“Doubt comes in at the window when inquiry is denied at the door.”
– Benjamin Jowett
I wanted to post a few more references in the area of forensics. There is a new book coming out, “Windows Forensic Analysis.” It is written by Harlan Carvey, who is also a member of the Security Catalyst Community Forums. Syngress has made available chapter three, Windows Memory Analysis, from Harlan’s book.
If you are unfamiliar with the Security Catalyst site, Michael Santarcangelo runs and maintains the forums. To quote the blog overview:
Get engaged and prepare to be entertained as expert on security and the protection of information and professional speaker Michael Santarcangelo (and friends) takes a refreshingly direct but entertaining (and easy to follow) look at the important issues in how we think about and protect our information assets.
It is a site I recommend to security professionals. Michael is really trying to build a community and provide insightful and timely information relating to security.
There are many great books out there. One book that has been out for awhile, which I highly recommend was written by Keith J Jones, Richard Bejtlich, and Curtis W. Rose. The title is “Real Digital Forensics.” Richard does an excellent job with the TaoSecurity blog. The blog is “dedicated to FreeBSD, network security monitoring, incident response, and network forensics.”
Bret Padres and Ovie Carroll, two former federal agents “talk about computer forensics, network security and computer crime” on their podcast, Cyberspeak. The April 22, 2007 episode has an interview with Jesse Kornblum, Pricipal Computer Forensic Engineer, ManTech International. They discuss Forensicswiki.org. The Forensicswiki.org site is “a Wiki operated under the Creative Commons-licensed devoted to information about digital forensics.” Translation: it is open to everyone. On the show, Jesse mentions the site Forensicwiki.com, which is a closed site where membership requests are vetted. To quote the site, “membership is intended for forensic/security professionals, law enforcement and the legal profession.”
Another site that might be of interest is Computerforensicsworld.com. That site is also a “free and open peer to peer medium for digital and computer forensics professionals and students.” There is also the Forensicfocus.com site. In the July 2006 newsletter, Forensicfocus provided many additional forensic links. One forensic list that they missed was the Appleforensics list. That mailing list is open only to government email addresses.
The NIST Special Publication site does maintain a few documents that might be of interest. There is Draft Special Publication 800-101, Guidelines on Cell Phone Forensics. There is also SP 800-86, “Guide to Integrating Forensic Techniques into Incident Response,” which was published August 2006. Back in November 2004, NIST published SP 800-72, “Guidelines on PDA Forensics.”
If you need a podcast to serve as an introduction to forensics, I recommend Richard Nolan and Stephanie Losi podcast done April 17, 2007 titled Computer Forensics for Business Leaders: A Primer. To quote the description of the show, “In this podcast, Richard Nolan, who leads CERT’s computer forensics efforts, shares what business leaders need to know and provides pointers to resources that can increase organizational preparedness.”
Finally, for training, I would point you to SANS SECURITY 508 course, System Forensics, Investigation & Response.
[...] « Forensic Resources Risks and Rewards [...]