Computer and Cyber Forensics Resources


NOTE: This resource page currently under construction 12-Aug-2018


These Web-based resources are provided as value-added for my students.  The resources have been compiled by Dr. Gerry Santoro, often with student assistance.  The resources are optional.  You are welcome to share this page.


These resources have been organized into the topics associated with CAP2140 at State College of Florida.


An excellent source of information is the SANS Information Security Reading Room.  Some of the papers are listed in the topics below.



US Government Resources


NOTE: Some of these, such as NIST documents, may be listed below in topical areas.


·        NSA Information Assurance advice and resources -

·        US Computer Emergency Readiness Team --

·        Complete list of NIST Information Security Publications --

·        NICCS – National Initiative for Cybersecurity Careers and Studies -


Hacking Educational Resources


Security professionals must understand how systems are attacked and compromised in order to effectively protect those systems.  Following is a list of Web sites that provide learning resources for ethical hacking.


·        Hack This Site -

·        Hack This! -

·        Hack in the Box -

·        Hack a Day -

·        Evil Zone -



Blogs and Newsletters


·       Bruce Schneier Crypt-O-Gram --

·       Secure State Blog --

·       Krebs on Security --

Misc Software

·        USB Safeguard – software to encrypt a USB flash (pen) drive (proprietary)

·        Ophcrack – open source password cracking software

·        AccessData Forensics Toolkit 5 – proprietary, multi-function forensics toolkit

·        NirSoft – collection of proprietary and free system tools

·        SpyHunter – program for detection of steganographic content

·        Hiderman – program for creating steganographic content

·        WinHex – proprietary Hex editor with many features

·        Autopsy – open-source graphical interface to SleuthKit forensics toolkit

·        Puppy Linux – free, small version of Linux


Topic 1 - Computer Forensics and Investigation Processes



·        *** Carrie Morgan Whitcomb, “An Historical Perspective of Digital Evidence: A Forensic Scientist’s ViewInternational Journal of Digital Evidence, Vol. 1, No. 1, 2002.

·        *** Gary Palmer, “A Road Map for Digital Forensic ResearchReport of the First Digital Forensic Research Workshop (DFRWS), November 6, 2001.

·        Adventures in Computer Forensics  (SANS InfoSec Reading Room)

·        Fourth Amendment to the United States Constitution:

·        Disaster Recovery:

·        Macintosh SE:

·        General Affidavits:

·        *** Brian Carrier and Eugene H. Spafford, “Getting Physical with Digital Investigation ProcessInternational Journal of Digital Evidence, Vol. 2, No. 2, 2003.

·        *** Hamour and Al qarout, “A Ten Step Process for Forensic ReadinessNYIT.

·        Corporate Incident Handling Guidelines (SANS InfoSec Reading Room)

·        Creating and Maintaining Policies for Working with Law Enforcement  (SANS InfoSec Reading Room)

·        What is attorney client privilege?:





Topic 2 – Investigator’s office and laboratory



·        *** U.S. Department of Justice, “Electronic Crime Scene Investigation: A Guide for First Responders,” Office of Justice Programs, U.S. Department of Justice, National Institute of Justice, July 2001.

·        *** SANS Institute “Building a Low Cost Forensics Workstation”

·        Developing a Computer Forensics Team  (SANS InfoSec Reading Room)

·        Implementing a Computer Incident Response Team in a Smaller, Limited Resource Organizational Setting  (SANS InfoSec Reading Room)

·        Creating and Managing an Incident Response Team for a Large Company  (SANS InfoSec Reading Room)

·        Video: PALADIN – IT Forensic Mobile Lab on Wheels (YOUTUBE)


Topic 3 - Data Acquisition



·        *** NIST CFTT, “Testing Disk Imaging Tools ,” International Journal of Digital Evidence, V1, Issue 4, Winter 2003

·        Pros and Cons of using Linux and Windows Live CDs in Incident Handling and Forensics  (SANS InfoSec Reading Room)

·        Open Source Digital Forensics Tools – The Legal Argument  by Brian Carrier

·        Video – Live Remote Device Acquisition with AccessData FTK 3

·        *** Solid State Drives: The Beginning of the End for Current Practice in Digital Forensic Recovery?  By Graeme R. Bell and Richard Boddington



Topic 4 - Processing Crime and Incident Scenes



·        *** U.S. Department of Justice, “Forensic Examination of Digital Evidence: A Guide for Law Enforcement,” Office of Justice Programs, U.S. Department of Justice, National Institute of Justice. Special Report NCJ 199408, April 2004.

·        Crypto attack puts digital sig hash on collision course – article from The Register


Topic 5 - Working with Windows and DOS Systems



·        *** H. Carvey, “The Dark Side of NTFS (Microsoft’s Scarlet Letter), NTFS Alternate Data Streams, September 2003.

·        Winquisitor: Windows Information Gathering Tool (SANS Reading Room)

·        What you Don’t See on your Hard Drive (SANS InfoSec Reading Room)

·        Windows Responders Guide  (SANS InfoSec Reading Room)

·        Introduction to the Registry – from

·        PC Guide – NTFS Directories and Files

·        PC Guide – Master File Table

·        MFT Wiki

·        Search Windows Server - MFT

·        Windows Server Troubleshooting – MFT Metadata

·        How to break into a Windows PC (and prevent it from happening to you) – from LifeHacker



Topic 6 - Current Computer Forensics Tools



·        *** NHTCU, “Good Practice Guide for Computer Based Electronic Evidence,” Association of Chief Police Officers

·        *** Computer Forensic Timeline Analysis with Tapestry    By: Derek Edwards (SANS InfoSec Reading Room).

·        Bless Hex Editor – home page and documentation -

·        Open Source Digital Forensics -

·        Santoku Mobile Forensics -

·        Digital Forensics Framework -

·        Open Source Android forensics toolkit -

·        Digital Forensics Association Open Source Tools -

·        Practical Computer Forensics using Open Source Tools (Slides) -

·        Revealertoolkit -

·        Deft Linux -

·        AccessData Mobile Phone Examiner Plus Users Guide –

·        AFLogical - Open Source Edition pulls MMS, SMS, Contacts, and Call Logs from Android device -

·        iPhone Analyzer - Explore the internal file structure of your iphone (or of a seized phone in the case of forensic teams) using either the iphone's own backup files or (for jail broken iphones) ssh. Viewing of plist, sqlite, and hex are supported. IOS 5 is now supported



Topic 7 – Macintosh and Linux Boot Processes and File Systems




Some resources:



Topic 8 -- Recovering Graphics Files




Topic 8a – Steganography


·        *** “Hide and Seek: An Introduction to Steganography.” Niels Provos and Peter Honeyman – Univ of Michigan, IEEE Security and Privacy, 2003

·        *** Gary C. Kessler, “An Overview of Steganography for the Computer Forensics ExaminerForensic Science Communications, July 2004

·       *** Niels Provos and Peter Honeyman, “Detecting Steganographic Content on the Internet,” CITI Technical Report 01-11, 2001

·       R. Chandramouli, “A Mathematical Approach to Steganalysis”





Topic 9 -- Computer Forensics Analysis and Validation




·        Top 10 Password Crackers  from Security Tools 

·        John the Ripper  password cracker -- versions for unix, Linux, Mac,  windows, DOS and others

·        Video tutorial on Rainbow Tables (4:46) from Live Security

·        Rainbow tables and RainbowCrack Tutorial from Ethical Hacker Network.