Forensic Education Resources:: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
|||
Line 70: | Line 70: | ||
:[http://www.worldrg.com/ World Research Group - holders of training workshops on computer forensics.]<br> | :[http://www.worldrg.com/ World Research Group - holders of training workshops on computer forensics.]<br> | ||
<br> | <br> | ||
====Individual Home Pages==== | |||
:[http://www.computerforensicsworld.com Computer Forensics World - a community of professionals.] | |||
:[http://www.cs.georgetown.edu/~denning Dorothy Denning's home page - Georgetown InfoSec guru.]<br> | |||
:[http://all.net/ Fred Cohen's home page - a consultant's tools, talks, and idea on strategic intelligence.]<br> | |||
:[http://sun.soci.niu.edu/~crypt/ George Smith's Crypt newsletter - a self-styled computer security critic.]<br> | |||
:[http://www.computer-forensic-technician.com/ Nathan Smith's Computer Forensic Tech - another personal home page builder.]<br> | |||
:[http://www.spirit.com Rik Farrow's Spirit.com - ports, firewalls, and web server security advice.]<br> | |||
:[http://theory.lcs.mit.edu/~rivest/ Ron Rivest's home page - MIT's cryptography and security expert.]<br> | |||
:[http://www.genome.wi.mit.edu/WWW/faqs/ The WWW security FAQ - longtime Internet favorite.]<br> | |||
<br> | |||
====Publisher Websites==== | |||
:[http://www.ieee-security.org/ Cipher - the IEEE Computer Security newsletter.]<br> | |||
:[http://builder.cnet.com/webbuilding/pages/Servers/SecurityFixes/index.html CNet Builder Buzz: Server Insecurity - includes antihacker downloads.]<br> | |||
:[http://www.jbpub.com/cyberethics CyberEthics - website for the book.]<br> | |||
:[http://www.compseconline.com/digitalinvestigation/welcome.htm Digital Investigation - website for the journal with sample articles.]<br> | |||
:[http://www.ddj.com/ Dr. Dobb's Journal - sophisticated tech magazine for computer professionals.]<br> | |||
:[http://liinwww.ira.uka.de/bibliography/index.html Journal of Computer Security's CS database - searchable bibliographies.]<br> | |||
:[http://www.networkmagazine.com/ Network Magazine - sophisticated tech magazine for enterprise solutions.]<br> | |||
:[http://news.ists.dartmouth.edu/todaysnews.html Security in the News - excellent, up-to-date newsletter out of Dartmouth.]<br> | |||
:[http://www.scmagazine.com/ SC Magazine - largest circulating InfoSec magazine and its.]<br> | |||
:[http://www.infosecnews.com/ InfoSecurity News.]<br> | |||
:[http://www.securityfocus.com/ Security Focus Magazine - tracks vulnerabilities, bugs, glitches, and flaws.]<br> | |||
:[http://www.course.com/security Thomson Course Technology - InfoSec courseware and books.]<br> | |||
<br> | |||
====Specialized Resources==== | |||
=====Authentication Issues===== | |||
:[http://www.cni.org/projects/authentication/authentication-wp.html Granularity and Extensibility of Access Control - choosing a control scheme.]<br> | |||
:[http://web.mit.edu/kerberos/www/ Kerberos - the network authentication scheme explained.]<br> | |||
:[http://www.cjis.com/facebio.htm Facial Biometrics / Recognition - modern-day mugshots.]<br> | |||
:[http://www.biometricgroup.com/ International Biometric Group - an international focal point.]<br> | |||
:[http://www.biometrics.org The Biometric Consortium - a focal point for U.S. research and testing.]<br> | |||
:[http://www.cs.rug.nl:80/~peterkr/FACE/face.html The Face Recognition Home Page - tutorials and resources.]<br> | |||
<br> | |||
=====Encryption Issues===== | |||
:[http://www.murky.org/cryptography/index.shtml Beginner's Cryptography Page - keepers of the CryptRing.]<br> | |||
:[http://theory.lcs.mit.edu/~rivest/crypto-security.html Cryptography: Ron Rivest's MIT Site - pointers to other sites on the Web.]<br> | |||
:[http://world.std.com/~franl/crypto/cryptography.html Cryptography: The Study of Encryption - a comprehensive mega-site on encryption.]<br> | |||
:[http://www.gilc.org/crypto/crypto-survey.html Cryptography and Liberty - country-by-country policies on encryption.]<br> | |||
:[http://www.catalog.com/sft/encrypt.html Data Encryption Techniques- an overview for beginners.]<br> | |||
:[http://www.iacr.org/~iacr/ International Association for Cryptologic Research - a professional association.]<br> | |||
:[http://www.trusecure.com/ TruSecure - an information security assurance provider.]<br> | |||
:[http://www.zdnet.com/devhead/filters/0,9429,2133245,00.html ZDNet Developer - their Backend Security section.]<br> | |||
:[http://www.rsasecurity.com/ RSA Security - a major player in the crypto field.]<br> | |||
:[http://skip.incog.com/ IP Level Encryption - discussion of an emerging technology.]<br> | |||
<br> | |||
=====Hacking Issues===== | |||
:[http://www.2600.com/ 2600 Magazine - one of the oldest hacking news sites on the Net.]<br> | |||
:[http://www.antionline.com/ AntiOnline - hackers know your weaknesses, shouldn't you?.]<br> | |||
:[http://www.auditmypc.com AuditMyPC.com - free firewall tests and port scans.]<br> | |||
:[http://sun.soci.niu.edu/~cudigest/ Computer Undergroung Digest (Cu Digest)- a popular magazine during the 90s.]<br> | |||
:[http://www.digicrime.com/ Digicrime - a full service criminal computer hacking organization.]<br> | |||
:[http://www.insecure.org/sploits.html Fyodor's Exploit World - an archive of ALL the exploits.]<br> | |||
:[http://hackers.com Hackers.Com - live hacker chats and security tips.]<br> | |||
:[http://www.nmrc.org/ Nomad Mobile Research Centre - advisories, FAQs, and files.]<br> | |||
:[http://www.phrack.com Phrack Magazine - home page for the largest IRC group of hackers.]<br> | |||
:[http://www.rootshell.com Root Shell - UNIX-based resource links.]<br> | |||
<br> | |||
=====Infowarfare Issues===== | |||
:[http://cob.bloomu.edu/afundaburk/InfoSec/index.html Al Fundaburk's Infowarfare site - he used to work at NC Wesleyan.]<br> | |||
:[http://www.psycom.net/iwar.1.html Institute for Advanced Study of Information Warfare - as vicious-looking as it sounds.]<br> | |||
:[http://www.infowar.com/ Infowar.com - a store, museum, archive, and library all rolled into one.]<br> | |||
<br> | |||
=====Law and Legal isues===== | |||
:[http://www.law.berkeley.edu/journals/btlj/ Berkeley Journal of Computers and the Law - your basic law school journal.]<br> | |||
:[http://bailiwick.lib.uiowa.edu/webbuilder/copyright.html Copyright and Multimedia Law - a fascinating topic and website.]<br> | |||
:[http://cwis.kub.nl/~frw/people/koops/lawsurvy.htm Crypto Law Survey - a dissertation on the law enforcement problems of cryptography.]<br> | |||
:[http://www.ssrn.com/update/lsn/cyberspace/csl_menu.html Cyberspace Law - article abstracts viewable only.]<br> | |||
:[http://www.eff.org/ Electronic Frontier Foundation - a major player on cyberspace issues.]<br> | |||
:[http://www.cdt.org/crypto/index.html Government Crypto Policy - Center for Democracy and Technology.]<br> | |||
:[http://jolt.law.harvard.edu/ Harvard Journal of Law and Technology - some free stuff online.]<br> | |||
:[http://www.public-domain.org/database/database.html Proposals for regulating Public's right to use Databases - publicdomain.org.]<br> | |||
:[http://stlr.stanford.edu/STLR/Core_Page/index.htm Stanford Technology Law Review - cyberspace speech controversies.]<br> | |||
<br> | |||
=====Planning Issues===== | |||
:[http://www.alw.nih.gov/Security/security.html Computer Security Information and FAQ - helpful page from the NIH.]<br> | |||
:[http://www.netsurf.com/nsf/v01/01/nsf.01.01.html Netsurfer Focus on Computer Network Security - a magazine-like website.]<br> | |||
:[http://www.brown.edu/Research/Unix_Admin/cuisp Higher Education Security Policies-a survey.]<br> | |||
:[http://www.interpol.int/Public/TechnologyCrime/CrimePrev/companyChecklist.asp Interpol Computer Security Checklist - helpful advice from Interpol.]<br> | |||
:[http://web.mit.edu/security/www/iso1.htm MIT Information Security Office Web Page - sample policies to emulate.]<br> | |||
:[http://www.rubyan.com/ Network Engineering Mistakes - a free virtual seminar program.]<br> | |||
:[http://csrc.ncsl.nist.gov/ NIST Computer Security Resource Clearinghouse - a major website resource.]<br> | |||
:[http://www.sans.org/newlook/resources/policies/policies.htm SANS Model Computer Security Policies - free online tutorials.]<br> | |||
:[http://www-leland.stanford.edu/group/tdr-security/index.html Stanford University Information Security Office - a good many policies to sample.]<br> | |||
<br> | |||
=====Prevention Issues===== | |||
:[http://www.greatcircle.com/tutorials/bif.html Building Internet Firewalls Tutorial - Brent Chapman's one-day tutorial.]<br> | |||
:[http://security.ittoolbox.com/ IT Security Toolbox - a wealth of information and discussion groups.]<br> | |||
:[http://www.presinet.com/ PresiNET - an Internet management solutions company.]<br> | |||
:[http://www.zeuros.co.uk/firewall/ The Rotherwick Firewall Resource - UK site.]<br> | |||
:[http://www.networkintrusion.co.uk/ Talisker's Intrusion Detection Systems List - UK site.]<br> | |||
<br> | |||
=====Protocols and Standards Issues===== | |||
:[http://www.cert.dfn.de/eng/team/ske/pem-dok.html Comprehensive List of Public Key and Certificate Links- the PKI Page.]<br> | |||
:[http://www.addsecure.net/inform.htm CGSB Independent Audit Standard - an auditing service company.]<br> | |||
:[http://www.baselinesoft.com Baseline Software's Security Policies - a library of policies made easy.]<br> | |||
:[http://search.ietf.org/ Internet Engineering Task Force - discussion of IPSEC.]<br> | |||
:[http://www.itu.ch/itudoc/itu-t/rec/x/x500up/x509_27505.html International Telecommunication Union - X protocols.]<br> | |||
:[http://theory.lcs.mit.edu/~rivest/rfc1321.txt MD5 - MIT's working group on MD5 algorithm.]<br> | |||
:[http://www.imc.org/rfc2015 MIME Security with PGP - a request for comment paper.]<br> | |||
:[http://www.imc.org/rfc1991 PGP Message Exchange Formats - another request for comment paper.]<br> | |||
:[http://www.setco.org/set_specifications.html Secure Electronic Transactions- e-commerce merchandising protocols.]<br> | |||
<br> | |||
=====Virus Issues===== | |||
:[http://www.kumite.com/myths/ Computer Virus Myths - a beginner's guide to hoaxes and legends.]<br> | |||
:[http://www.metro.ch/avpve/ AVP Virus Encyclopaedia - a sophisticated classification encyclopedia.]<br> | |||
:[http://www.unt.edu/virus/ Computer Virus Information and Resources Page - at the Univ. of N. Texas.]<br> | |||
:[http://www.datafellows.fi/v-descs/ Datafellows (F-Prot) Virus Database Page - the F-Secure virus info center.]<br> | |||
:[http://www.safersite.com/ SaferSite - makers of Pest Patrol, which cleans up remnants of virii.]<br> | |||
:[http://www.antivirus.com/vinfo/ Trend Micro Antivirus Page-the Trend (PC-cillin) virus info center.]<br> | |||
:[http://www.gocsi.com/scripts/redirect.pl?:[http://www.virusbtn.com Virus Bulletin - an online journal with wildlists of who found what.]<br> | |||
:[http://www.wildlist.org/ WildList - more up-to-date collection of wildlists.]<br> | |||
:[http://www.viruslist.com Viruslist.com<font size="3 -an encyclopedia/news site in Russian and English.]<br> | |||
<br> | |||
=====Vulnerability Issues===== | |||
:[http://www.cert.org/ CERT/CC Top Ten List of Exploits - advisories and incident notes.]<br> | |||
:[http://cve.mitre.org/ Common Vulnerabilities and Exposures - definitions and examples of both.]<br> | |||
:[http://www.securityfocus.com/ Security Focus - home of Bugtraq and a library of articles.]<br> | |||
:[http://www.itsecurity.com/defaultie5.htm The Encyclopedia of Computer Security - more than just a glossary, tutorials too.]<br> |
Revision as of 17:14, 2 April 2007
INTERNET RESOURCES FOR COMPUTER FORENSICS
GENERAL RESOURCES
Educational Sites
- CARIS - Center for Advanced Research in InfoSec at University of Illinois.
- CERIAS - Purdue's Center for Education & Research in Information Assurance Security
- CERT - Carnegie Mellon's Coordination Center for Internet Security Expertise.
- Center for Computer Communications Security - also at Carnegie Mellon.
- Critical Infrastructure Project - joint project of George Mason and James Madison U.
- CISSP Certification - online study guides available.
- Colleges with Courses in Digital/Computer Forensics - from E-Evidence Info Center.
- Complete List of College Crypto and Security Courses - for U.S. and worldwide.
- Dartmouth College ISTS - Institute for Security Technology Studies.
- George Mason University.
- GMU Technology Law - an InfoSec Center think tank.
- George Washington University - Off-programs related to InfoSec.
- Georgia Tech Information Security Center - College of Computing and Info Security Center.
- Institute for Information Infrastructure Protection - a consortium group at Dartmouth.
- Indiana Univ. of PA - Center of Excellence in Information Assurance.
- Institute of Police Technology - popular Florida courses in computer crime investigation.
- ISS advICE - database on infosec and anti-hacker techniques.
- ITLabsOnline - helpful resources found here.
- John Hopkins Security Informatics Institute - an industry-academe partnership.
- Kennesaw State Cybercrime Institute - SCI Southeast Cybercrime Institute.
- MIT Lab for Computer Science Ron Rivest's Group - InfoSec and Cryptography Pages.
- National Defense University - their many Centers on Information and Technology.
- New York University Institute for Civil Infrastructure Systems - joint project with Cornell et. al.
- Oregon State Information Security Laboratory - College of Computing, Math, and Engineering.
- Univ. of California Davis - Computer Security Laboratory.
- UNC-Charlotte IT course offerings - in security, privacy, and other topics.
- Univ. of Tulsa - Center for Information Security.
Government Sites
- CERT (Computer Emergency Readiness Team) - coordinates attacks against the nation.
- CIAO (Critical Infrastructure Assurance Office) - coordinates top twenty list of vulnerabilities.
- DISA (Defense Information Systems Agency) - Air Force, Army, Navy IS.
- DOJ Cybercrime Bureau - a department of Justice website with a kid's page.
- EC InfoSec home page - European Commission InfoSec site.
- FedCIRC - great source for incident notes and intrusion detection tips.
- FBI - the Federal Bureau of Investigation.
- InterPol - their Technocrime Prevention page, with checklist.
- Lawrence Livermore National Laboratory - cutting edge research in energy science.
- Los Alamos National Laboratory - futuristic applied research.
- NIPC (National Infrastructure Protection Center) - Infraguard and where most incidents reported.
- Pacific Northwest National Laboratory - technological innovation.
- GAO Cyber-Security Assessments - yearly risk assessments in pdf and htm format.
- NIH Center for Security Information - includes advisories and other links.
- NIST Computer Security Division and CSRC - Department of Commerce sites.
- NPS CISR - Navy Postgraduate School Center for InfoSec Research.
- Office of Homeland Security - America's newest cabinet level agency.
- Sandia National Laboratory - emerging technologies that respond to national security threats.
- White House National Strategy to Secure Cyberspace - the official strategy of the U.S.
Industrial, Organization, or Private Sector Sites
- CVE - Common Vulnerabilities and Exposures.
- Computer Security Institute - a professional association that holds conferences.
- CyberSecurity Institute - a buisiness site listing core competencies in computer forensics.
- E-Evidence Info - big list of links in computer forensics.
- FIRST - a Forum of government, business, and academic incident responders.
- Forensics NL - big list of computer forensics and cybercrime resources.
- Infosyssec: The Security Portal for IT Professionals - a private think tank.
- Jane's Information Group/Security Section - focus on terrorism and information technology.
- Microsoft Research - innovations in a variety of mathematically possible ways.
- Microsoft Technet - be sure to see the Security Bulletins and Support Knowledge Base.
- MIS Training Institute - provides courses and more in Audit and Information Security training.
- Mitretek Systems - a well-known think tank in criminal justice engineering.
- National Security Institute - provider with a lot of educational resources online.
- NIST List of Computer Security Organizations - professional associations and conferences.
- RAND Corporation - a well known think tank in public policy.
- SANS Institute - perhaps the premiere cyber-defense institute; intrusion detection specialists.
- World Research Group - holders of training workshops on computer forensics.
Individual Home Pages
- Computer Forensics World - a community of professionals.
- Dorothy Denning's home page - Georgetown InfoSec guru.
- Fred Cohen's home page - a consultant's tools, talks, and idea on strategic intelligence.
- George Smith's Crypt newsletter - a self-styled computer security critic.
- Nathan Smith's Computer Forensic Tech - another personal home page builder.
- Rik Farrow's Spirit.com - ports, firewalls, and web server security advice.
- Ron Rivest's home page - MIT's cryptography and security expert.
- The WWW security FAQ - longtime Internet favorite.
Publisher Websites
- Cipher - the IEEE Computer Security newsletter.
- CNet Builder Buzz: Server Insecurity - includes antihacker downloads.
- CyberEthics - website for the book.
- Digital Investigation - website for the journal with sample articles.
- Dr. Dobb's Journal - sophisticated tech magazine for computer professionals.
- Journal of Computer Security's CS database - searchable bibliographies.
- Network Magazine - sophisticated tech magazine for enterprise solutions.
- Security in the News - excellent, up-to-date newsletter out of Dartmouth.
- SC Magazine - largest circulating InfoSec magazine and its.
- InfoSecurity News.
- Security Focus Magazine - tracks vulnerabilities, bugs, glitches, and flaws.
- Thomson Course Technology - InfoSec courseware and books.
Specialized Resources
Authentication Issues
- Granularity and Extensibility of Access Control - choosing a control scheme.
- Kerberos - the network authentication scheme explained.
- Facial Biometrics / Recognition - modern-day mugshots.
- International Biometric Group - an international focal point.
- The Biometric Consortium - a focal point for U.S. research and testing.
- The Face Recognition Home Page - tutorials and resources.
Encryption Issues
- Beginner's Cryptography Page - keepers of the CryptRing.
- Cryptography: Ron Rivest's MIT Site - pointers to other sites on the Web.
- Cryptography: The Study of Encryption - a comprehensive mega-site on encryption.
- Cryptography and Liberty - country-by-country policies on encryption.
- Data Encryption Techniques- an overview for beginners.
- International Association for Cryptologic Research - a professional association.
- TruSecure - an information security assurance provider.
- ZDNet Developer - their Backend Security section.
- RSA Security - a major player in the crypto field.
- IP Level Encryption - discussion of an emerging technology.
Hacking Issues
- 2600 Magazine - one of the oldest hacking news sites on the Net.
- AntiOnline - hackers know your weaknesses, shouldn't you?.
- AuditMyPC.com - free firewall tests and port scans.
- Computer Undergroung Digest (Cu Digest)- a popular magazine during the 90s.
- Digicrime - a full service criminal computer hacking organization.
- Fyodor's Exploit World - an archive of ALL the exploits.
- Hackers.Com - live hacker chats and security tips.
- Nomad Mobile Research Centre - advisories, FAQs, and files.
- Phrack Magazine - home page for the largest IRC group of hackers.
- Root Shell - UNIX-based resource links.
Infowarfare Issues
- Al Fundaburk's Infowarfare site - he used to work at NC Wesleyan.
- Institute for Advanced Study of Information Warfare - as vicious-looking as it sounds.
- Infowar.com - a store, museum, archive, and library all rolled into one.
Law and Legal isues
- Berkeley Journal of Computers and the Law - your basic law school journal.
- Copyright and Multimedia Law - a fascinating topic and website.
- Crypto Law Survey - a dissertation on the law enforcement problems of cryptography.
- Cyberspace Law - article abstracts viewable only.
- Electronic Frontier Foundation - a major player on cyberspace issues.
- Government Crypto Policy - Center for Democracy and Technology.
- Harvard Journal of Law and Technology - some free stuff online.
- Proposals for regulating Public's right to use Databases - publicdomain.org.
- Stanford Technology Law Review - cyberspace speech controversies.
Planning Issues
- Computer Security Information and FAQ - helpful page from the NIH.
- Netsurfer Focus on Computer Network Security - a magazine-like website.
- Higher Education Security Policies-a survey.
- Interpol Computer Security Checklist - helpful advice from Interpol.
- MIT Information Security Office Web Page - sample policies to emulate.
- Network Engineering Mistakes - a free virtual seminar program.
- NIST Computer Security Resource Clearinghouse - a major website resource.
- SANS Model Computer Security Policies - free online tutorials.
- Stanford University Information Security Office - a good many policies to sample.
Prevention Issues
- Building Internet Firewalls Tutorial - Brent Chapman's one-day tutorial.
- IT Security Toolbox - a wealth of information and discussion groups.
- PresiNET - an Internet management solutions company.
- The Rotherwick Firewall Resource - UK site.
- Talisker's Intrusion Detection Systems List - UK site.
Protocols and Standards Issues
- Comprehensive List of Public Key and Certificate Links- the PKI Page.
- CGSB Independent Audit Standard - an auditing service company.
- Baseline Software's Security Policies - a library of policies made easy.
- Internet Engineering Task Force - discussion of IPSEC.
- International Telecommunication Union - X protocols.
- MD5 - MIT's working group on MD5 algorithm.
- MIME Security with PGP - a request for comment paper.
- PGP Message Exchange Formats - another request for comment paper.
- Secure Electronic Transactions- e-commerce merchandising protocols.
Virus Issues
- Computer Virus Myths - a beginner's guide to hoaxes and legends.
- AVP Virus Encyclopaedia - a sophisticated classification encyclopedia.
- Computer Virus Information and Resources Page - at the Univ. of N. Texas.
- Datafellows (F-Prot) Virus Database Page - the F-Secure virus info center.
- SaferSite - makers of Pest Patrol, which cleans up remnants of virii.
- Trend Micro Antivirus Page-the Trend (PC-cillin) virus info center.
- [http://www.virusbtn.com Virus Bulletin - an online journal with wildlists of who found what.
- WildList - more up-to-date collection of wildlists.
- Viruslist.com<font size="3 -an encyclopedia/news site in Russian and English.