Seawall Forensic Library Seawall Computer Forensic Library


Dan Farmer and Wietse Venema's collaborative work is priceless:

The Computer Forensic Class Handouts
The Computer Forensics Column
The Coroner's Toolkit (forensics for UNIX)

SANS Investigative Forensic Toolkit (SIFT) Workstation: Version 2.0 supports Microsoft NTFS:


An on-line version of the Black Hat Las Vegas 2000 Training, thanks to Dave Dittrich, Senior Engineer at the University of Washington.

Intruder Discovery / Tracking and Compromise Analysis

A paper outlining the Computer Forensics process is available through the FBI:

Recovering and Examining Computer Forensic Evidence
And they previously hosted a well received document (PDF): An Approach to Evidence in Cyberspace

Lance Spitzner includes forensic analysis in the Know Your Enemy series, and a Building Honeypots paper is available as well through:

Lance's Security Papers Of particlar interest is Know Your Enemy III, where Lance traces the activities os a "script kiddie" intruder on an active system.

CERT has several worthwhile papers including:

Recovering from an Incident
First Responders Guide to Computer Forensics: Advanced Topics
Advanced Information Assurance Handbook

OpenSolaris has produced a unique online tool enabling cryptographic comparison of system binaries (Following Sun's footsteps):

The Solaris Fingerprint Database

The FBI's Laboratory Services maintains a:

FBI Handbook of Forensic Services
. This is really a study in forensic sciences in general, not necessarily computers.

When monitoring physical security is desirable, check out these

Supercircuits for video surveillance
Long Play Video Recorders

Tel: 603-659-7621 Fax: 603-659-5409
Seawall Home Seawall Internet Seawall Network Seawall Servers Seawall Library

©2000 Seawall, Inc. All Rights Reserved.