Personal Privacy, Ethics, Crime, and Legal Issues

  • Icove, D. Computer Crime. O'Reilly, 1996.
  • Rothfeder, J. Privacy For Sale: How Computerization has made everyone's private life an open secret. Rothfeder, 1992.
  • Hoffman, L. Building in Big Brother: The Cryptographic Policy Debate. Springer-Verlag, 1995.
  • Bloombecker, J.Introduction to Computer Crime. National Center for Computer Crime Data, 1988.
  • Cavazos, E. and Morin, G. Cyberspace and the Law: Your Rights and Duties in the On-Line World. MIT Press, 1994.
  • Cunningham, W. et al Private Security Trends 1970-2000. The Hallcrest Report II. Hallcrest, 1990.
  • Johnson, D. Computer Ethics. Prentice-Hall, 1994 (2nd edition).
  • Forester, T. and Morrison, P.Computer Ethics. MIT Press, 1994 (2nd edition).

Computer Forensics

  • The Honeynet Project's Forensic Challenge
  • Basic Steps in Forensic Analysis of Unix Systems, David Dittrich (Pasos BАsicos en AnАlisis Forense de Sistemas GNU/Linux, Unix, modified, updated and translated to Spanish by Ervin S. Odishoo)
  • Course notes for Black Hat '00 Unix forensics class, Dominique Brezinski and David Dittrich
  • The Coroner's Toolkit
  • Dan Farmer & Wietse Venema's class on computer forensic analysis
    [ forensics.tar.gz contains the slides in 6-up portrait PostScript format for printing on just 25 double-sided pages]
  • Forensic Computer Analysis: An Introduction -- Reconstructing past events, By Dan Farmer and Wietse Venema, Dr. Dobb's Journal, September 2000
  • What Are MACtimes?: Powerful tools for digital databases, By Dan Farmer, Dr. Dobb's Journal, October 2000
  • Strangers In the Night: Finding the purpose of an unknown program, by Wietse Venema, Dr. Dobb's Journal, November 2000
  • Computer Forensics Column, Errata
  • The Law Enforcement and Forensic Examiners Introduction to Linux, a Beginner's Guide, Barry J. Grundy, NASA Office of the Inspector General
  • Brian Carrier's Sleuthkit (formerly TASK, formerly TCT-Utils)
  • Sleuthkit
  • Autopsy Browser
  • Sleuthkit Informer
  • Notes on updating Red Hat Linux 7.1 to support >2GB images with TCT, TCTUTILS & Autopsy (see also Large File Support in Linux)
  • Forensic Analysis of a Compaq RAID-1 Array and Using dd with EnCase v3, by Keith J. Jones
  • Forensic Analysis Using FreeBSD - Part 1 by Keith J. Jones
  • Organizations/conferences
  • International Organisation on Computer Evidence
  • European Network of Forensic Science Institutes -- Forensic information technology Working group
  • International Association of Computer Investigative Specialists (IACIS)
  • Law and Legal Process
  • Judicial Gatekeeping in Texas, by Thomas F. Allen, Jr. and Robert Rogers, Harvard Law School '99 (Daubert)
  • Admissibility of Scientific Evidence Under Daubert
  • Frye v. United States 293 F. 1013 (D.C. Cir. 1923)
  • Rules of Evidence, Harvard School of Law
  • Digital Timestamping
  • Stamper digital timestamping service
  • Internet X.509 Public Key Infrastructure Time Stamp Protocol (TSP)
  • What is digital timestamping?, RSA Cryptography FAQ section 7.11
  • Secure Time/Date Stamping in a Public Key Infrastructure, Surety.com White Paper (PDF)
  • Time Stamp Protocol, by Byun, Jung-Soo
  • Time is of the Essense: Electronic documents will only stand up in court if the who, what, and when they represent are unassailable, by Charles R. Merrill, CIO.com, March 15, 2000
  • How to Time-Stamp a Digital Document (PostScript), by Stuart Haber and W. Scott Stornetta, Journal of Cryptology, Vol. 3, No. 2, pp. 99-111 (1991)
  • Improving the Efficiency and Reliability of Digital Time-Stamping (PostScript), by Dave Bayer, Stuart Haber, and W. Scott Stornetta, in Sequences II: Methods in Communication, Security, and Computer Science, eds. R. Capocelli, A. DeSantis, and U. Vaccaro, pp. 329-334, (Springer-Verlag, 1993)
  • Secure Names for Bit-Strings (PostScript), by Stuart Haber and W. Scott Stornetta, in Proceedings of the 4th ACM Conference on Computer and Communication Security, (ACM, 1997).
  • Guidelines and standards
  • Electronic Crime Scene Investigation: A Guide for First Responders, National Institute of Justice, NCJ 187736, 2001
  • Forensic Examination of Digital Evidence: A Guide for Law Enforcement, National Institute of Justice, NCJ 199408, 2004
  • U.S. Department of Energy Computer Forensic Laboratory's First Responder's Manual (PDF)
  • Handbook of Legislative Procedures of Computer and Network Misuse in EU Countries (CSIRT Project Survey)
  • Federal Guidelines for Searching and Seizing Computers, U.S. Deptarment of Justice
  • Searching and Seizing Computers and Obtaining Electronic Evidence in Criminal Investigations, Computer Crime and Intellectual Property Section, Criminal Division, United States Department of Justice, January 2001 (PDF Version)
  • Field Guidance on New Authorities (Redacted), enacted in the 2001 Anti-terrorism Legislation ("USA Patriot Act"), issued by the Department of Justice
  • How the FBI Investigates Computer Crime, CERT Coordination Center
  • Evidence Examinations -- Computer Examinations, Handbook of Forensic Services, U.S. Department of Justice, FBI
  • Digital Evidence: Standards and Principles, Forensic Science Communications, US DoJ, April 2000, Volume 2, Number 2
  • Recovering and Examining Computer Forensic Evidence, Forensic Science Communications, US DoJ, October 2000, Volume 2, Number 4
  • RFC 3227: Guidelines for Evidence Collection and Archiving, by Dominique Brezinski and Tom Killalea
  • An Introduction to the Field Guide for Investigating Computer Crime, by Timothy E. Wright (Security Focus Incident Handling focus)
  • The Field Guide for Investigating Computer Crime: Overview of a Methodology for the Application of Computer Forensics, by Timothy E. Wright (Security Focus Incident Handling focus)
  • The Field Guide for Investigating Computer Crime: Search and Seizure Basics, by Timothy Wright (Security Focus Incident Handling focus)
  • Recovering from an Intrusion, by /dev/null
  • Interviews
  • Info.sec.radio segment on forensics (@15:45.0), July 10, 2000
  • SecurityFocus interview with Jennifer Grannick
  • SecurityFocus interview with Chad Davis
  • Books
  • List of books on forensics compiled by Jeimy J. Cano, Universidad de los Andes
  • Articles/Journals
  • International Responses to Cyber Crime
  • International Journal of Digital Evidence
  • Sleuthkit Informer
  • Open Source Digital Forensic Tools: The Legal Argument, by Brian Carrier, @stake
  • Computer forensics specialists in demand as hacking grows, by Suzanne Monson, Special to The Seattle Times, September 8, 2002
  • Electronic Data Discovery Primer, by Albert Barsocchini, Law Technology News, August 28, 2002
  • Solving the Perfect Computer Crime, by Jay Lyman, February 27, 2002
  • NT Incident Response Investigations and Analysis, by Harlan Carvey, Information Security Bulletin, June 2001
  • "A harder day in court for fingerprint, writing experts: US judge limits testimony of forensic analysts, in a ruling that might alter how evidence is presented at trial," by Seth Stern, Christian Science Monitor, January 16, 2002
  • Cybersleuthing solves the case (and related stories) by Deborah Radcliff, Computerworld, January 14, 2002
  • Digital sleuthing uncovers hacking costs, by Robert Lemos, Special to CNET News.com, March 22, 2001
  • "Intrusion Detection Systems as Evidence", by Peter Sommer, Computer Security Research Centre, London School of Economics & Political Science
  • Advancing Crime Scene Computer Forensic Techniques, by Chet Hosmer, John Feldman, and Joe Giordano
  • Recovering and Examining Computer Forensic Evidence, Forensic Science Communications, FBI, October 2000
  • Analysis: The forensics of Internet security, by Carole Fennely, SunWorld (via CNN), July 26, 2000
  • September 2000 Market Survey -- Computer Forensics, by James Holley, SC Magazine (ranks Linux dd a Best Buy! ;)
  • Cybercops Need Better Tools -- Law enforcement agencies are falling behind hackers, says exec of CIA tech incubator, by Matthew Schwartz, Computerworld, July 31, 2000
  • Crime Seen (Cover story on digital forensics), by Bill Betts, Information Security Magazine, March, 2000
  • Disk Shows Love Bug-Like Virus, by Dirk Beveridge, AP, May 16 2000
  • Computer Forensics: Investigators Focus on Foiling Cybercriminals, by Illena Armstrong, SC Magazine (cover story), April 2000
  • CD Universe evidence compromised -- Failure to protect computer data renders it suspect in court, by Mike Brunker and Bob Sullivan, MSNBC, June 7, 2000
  • Crime & Clues -- The Art and Science of Criminal Investigation
  • FBI Forensic Science Communications
  • Reverse engineering
  • Reverse Engineering Malware, by Lenny Zeltser, May 2001
  • The Honeynet Project's Reverse [engineering] Challenge
  • Fenris, by Michal Zalewski, BINDVIEW
  • Other open source reverse engineering tools listed by Michal Zalewski
  • Using fenris on the Honeynet Project Reverse Challenge binary
  • Using fenris on burneye protected binaries
  • Linux tools for Reverse Engineering at Packet Storm
  • LinuxAssembly.org resources
  • Linux Assembly HOWTO, by Konstantin Boldyshev and FranГois-RenИ Rideau
  • Programmer's Tools Decompiler/Dissassembler page
  • Linux Kernel Internals (especially the "How System Calls Are Implemented on i386 Architecture chapter)
  • The Decompilation Page at the University of Queensland
  • IDA Pro Disassembler (commercial product, multi-platform/OS) [older freeware version]
  • GDB tutorial
  • Gnu GDB docs
  • Cornell Theory Center Totorial on GDB
  • Norm Matloff's Debugging Tutorial
  • UNIX Kernel Stack Overflows, SunSolve Online Infodoc
  • The Solaris Memory System: Sizing, Tools and Architecture (PDF)
  • SE Toolkit (Sun memory management tuning utility)
  • Anti-Forensics (Note: Use these on an isolated analysis system)
  • SecuriTeam.com TESO Burneye Unwrapper
  • Advanced in ELF Runtime Binary Encryption - Shiva, by Neil Mehta, Blackhat USA 2003 (PDF)
  • Unpackers/decrypters/unprotectors (Generic/universal unpackers/deprotectors/dumpers)
  • Packer and Unpackers
  • EXEStealth executable protection
  • Generic ExeStealth Unpacker v1.0
  • Encryption/Stegonography
  • Steganalysis - Attacks against Steganography and Watermarking - Countermeasures - , by Neil F. Johnson
  • Defeating Statistical Steganalysis, CITI, University of Michigan
  • Forensic analysis tools and related software
  • Fingerprint databases
  • The Solaris Fingerprint Database
  • known goods
  • The NIST National Software Reference Library (NSRL)
  • Rootkit identification utilities
  • Rootkit Hunter
  • chkrootkit
  • File system integrity checking tools
  • Osiris
  • AIDE
  • FTimes and HashDig
  • FLAG (Forensic Log Analysis GUI), from the Australian Defence Signals Division
  • Time Zone Converter
  • Knoppix Security Tools Distribution (STD)
  • Penguin Sleuthkit (a remaster of Knoppix)
  • The FIRE (formerly known as "Biatchux") bootable CD-ROM forensic toolkit
  • Open Source Windows Forensic Tools for Windows
  • Open Source Windows Forensic Tools for Unix
  • chkwtmp (SunOS 4.x)
  • chklastlog (SunOS 4.x)
  • NT Objectives was mentioned in a DEFCON talk on forensics. They produce a free toolkit (that lets you do the same thing as find does for free on Unix!)
  • NTI Information & Resource Page (Mostly Windows-specific instructions, but some general forensic guidelines)
  • Slashdot thread on wiping hard drive contents
  • Put A Trace On It: A Command You Can ``truss'', SunSolve Online document
  • Signatures of Macintosh files
  • DD'©ҐUltimate Guide to Mac OS Forensics
  • Forensic analysis or related hardware
  • Hard Disk Removal, Sanderson Forensics
  • Customer Installable Parts, Apple Computer
  • WiebeTECH (Fire Wire docking devices)
  • FIREVue FireWire 400 / IDE Bridge Boards
  • DK-9 Removable Hard-Drive Enclosure USB 2.0 + Firewire 1394 with Ultra Quiet Cooling Fan
  • Forensic-Computers.com
  • F.R.E.D.D.I.E.
  • The Image MASSter Solo 2 Forensic system
  • Daten Airbag (hard drive write protection)
  • Centurion Guard
  • AgatИ USB hard drive
  • Partitioning/File system documentation
  • Windows NT Boot Process and Hard Disk Constraints, Microsoft Knowledge Base Article 114841
  • See "Splitting the Disk" in Sleuthkit Informer #2
  • Sleuthkit Media Management Tools
  • Linux Resource: Top: Kernel: File Systems
  • Ext2fs Home Page
  • Ext3 for the 2.2 kernel
  • SGI's XFS Port to Linux
  • IBM's JFS Port to Linux
  • >
  • FAT: General Overview of On-Disk Format, Microsoft
  • Microsoft Extensible Firmware Initiative FAT32 File System Specification, Microsoft
  • Linux Magic Numbers
  • JPEG File Interchange Format (JFIF)
  • The proposed Filesystem Hierarchy Standard [PDF file] (Directories/files, their locations, and intended purposes: A good topographic map of Unix filesystems.)
  • Journal File Systems, by Juan I. Santos Florido
  • Large File Support in Linux
  • Destruction/Recovery of data
  • Safe destruction of hard drives (This is good! ;)
  • Zapping data on CDs! (NICE light show!)
  • Unlocking a password protected harddisk (ATA Security Mode features), by the Rockbox Crew
  • Incident costs, damage estimation, and risk analysis
  • Project Develops Model for Analyzing Security Incident Costs in Academic Computing Environments
  • A Study on Incident Costs and Frequencies, by Virginia Rezmierski <>, Adriana Carroll <>, and Jamie Hine
  • Security Attribute Evaluation Method: A Cost Benefit Approach, by Shawn Butler, Carnegie Mellon University, International Conference on Software Engineering 2002 (ICSE 2002) Proceedings
  • Multi-Attribute Risk Assessment, by Shawn Butler, Carnegie Mellon University, Proceedings from Symposium on Requirements Engineering for Information Security (SREIS 2002)
  • Attack Trees: Modeling security threats, by Bruce Schneier, Dr. Dobb's Journal, December 1999
  • Attack Modelling for Information Security and Survivability, Andrew P. Moore, Robert J. Ellison, Richard C. Linger, Technical Note CMU/SEI-2001-TN-001, March 2001
  • A Quick Tour of Attack Tree Based Risk Analysis Using Secur/Tree, whitepaper by Amenaza.com, May 2002
  • Other documents/terms/legal resources
  • Forensic Examination of a RIM (Blackberry) Wireless Device, by Micheal W. Burnette, June 2002
  • What is RAID?
  • Linux DTP Hardware RAID HOWTO, by Ram Samudrala, v1.6, February 20, 2002
  • Computer/High-Tech Crime and Related Sites
  • Resources for High-Tech Crime Units, Officer.com
  • What is "Bates Numbering?"
  • Forensics Links from
  • Certificate/Degree Programs
  • A university in Texas is offering a cybersecurity degree program, by Sandra Swanson, Informationweek, May 3, 2002
  • U.T. Dallas To Establish Digital Forensics And Security Institute To Help Fight Cybercrime, University of Texas, Dallas, press release, May 1, 2002
  • University of New Haven Forensic Computer Investigation Program
  • Graduate Certificate Program in Computer Forensics (GCCF), University of Central Florida
  • UCF's list of University Programs/Courses in Computer Forensics [PDF]
  • Georgetown Institute for Information Assurance
  • Dan J. Ryan's Educational Materials
  • Johns Hopkins University Information Security Institute
  • Carnegie Mellon University Information Networking Institute (a C3S affiliated program)
  • Syracuse University Information Security Management Program
  • Dartmouth University Institute for Security Technology Studies
  • Purdue University CERIAS Information Assurance Education Graduate Certificate Program
  • Jobs
  • Where to Look for Security Jobs, By Deborah Radcliff, Computerworld, June 3, 2002
  • High demand for tech detectives , by Bob Weinstein, Suntimes, February 4, 2001