Personal Privacy, Ethics, Crime, and Legal Issues         Icove, D Computer Crime O'Reilly, 1996 Rothfeder, J Privacy For Sale: How Computerization has made everyone's private life an open secret Rothfeder, 1992 Hoffman, L Building in Big Brother: The Cryptographic Policy Debate Springer-Verlag, 1995 Bloombecker, J.Introduction to Computer Crime National Center for Computer Crime Data, 1988 Cavazos, E and Morin, G Cyberspace and the Law: Your Rights and Duties in the OnLine World MIT Press, 1994 Cunningham, W et al Private Security Trends 1970-2000 The Hallcrest Report II Hallcrest, 1990 Johnson, D Computer Ethics Prentice-Hall, 1994 (2nd edition) Forester, T and Morrison, P.Computer Ethics MIT Press, 1994 (2nd edition) Computer Forensics            The Honeynet Project's Forensic Challenge Basic Steps in Forensic Analysis of Unix Systems, David Dittrich (Pasos BАsicos en AnАlisis Forense de Sistemas GNU/Linux, Unix, modified, updated and translated to Spanish by Ervin S Odishoo) Course notes for Black Hat '00 Unix forensics class, Dominique Brezinski and David Dittrich The Coroner's Toolkit  Dan Farmer & Wietse Venema's class on computer forensic analysis [ forensics.tar.gz contains the slides in 6-up portrait PostScript format for printing on just 25 double-sided pages]  Forensic Computer Analysis: An Introduction Reconstructing past events, By Dan Farmer and Wietse Venema, Dr Dobb's Journal, September 2000  What Are MACtimes?: Powerful tools for digital databases, By Dan Farmer, Dr Dobb's Journal, October 2000  Strangers In the Night: Finding the purpose of an unknown program, by Wietse Venema, Dr Dobb's Journal, November 2000  Computer Forensics Column, Errata The Law Enforcement and Forensic Examiners Introduction to Linux, a Beginner's Guide, Barry J Grundy, NASA Office of the Inspector General Brian Carrier's Sleuthkit (formerly TASK, formerly TCT-Utils)  Sleuthkit  Autopsy Browser  Sleuthkit Informer Notes on updating Red Hat Linux 7.1 to support >2GB images with TCT, TCTUTILS & Autopsy (see also Large File Support in Linux) Forensic Analysis of a Compaq RAID-1 Array and Using dd with EnCase v3, by Keith J Jones Forensic Analysis Using FreeBSD - Part by Keith J Jones Organizations/conferences  International Organisation on Computer Evidence  European Network of Forensic Science Institutes Forensic information technology Working group  International Association of Computer Investigative Specialists (IACIS) Law and Legal Process    Judicial Gatekeeping in Texas, by Thomas F Allen, Jr and Robert Rogers, Harvard Law School '99 (Daubert)  Admissibility of Scientific Evidence Under Daubert  Frye v United States 293 F 1013 (D.C Cir 1923)  Rules of Evidence, Harvard School of Law Digital Timestamping  Stamper digital timestamping service  Internet X.509 Public Key Infrastructure Time Stamp Protocol (TSP)  What is digital timestamping?, RSA Cryptography FAQ section 7.11  Secure Time/Date Stamping in a Public Key Infrastructure, Surety.com White Paper (PDF)  Time Stamp Protocol, by Byun, Jung-Soo  Time is of the Essense: Electronic documents will only stand up in court if the who, what, and when they represent are unassailable, by Charles R Merrill, CIO.com, March 15, 2000  How to Time-Stamp a Digital Document (PostScript), by Stuart Haber and W Scott Stornetta, Journal of Cryptology, Vol 3, No 2, pp 99-111 (1991)  Improving the Efficiency and Reliability of Digital Time-Stamping (PostScript), by Dave Bayer, Stuart Haber, and W Scott Stornetta, in Sequences II: Methods in Communication, Security, and Computer Science, eds R Capocelli, A DeSantis, and U Vaccaro, pp 329334, (Springer-Verlag, 1993)  Secure Names for Bit-Strings (PostScript), by Stuart Haber and W Scott Stornetta, in Proceedings of the 4th ACM Conference on Computer and Communication Security, (ACM, 1997) Guidelines and standards  Electronic Crime Scene Investigation: A Guide for First Responders, National Institute of Justice, NCJ 187736, 2001  Forensic Examination of Digital Evidence: A Guide for Law Enforcement, National Institute of Justice, NCJ 199408, 2004  U.S Department of Energy Computer Forensic Laboratory's First Responder's Manual (PDF)  Handbook of Legislative Procedures of Computer and Network Misuse in EU Countries (CSIRT Project Survey)  Federal Guidelines for Searching and Seizing Computers, U.S Deptarment of Justice  Searching and Seizing Computers and Obtaining Electronic Evidence in Criminal Investigations, Computer Crime and Intellectual Property Section, Criminal Division, United States Department of Justice, January 2001 (PDF Version)  Field Guidance on New Authorities (Redacted), enacted in the 2001 Anti-terrorism Legislation ("USA Patriot Act"), issued by the Department of Justice  How the FBI Investigates Computer Crime, CERT Coordination Center  Evidence Examinations Computer Examinations, Handbook of Forensic Services, U.S Department of Justice, FBI  Digital Evidence: Standards and Principles, Forensic Science Communications, US DoJ, April 2000, Volume 2, Number  Recovering and Examining Computer Forensic Evidence, Forensic Science Communications, US DoJ, October 2000, Volume 2, Number  RFC 3227: Guidelines for Evidence Collection and Archiving, by Dominique Brezinski and Tom Killalea  An Introduction to the Field Guide for Investigating Computer Crime, by Timothy E Wright (Security Focus Incident Handling focus)     The Field Guide for Investigating Computer Crime: Overview of a Methodology for the Application of Computer Forensics, by Timothy E Wright (Security Focus Incident Handling focus)  The Field Guide for Investigating Computer Crime: Search and Seizure Basics, by Timothy Wright (Security Focus Incident Handling focus)  Recovering from an Intrusion, by /dev/null Interviews  Info.sec.radio segment on forensics (@15:45.0), July 10, 2000  SecurityFocus interview with Jennifer Grannick  SecurityFocus interview with Chad Davis Books  List of books on forensics compiled by Jeimy J Cano, Universidad de los Andes Articles/Journals  International Responses to Cyber Crime  International Journal of Digital Evidence  Sleuthkit Informer  Open Source Digital Forensic Tools: The Legal Argument, by Brian Carrier, @stake  Computer forensics specialists in demand as hacking grows, by Suzanne Monson, Special to The Seattle Times, September 8, 2002  Electronic Data Discovery Primer, by Albert Barsocchini, Law Technology News, August 28, 2002  Solving the Perfect Computer Crime, by Jay Lyman, www.NewsFactor.com, February 27, 2002  NT Incident Response Investigations and Analysis, by Harlan Carvey, Information Security Bulletin, June 2001  "A harder day in court for fingerprint, writing experts: US judge limits testimony of forensic analysts, in a ruling that might alter how evidence is presented at trial," by Seth Stern, Christian Science Monitor, January 16, 2002  Cybersleuthing solves the case (and related stories) by Deborah Radcliff, Computerworld, January 14, 2002  Digital sleuthing uncovers hacking costs, by Robert Lemos, Special to CNET News.com, March 22, 2001  "Intrusion Detection Systems as Evidence", by Peter Sommer, Computer Security Research Centre, London School of Economics & Political Science  Advancing Crime Scene Computer Forensic Techniques, by Chet Hosmer, John Feldman, and Joe Giordano  Recovering and Examining Computer Forensic Evidence, Forensic Science Communications, FBI, October 2000  Analysis: The forensics of Internet security, by Carole Fennely, SunWorld (via CNN), July 26, 2000  September 2000 Market Survey Computer Forensics, by James Holley, SC Magazine (ranks Linux dd a Best Buy! ;)  Cybercops Need Better Tools Law enforcement agencies are falling behind hackers, says exec of CIA tech incubator, by Matthew Schwartz, Computerworld, July 31, 2000  Crime Seen (Cover story on digital forensics), by Bill Betts, Information Security Magazine, March, 2000  Disk Shows Love Bug-Like Virus, by Dirk Beveridge, AP, May 16 2000  Computer Forensics: Investigators Focus on Foiling Cybercriminals, by Illena Armstrong, SC Magazine (cover story), April 2000  CD Universe evidence compromised Failure to protect computer data renders it suspect in court, by Mike Brunker and Bob Sullivan, MSNBC, June 7, 2000      Crime & Clues The Art and Science of Criminal Investigation  FBI Forensic Science Communications Reverse engineering  Reverse Engineering Malware, by Lenny Zeltser, May 2001  The Honeynet Project's Reverse [engineering] Challenge  Fenris, by Michal Zalewski, BINDVIEW  Other open source reverse engineering tools listed by Michal Zalewski  Using fenris on the Honeynet Project Reverse Challenge binary  Using fenris on burneye protected binaries  Linux tools for Reverse Engineering at Packet Storm  LinuxAssembly.org resources  Linux Assembly HOWTO, by Konstantin Boldyshev and FranГois-RenИ Rideau  Programmer's Tools Decompiler/Dissassembler page  Linux Kernel Internals (especially the "How System Calls Are Implemented on i386 Architecture chapter)  The Decompilation Page at the University of Queensland  IDA Pro Disassembler (commercial product, multi-platform/OS) [older freeware version]  GDB tutorial  Gnu GDB docs  Cornell Theory Center Totorial on GDB  Norm Matloff's Debugging Tutorial  UNIX Kernel Stack Overflows, SunSolve Online Infodoc  The Solaris Memory System: Sizing, Tools and Architecture (PDF)  SE Toolkit (Sun memory management tuning utility) Anti-Forensics (Note: Use these on an isolated analysis system)  SecuriTeam.com TESO Burneye Unwrapper  Advanced in ELF Runtime Binary Encryption - Shiva, by Neil Mehta, Blackhat USA 2003 (PDF)  Unpackers/decrypters/unprotectors (Generic/universal unpackers/deprotectors/dumpers)  Packer and Unpackers  EXEStealth executable protection  Generic ExeStealth Unpacker v1.0 Encryption/Stegonography  www.Decryption.info  Steganalysis - Attacks against Steganography and Watermarking - Countermeasures - , by Neil F Johnson  Defeating Statistical Steganalysis, CITI, University of Michigan Forensic analysis tools and related software  Fingerprint databases  The Solaris Fingerprint Database  known goods  The NIST National Software Reference Library (NSRL)  Rootkit identification utilities  Rootkit Hunter  chkrootkit  File system integrity checking tools  Osiris  AIDE  FTimes and HashDig  FLAG (Forensic Log Analysis GUI), from the Australian Defence Signals Division             Time Zone Converter Knoppix Security Tools Distribution (STD) Penguin Sleuthkit (a remaster of Knoppix) The FIRE (formerly known as "Biatchux") bootable CD-ROM forensic toolkit Open Source Windows Forensic Tools for Windows Open Source Windows Forensic Tools for Unix chkwtmp (SunOS 4.x) chklastlog (SunOS 4.x) NT Objectives was mentioned in a DEFCON talk on forensics They produce a free toolkit (that lets you the same thing as find does for free on Unix!)  NTI Information & Resource Page (Mostly Windows-specific instructions, but some general forensic guidelines)  Slashdot thread on wiping hard drive contents  Put A Trace On It: A Command You Can ``truss'', SunSolve Online document  Signatures of Macintosh files  DD'©ҐUltimate Guide to Mac OS Forensics Forensic analysis or related hardware  Hard Disk Removal, Sanderson Forensics  Customer Installable Parts, Apple Computer  WiebeTECH (Fire Wire docking devices)  FIREVue FireWire 400 / IDE Bridge Boards  DK-9 Removable Hard-Drive Enclosure USB 2.0 + Firewire 1394 with Ultra Quiet Cooling Fan  Forensic-Computers.com  F.R.E.D.D.I.E  The Image MASSter Solo Forensic system  Daten Airbag (hard drive write protection)  Centurion Guard  AgatИ USB hard drive Partitioning/File system documentation  Windows NT Boot Process and Hard Disk Constraints, Microsoft Knowledge Base Article 114841  See "Splitting the Disk" in Sleuthkit Informer #2  Sleuthkit Media Management Tools  Linux Resource: Top: Kernel: File Systems  Ext2fs Home Page  Ext3 for the 2.2 kernel  SGI's XFS Port to Linux  IBM's JFS Port to Linux   FAT: General Overview of On-Disk Format, Microsoft  Microsoft Extensible Firmware Initiative FAT32 File System Specification, Microsoft  Linux Magic Numbers  JPEG File Interchange Format (JFIF)  The proposed Filesystem Hierarchy Standard [PDF file] (Directories/files, their locations, and intended purposes: A good topographic map of Unix filesystems.)  Journal File Systems, by Juan I Santos Florido  Large File Support in Linux Destruction/Recovery of data  Safe destruction of hard drives (This is good! ;)       Zapping data on CDs! (NICE light show!) Unlocking a password protected harddisk (ATA Security Mode features), by the Rockbox Crew Incident costs, damage estimation, and risk analysis  Project Develops Model for Analyzing Security Incident Costs in Academic Computing Environments  A Study on Incident Costs and Frequencies, by Virginia Rezmierski , Adriana Carroll , and Jamie Hine  Security Attribute Evaluation Method: A Cost Benefit Approach, by Shawn Butler, Carnegie Mellon University, International Conference on Software Engineering 2002 (ICSE 2002) Proceedings  Multi-Attribute Risk Assessment, by Shawn Butler, Carnegie Mellon University, Proceedings from Symposium on Requirements Engineering for Information Security (SREIS 2002)  Attack Trees: Modeling security threats, by Bruce Schneier, Dr Dobb's Journal, December 1999  Attack Modelling for Information Security and Survivability, Andrew P Moore, Robert J Ellison, Richard C Linger, Technical Note CMU/SEI-2001-TN-001, March 2001  A Quick Tour of Attack Tree Based Risk Analysis Using Secur/Tree, whitepaper by Amenaza.com, May 2002 Other documents/terms/legal resources  Forensic Examination of a RIM (Blackberry) Wireless Device, by Micheal W Burnette, June 2002  What is RAID?  Linux DTP Hardware RAID HOWTO, by Ram Samudrala, v1.6, February 20, 2002  Computer/High-Tech Crime and Related Sites  Resources for High-Tech Crime Units, Officer.com  What is "Bates Numbering?"  Forensics Links from www.forinsect.de Certificate/Degree Programs  A university in Texas is offering a cybersecurity degree program, by Sandra Swanson, Informationweek, May 3, 2002  U.T Dallas To Establish Digital Forensics And Security Institute To Help Fight Cybercrime, University of Texas, Dallas, press release, May 1, 2002  University of New Haven Forensic Computer Investigation Program  Graduate Certificate Program in Computer Forensics (GCCF), University of Central Florida  UCF's list of University Programs/Courses in Computer Forensics [PDF]  Georgetown Institute for Information Assurance  Dan J Ryan's Educational Materials  Johns Hopkins University Information Security Institute  Carnegie Mellon University Information Networking Institute (a C3S affiliated program)  Syracuse University Information Security Management Program  Dartmouth University Institute for Security Technology Studies  Purdue University CERIAS Information Assurance Education Graduate Certificate Program Jobs  Where to Look for Security Jobs, By Deborah Radcliff, Computerworld, June 3, 2002  High demand for tech detectives , by Bob Weinstein, Suntimes, February 4, 2001 ... Computer Crime, CERT Coordination Center  Evidence Examinations Computer Examinations, Handbook of Forensic Services, U.S Department of Justice, FBI  Digital Evidence: Standards and Principles,... Communication, Security, and Computer Science, eds R Capocelli, A DeSantis, and U Vaccaro, pp 329334, (Springer-Verlag, 1993)  Secure Names for Bit-Strings (PostScript), by Stuart Haber and W Scott Stornetta,... Scott Stornetta, in Proceedings of the 4th ACM Conference on Computer and Communication Security, (ACM, 1997) Guidelines and standards  Electronic Crime Scene Investigation: A Guide for First Responders,