Forensic Education Resources:: Difference between revisions

INTERNET RESOURCES FOR COMPUTER FORENSICS

GENERAL RESOURCES

Educational Sites

CARIS - Center for Advanced Research in InfoSec at University of Illinois.

CERIAS - Purdue's Center for Education & Research in Information Assurance Security

CERT - Carnegie Mellon's Coordination Center for Internet Security Expertise.

Center for Computer Communications Security - also at Carnegie Mellon.

Critical Infrastructure Project - joint project of George Mason and James Madison U.

CISSP Certification - online study guides available.

Colleges with Courses in Digital/Computer Forensics - from E-Evidence Info Center.

Complete List of College Crypto and Security Courses - for U.S. and worldwide.

Dartmouth College ISTS - Institute for Security Technology Studies.

George Mason University.

GMU Technology Law - an InfoSec Center think tank.

George Washington University - Off-programs related to InfoSec.

Georgia Tech Information Security Center - College of Computing and Info Security Center.

Institute for Information Infrastructure Protection - a consortium group at Dartmouth.

Indiana Univ. of PA - Center of Excellence in Information Assurance.

Institute of Police Technology - popular Florida courses in computer crime investigation.

ISS advICE - database on infosec and anti-hacker techniques.

ITLabsOnline - helpful resources found here.

John Hopkins Security Informatics Institute - an industry-academe partnership.

Kennesaw State Cybercrime Institute - SCI Southeast Cybercrime Institute.

MIT Lab for Computer Science Ron Rivest's Group - InfoSec and Cryptography Pages.

National Defense University - their many Centers on Information and Technology.

New York University Institute for Civil Infrastructure Systems - joint project with Cornell et. al.

Oregon State Information Security Laboratory - College of Computing, Math, and Engineering.

Univ. of California Davis - Computer Security Laboratory.

UNC-Charlotte IT course offerings - in security, privacy, and other topics.

Univ. of Tulsa - Center for Information Security.

Government Sites

CERT (Computer Emergency Readiness Team) - coordinates attacks against the nation.

CIAO (Critical Infrastructure Assurance Office) - coordinates top twenty list of vulnerabilities.

DISA (Defense Information Systems Agency) - Air Force, Army, Navy IS.

DOJ Cybercrime Bureau - a department of Justice website with a kid's page.

EC InfoSec home page - European Commission InfoSec site.

FedCIRC - great source for incident notes and intrusion detection tips.

FBI - the Federal Bureau of Investigation.

InterPol - their Technocrime Prevention page, with checklist.

Lawrence Livermore National Laboratory - cutting edge research in energy science.

Los Alamos National Laboratory - futuristic applied research.

NIPC (National Infrastructure Protection Center) - Infraguard and where most incidents reported.

Pacific Northwest National Laboratory - technological innovation.

GAO Cyber-Security Assessments - yearly risk assessments in pdf and htm format.

NIH Center for Security Information - includes advisories and other links.

NIST Computer Security Division and CSRC - Department of Commerce sites.

NPS CISR - Navy Postgraduate School Center for InfoSec Research.

Office of Homeland Security - America's newest cabinet level agency.

Sandia National Laboratory - emerging technologies that respond to national security threats.

White House National Strategy to Secure Cyberspace - the official strategy of the U.S.

Industrial, Organization, or Private Sector Sites

CVE - Common Vulnerabilities and Exposures.

Computer Security Institute - a professional association that holds conferences.

CyberSecurity Institute - a buisiness site listing core competencies in computer forensics.

E-Evidence Info - big list of links in computer forensics.

FIRST - a Forum of government, business, and academic incident responders.

Forensics NL - big list of computer forensics and cybercrime resources.

Infosyssec: The Security Portal for IT Professionals - a private think tank.

Jane's Information Group/Security Section - focus on terrorism and information technology.

Microsoft Research - innovations in a variety of mathematically possible ways.

Microsoft Technet - be sure to see the Security Bulletins and Support Knowledge Base.

MIS Training Institute - provides courses and more in Audit and Information Security training.

Mitretek Systems - a well-known think tank in criminal justice engineering.

National Security Institute - provider with a lot of educational resources online.

NIST List of Computer Security Organizations - professional associations and conferences.

RAND Corporation - a well known think tank in public policy.

SANS Institute - perhaps the premiere cyber-defense institute; intrusion detection specialists.

World Research Group - holders of training workshops on computer forensics.

Individual Home Pages

Computer Forensics World - a community of professionals.

Dorothy Denning's home page - Georgetown InfoSec guru.

Fred Cohen's home page - a consultant's tools, talks, and idea on strategic intelligence.

George Smith's Crypt newsletter - a self-styled computer security critic.

Nathan Smith's Computer Forensic Tech - another personal home page builder.

Rik Farrow's Spirit.com - ports, firewalls, and web server security advice.

Ron Rivest's home page - MIT's cryptography and security expert.

The WWW security FAQ - longtime Internet favorite.

Publisher Websites

Cipher - the IEEE Computer Security newsletter.

CNet Builder Buzz: Server Insecurity - includes antihacker downloads.

CyberEthics - website for the book.

Digital Investigation - website for the journal with sample articles.

Dr. Dobb's Journal - sophisticated tech magazine for computer professionals.

Journal of Computer Security's CS database - searchable bibliographies.

Network Magazine - sophisticated tech magazine for enterprise solutions.

Security in the News - excellent, up-to-date newsletter out of Dartmouth.

SC Magazine - largest circulating InfoSec magazine and its.

InfoSecurity News.

Security Focus Magazine - tracks vulnerabilities, bugs, glitches, and flaws.

Thomson Course Technology - InfoSec courseware and books.

Specialized Resources

Authentication Issues

Granularity and Extensibility of Access Control - choosing a control scheme.

Kerberos - the network authentication scheme explained.

Facial Biometrics / Recognition - modern-day mugshots.

International Biometric Group - an international focal point.

The Biometric Consortium - a focal point for U.S. research and testing.

The Face Recognition Home Page - tutorials and resources.

Encryption Issues

Beginner's Cryptography Page - keepers of the CryptRing.

Cryptography: Ron Rivest's MIT Site - pointers to other sites on the Web.

Cryptography: The Study of Encryption - a comprehensive mega-site on encryption.

Cryptography and Liberty - country-by-country policies on encryption.

Data Encryption Techniques- an overview for beginners.

International Association for Cryptologic Research - a professional association.

TruSecure - an information security assurance provider.

ZDNet Developer - their Backend Security section.

RSA Security - a major player in the crypto field.

IP Level Encryption - discussion of an emerging technology.

Hacking Issues

2600 Magazine - one of the oldest hacking news sites on the Net.

AntiOnline - hackers know your weaknesses, shouldn't you?.

AuditMyPC.com - free firewall tests and port scans.

Computer Undergroung Digest (Cu Digest)- a popular magazine during the 90s.

Digicrime - a full service criminal computer hacking organization.

Fyodor's Exploit World - an archive of ALL the exploits.

Hackers.Com - live hacker chats and security tips.

Nomad Mobile Research Centre - advisories, FAQs, and files.

Phrack Magazine - home page for the largest IRC group of hackers.

Root Shell - UNIX-based resource links.

Infowarfare Issues

Al Fundaburk's Infowarfare site - he used to work at NC Wesleyan.

Institute for Advanced Study of Information Warfare - as vicious-looking as it sounds.

Infowar.com - a store, museum, archive, and library all rolled into one.

Law and Legal isues

Berkeley Journal of Computers and the Law - your basic law school journal.

Copyright and Multimedia Law - a fascinating topic and website.

Crypto Law Survey - a dissertation on the law enforcement problems of cryptography.

Cyberspace Law - article abstracts viewable only.

Electronic Frontier Foundation - a major player on cyberspace issues.

Government Crypto Policy - Center for Democracy and Technology.

Harvard Journal of Law and Technology - some free stuff online.

Proposals for regulating Public's right to use Databases - publicdomain.org.

Stanford Technology Law Review - cyberspace speech controversies.

Planning Issues

Computer Security Information and FAQ - helpful page from the NIH.

Netsurfer Focus on Computer Network Security - a magazine-like website.

Higher Education Security Policies-a survey.

Interpol Computer Security Checklist - helpful advice from Interpol.

MIT Information Security Office Web Page - sample policies to emulate.

Network Engineering Mistakes - a free virtual seminar program.

NIST Computer Security Resource Clearinghouse - a major website resource.

SANS Model Computer Security Policies - free online tutorials.

Stanford University Information Security Office - a good many policies to sample.

Prevention Issues

Building Internet Firewalls Tutorial - Brent Chapman's one-day tutorial.

IT Security Toolbox - a wealth of information and discussion groups.

PresiNET - an Internet management solutions company.

The Rotherwick Firewall Resource - UK site.

Talisker's Intrusion Detection Systems List - UK site.

Protocols and Standards Issues

Comprehensive List of Public Key and Certificate Links- the PKI Page.

CGSB Independent Audit Standard - an auditing service company.

Baseline Software's Security Policies - a library of policies made easy.

Internet Engineering Task Force - discussion of IPSEC.

International Telecommunication Union - X protocols.

MD5 - MIT's working group on MD5 algorithm.

MIME Security with PGP - a request for comment paper.

PGP Message Exchange Formats - another request for comment paper.

Secure Electronic Transactions- e-commerce merchandising protocols.

Virus Issues

Computer Virus Myths - a beginner's guide to hoaxes and legends.

AVP Virus Encyclopaedia - a sophisticated classification encyclopedia.

Computer Virus Information and Resources Page - at the Univ. of N. Texas.

Datafellows (F-Prot) Virus Database Page - the F-Secure virus info center.

SaferSite - makers of Pest Patrol, which cleans up remnants of virii.

Trend Micro Antivirus Page-the Trend (PC-cillin) virus info center.

[http://www.virusbtn.com Virus Bulletin - an online journal with wildlists of who found what.

WildList - more up-to-date collection of wildlists.

Viruslist.com<font size="3 -an encyclopedia/news site in Russian and English.

Vulnerability Issues

CERT/CC Top Ten List of Exploits - advisories and incident notes.

Common Vulnerabilities and Exposures - definitions and examples of both.

Security Focus - home of Bugtraq and a library of articles.

The Encyclopedia of Computer Security - more than just a glossary, tutorials too.