Columns
Computer Forensics Resources: Where to Start
- Just plain useful forensics resources:
- Forensic readiness (forensic_readiness.pdf) [pdf 172k]
- "Secure Audit Logs to Support Computer Forensics"
- "Guidelines for Evidence Collection and Archiving"
- Department of Justice: Computer Crime and Intellectual Property Section
- Useful links for forensic computing and analysis
- Forensics class (1999)
- How to implement a generalized tool for network monitoring
- Step by Step Network Monitoring using NFR
- SHADOW Indications Technical Analysis—Coordinated Attacks and Probes
- Bro: A system for detecting network intruders in real-time
- Honeynet Project: Cost of a forensic analysis
- Estimating the cost of damages due to a security incident
- Advice on submitting, packing and shipping computer evidence
- Information on media coolers (digital-media-friendly safes, for safeguarding physical evidence)
- Logging Tools:
- Part of Your Reaction Kit:
- The Coroner's Toolkit (TCT). A collection of tools for gathering and analyzing data from an attack, for UNIX systems:
- Encryption-enabled network transport utilities:
- Digital Notaries:
- Intrusion Detection Systems (IDSes): www.iss.net/products_services/enterprise_protection/rsnetwork/index.php
- NFR Network Intrusion Detection from Network Flight Recorder:
www.nfr.net/
- Managed Security Providers:
- A sampling of courses:
- Digital Forensic Analysis: @ Stake:
www.atstake.com/services/education/courses/forensic_analysis.html - Cost: $3,000 (commercial)
- $2,490 (government/law enforcement)
- Practical Forensics: How to Manage IT Investigations
- Computer Forensic Training
- LCTechnology International
- www.lc-tech.com
- Cost: $2,500 (commercial)
- $1,250 (government/law enforcement)
- In addition, many university computer science departments are beginning to teach courses on digital forensics. Check with your local institution.
About the Author
Mathew Schwartz is a Contributing Editor for Enterprise Systems and is its Security Strategies column, as well as being a long-time contributor to the company's print publications. Mr. Schwartz is also a security and technology freelance writer.