (1999) Criminal Justice: Texts and
Materials, Longman

Ackroyd, S. et al (1992) New Technology and Practical Police Work Berkshire: Open University Press

Akdeniz, Y., Walker, C. and Wall, D. (eds.) (2000) The Internet, Law and Society UK: Longman

Barrett, N. (1997) Digital Crime London: Kogan Page

Button, K. (1997) ‘Hacking off the Hackers’ in Computer Weekly, 16 January

Chandler, A. (1996) ‘The Changing Definition of Hackers in Popular Discourse’ in International Journal of the Sociology of Law, 24: 229-51

Denning, D. E. (1999) Information Warfare and Security New York: ACM Press

Ellison, L. & Akdeniz, Y. (1998) ‘Cyberstalking: The Regulation of Harassment on the Internet’ in Criminal Law Review, Special Edition, December 1998: 29-47


Hollinger, R. (ed) (1997) Crime, Deviance and the Computer USA: Dartmouth Publishing Company

Leong, G. (1998) ‘Computer Child Pornography – The Liability of Distributors’ in Criminal Law Review, Special Edition, December 1998: 19-28

Levy, S. (1984) Hackers: Heroes of the Computer Revolution New York: Bantam Doubleday Bell

Mann, D. and Sutton, M. (1998) ‘Netcrime: More Changes in the Organisation of Thieving’ in British Journal of Criminology, 38(2): 201-29

Parker, D. B. (1976) Crime by Computer New York: Shribner

Parker, D. B. (1998) Fighting Computer Crime: A New Framework for Protecting Information New York: John Wiley

Power, R. (2000) Tangled Web, Tales of Digital Crime from the Shadows of Cyberspace Indianapolis: Que


Speer, L. (2000) ‘Redefining Borders: The Challenges of Cybercrime’ in Crime, Law and Social Change, 34: 259-73

Sterling, B. (1992) The Hacker Crackdown: Law and Disorder on the Electronic Frontier New York: Bantam Books

Taylor, P. (1999) Hackers: Crime in the Digital Sublime London: Routledge

Thomas, D. & Loader, D. B. (eds.) (2000) Cybercrime: Law Enforcement, Security and Surveillance in the Information Age London: Routledge

Wall, D. (ed) (2001) Crime and the Internet London: Routledge


Journals

Digital Investigation
Journal of Digital Forensic Practice
Proceedings of ACM
Infosecurity
“IT Now” formerly the Computer Bulletin (BCS)
British Journal of Criminology
Computer Weekly
Crime, Law and Social Change
Criminal Justice
Criminal Justice Matters
Click to expand...
 
Last edited:
Book's:

I personally own these


Software Forensics: Collecting Evidence from the Scene of a Digital Crime
By Robert M Slade


Forensic Computing: A Practitioner's Guide
By Brian Jenkinson, Anthony J. Sammes


File System Forensic Analysis
By Brian Carrier


Encase Certified Examiner
By Steve Bunting


The Art of Intrusion
By Kevin David Mitnick, William L. Simon


Computer Forensics
By Warren G. Kruse, Jay G. Heiser


The Art of Deception
By Kevin D. Mitnick, William L. Simon, Steve Wozniak


Secrets & Lies
By Bruce Schneier

------------------------------------------------------------------------------------------------

Uni Recommended Reading

Davies, M. Croall, H. and Tyrer, J. (2004) Criminal Justice: An Introduction to
the Criminal Justice System in England and Wales Third Edition. London:
Longman

Suggested Reading

Britz, M. J. (2004) Computer Forensics and Cyber Crime; an Introduction. Pearson Prentice Hall

Croall, H. (1998) Crime and Society in Britain, Longman.
Marsh, I. (2004) Criminal Justice. Longman.

Newburn, T. (2002) Crime and Criminal Justice Policy London: Longman

Padfield, N. (2000) Text and Materials on Criminal Justice 2nd edition, Butterworths

Stephens, M. (2000) Crime and Social Policy: Gildredge Social Policy, The Gildredge Press

Wasik, M. Gibbons, T and Redmayne, M. (1999) Criminal Justice: Texts and
Materials, Longman

Ackroyd, S. et al (1992) New Technology and Practical Police Work Berkshire: Open University Press

Akdeniz, Y., Walker, C. and Wall, D. (eds.) (2000) The Internet, Law and Society UK: Longman

Barrett, N. (1997) Digital Crime London: Kogan Page

Button, K. (1997) ‘Hacking off the Hackers’ in Computer Weekly, 16 January

Chandler, A. (1996) ‘The Changing Definition of Hackers in Popular Discourse’ in International Journal of the Sociology of Law, 24: 229-51

Denning, D. E. (1999) Information Warfare and Security New York: ACM Press

Ellison, L. & Akdeniz, Y. (1998) ‘Cyberstalking: The Regulation of Harassment on the Internet’ in Criminal Law Review, Special Edition, December 1998: 29-47

Hollinger, R. (ed) (1997) Crime, Deviance and the Computer USA: Dartmouth Publishing Company

Leong, G. (1998) ‘Computer Child Pornography – The Liability of Distributors’ in Criminal Law Review, Special Edition, December 1998: 19-28

Levy, S. (1984) Hackers: Heroes of the Computer Revolution New York: Bantam Doubleday Bell

Mann, D. and Sutton, M. (1998) ‘Netcrime: More Changes in the Organisation of Thieving’ in British Journal of Criminology, 38(2): 201-29

Parker, D. B. (1976) Crime by Computer New York: Shribner

Parker, D. B. (1998) Fighting Computer Crime: A New Framework for Protecting Information New York: John Wiley

Power, R. (2000) Tangled Web, Tales of Digital Crime from the Shadows of Cyberspace Indianapolis: Que

Speer, L. (2000) ‘Redefining Borders: The Challenges of Cybercrime’ in Crime, Law and Social Change, 34: 259-73

Sterling, B. (1992) The Hacker Crackdown: Law and Disorder on the Electronic Frontier New York: Bantam Books

Taylor, P. (1999) Hackers: Crime in the Digital Sublime London: Routledge

Thomas, D. & Loader, D. B. (eds.) (2000) Cybercrime: Law Enforcement, Security and Surveillance in the Information Age London: Routledge

Wall, D. (ed) (2001) Crime and the Internet London: Routledge
 
Last edited:
Software:

Sleuth Kit
This is a linux Forensic Imaging software incorporated into most forensic live distros

Back Track
one of the most well known forensic live distros

Hirens Boot CD
An admin's Dream its full of loads of different software etc...

Norton Ghost....Wiki
This software gives you the ability to image a drive back it up etc or reload it to say a test machine

Acronis True Image
A personal favorite of mine, it does exactly what it says on the tin (or cd box for that)

recuva
is a freebie software from the great people of CCleaner it can recover some files from ntfs and fat32 giving you the condition its in

siw
Awsome bit of kit, you can check out network settings hardware and much more !!!! plus its no install needed just runs in your memory

cain & able
.......

ophcrack
if youve ever lost your windows password and that good old safe mode dosent work this rainbow cracking tool works a reat

Pro Discover
Realy good imaging tool ...

FTK Imager
Disk Imager

Encase
Disk Imager HIGHLY Rated!!!!

Memory Dump
Displays all the Items In the memory

Regmon
Displays logs of the Reg

Reg Watch
Displays Changes in the Reg


Process Explorer
Displays the processeses that are currently running inc. DLL's etc

Stegonography
......

Tool Kit's
10 Linux Distro Forensic Tool Kit's

Chaos MD5
MD5 Hash Program

WindirStat
Displays Files in a directory as a graphical display there is a portable version but you can just actually run it from the exe

HxD
Hex Editor

Mount Image Pro
Allows you to mount images taken by Encase DD and some other disk image tools as drives on your PC

Recover MyFiles
Allows you to scan for files that have been deleted and restore them

VMWare
Virtual PC 2007
Virtual Box
a collection of software to let you run virtual computers

VFC
Allows you to convert Encase images (probably others too) into a format used by VMware to run the image as a virtual PC.

Helix CD
Forensic Toolkit

Live View
Allows disk images or physical drives to be booted up in a virtual machine and examined in a forensically sound manner.

Anti Forensic Tool Kit
Test the skillz of the forensic recovery software

Format Recpvery
Recover deleted formats from your drive or partitions etc

LophtC
.........

Pandora Recovery
Recover Deleted Files

Clamwin Portable
portable ani virus this can be put to use for instance where a trojan or key logger may have been installed on a hdd and may actually help you

DTask Manager
Really advanced task manager (portable too)

Explore 2fs
Explore2fs is a GUI explorer tool for accessing ext2 and ext3 filesystems.

Filemon
Tells you which running program is accessing what directory File/Folder

Process Explorer
lets you see what dll's etc (abit like filemon)

What Changed
Tells you what changed during an installation or running of a program etc...

some Extra apps worth noting that can either display files in a different manner or retrive so you can get a better look...
Multi PR
netpass
notepad ++
Firefox
vlc
nirsoft
 
Last edited:
Sites That may be of help:
I Know there's allot here i eventually hope to categorise them, all of these sites are of the intention to find information about a threat or retrieving or enabling you to do something in forensics or security

ACPO Guidelines
People May argue there out of date bt there still worth the read!

Access Data
This site has a wide range of tools on and some help information

Guidance Software
Encase Website ...

NTFS Guide
Guides on Disk Imaging

Data Duplication
Hardware to copy information on hard drives

Forensic Computer's
Actual computers designd for forensic practitioners

Forensic Blog

Anti Phising Group

Forensics
Up to Date forensic "happenings"

Forensic Wiki

British Computing Society

Mac Forensics

Mobile Phone Forensics (PDF)

Diskology
Another Hardware Had Drive Duplication Site

Packet Strom

Zone-H

Security Fix

Net Security

Security Focus

Root Secure

Ars Technias Security Section

Wireds Threat Level

Virus List

Cnet Security Podcast

Anti-Malware Engineering Team

Anti-Virus Rants

Anton Chuvakin

Arbor Network's Blog

BoingBoing

CERIAS

Chinese Hacking Community

Counterterrorism Blog

Darknet Hackers

DefenseTech

Determina Security Blog

Errata Security

Exploit Prevention Labs

F-Secure Labs Blog

FAS on Secrecy

FAS Strategic Security Blog

Fergie's Tech Blog

Finjan's MCRC Blog

Frequency X Blog

GNUCitizen's Blog

Honeyblog

Internet Anthropologist T.T.

Internet Haganah

Internet Storm Center

Jeremiah Grossman

Jihad Watch

Kaspersky Labs Blog

Lance Spitzner

McAfee Avert Labs Blog

Mike Davis

PandaSecurity Labs

Prevx's Blog

Richard Bejtlich's TaoSecurity

RSA's Security Blog

Russian Business Network

Ryan Naraine's Security Watch

ScanSafe's Blog

Secure Works Labs

Sophos Labs Blog

SpywareGuide Greynets Blog

Sunbelt Labs

Symantec Security Response

The Black Flag

The Jawa Report

Trend Micro Labs

UK Honeynet Project's Blog

Web Application Security Labs

WebSense labs

Wired's Danger Room

ZDNet's Zero Day

Pinpoint Labs

The 44 Research

Dark Reading

Bandit Defence

Insane Security

Roger Info Security

Secure Team

Tech Republic IT Security




I have a few extra rss feeds here which shows news from a lot of other sites not mainly security focused but are either more reputable or may have some news others dont....
 
Last edited:
Beerbaron said:
Just found this thread and there is quite a lot of good stuff here. Im about to start my masters in computer forensics in sept/oct.

knowlesy, how did you get on with your course and what sort of job do you do now?
Click to expand...

ah quality I've been thinking of that, where about's are you doing it ?

Im currently on placement at the minute just as a general engineer / technician which Is pretty cool, I go back for my 3rd year in September.... however Im wanting to go more into either data recovery etc or network security, this list needs massively updating, and I'm considering creating a blog to combine everything I find etc.... I just need to get the time in all honesty :)
 
The Mad Rapper said:
I am a Senior Forensic Investigator - have been employed in this field for over 8 years now.

Someone recommended:

Forensic Computing: A Practitioner's Guide
By Brian Jenkinson, Anthony J. Sammes

I'd second that. It's a good book. They are both instructors on the Forensic Foundation course at Shrivingham and I've met them both. Brian Jenkinson is a bit up his own arse and stuck in the past. Tony Sammes however is a true gent, one of the nicest blokes I've ever met. He really knows his stuff as well. A former officer in the Royal Signals, he was a key member or the ARPA Net team and helped design some of the protocols still in use today.

One thing you have to understand is that a lot of people in this field talk the talk, but few really are very capable. There are a lot of charlatans as well, mainly small one and two man bands, but some of the larger companies are also full of cowboys.

If you want to get started then make sure you have a through knowledge of hardware and software. Understand what files are changed or created when users carry out certain activities and where they are located in the O/S. Don't rely on the software to do everything, you need to understand what is going on underneath. Too many new practitoners only know 'push button forensics' and that's to their detriment.

If you need any help then let me know.
Click to expand...

Ah quality, thanks very much, would it be ok to throw a few ideas for my dissertation your way ? I must admit i agree with your final statement of understanding hardware & software and not relying on software forensics, sadly I feel my course isnt long enough to go as in depth as that and were only being taught the basics, well more of a foot on the ladder approach but I think the odd one or two people onthe course believe its more like csi, where your in a room full of top notch hardware and itll do everything for you, .... :)
 
Last edited:
The Mad Rapper said:
I am not promising anything, but if you are really interested then I can put you in touch with a very good friend who works at a medium sized company up there. Perhaps some work experiance during the summer?
Click to expand...

:eek::eek::eek::eek:

Id love to be able to do that in all honesty, but Im currently on placement till september and i have to make it at least 45 weeks there due to starting at a placement late :( :(

really really REALLY appreciated though
 
huh btec jesus ... i missed out :( If i remember one of the presentations your starting wage as a junior analyst is 22-25k depending on where abouts you are in the country respectively
 
You must log in or register to reply here.
Back
Top Bottom