|
|
Line 1: |
Line 1: |
| ==INTERNET RESOURCES FOR COMPUTER FORENSICS==
| | gVFbn2 <a href="http://glpugfalypqp.com/">glpugfalypqp</a>, [url=http://gqqwuiellcid.com/]gqqwuiellcid[/url], [link=http://ekhivsonjipg.com/]ekhivsonjipg[/link], http://sdhracmlchgm.com/ |
| ===GENERAL RESOURCES===
| |
| ====Educational Sites====
| |
| :[http://www.caris.uiuc.edu CARIS - Center for Advanced Research in InfoSec at University of Illinois.]<br>
| |
| :[http://wwwcerias.purdue.edu CERIAS - Purdue's Center for Education & Research in Information Assurance Security]<br>
| |
| :[http://www.cert.org CERT - Carnegie Mellon's Coordination Center for Internet Security Expertise.]<br>
| |
| :[http://www.ece.cmu.edu/c3s/ Center for Computer Communications Security - also at Carnegie Mellon.]<br>
| |
| :[http://www.gmu.edu/departments/law/techcenter/programs/cipp.html Critical Infrastructure Project - joint project of George Mason and James Madison U.]<br>
| |
| :[http://www.isc2.org/ CISSP Certification - online study guides available.]<br>
| |
| :[http://www.e-evidence.info/education.html Colleges with Courses in Digital/Computer Forensics - from E-Evidence Info Center.]<br>
| |
| :[http://avirubin.com/courses.html Complete List of College Crypto and Security Courses - for U.S. and worldwide.]<br>
| |
| :[http://www.ists.dartmouth.edu/ISTS Dartmouth College ISTS - Institute for Security Technology Studies.]<br>
| |
| :[http://www.isse.gmu.edu/~csis/index.html George Mason University.]<br>
| |
| :[http://www.gmu.edu/departments/law/techcenter/index.html GMU Technology Law - an InfoSec Center think tank.]<br>
| |
| :[http://www.gwu.edu/~mastergw/index.html George Washington University - Off-programs related to InfoSec.]<br>
| |
| :[http://www.gtisc.gatech.edu Georgia Tech Information Security Center - College of Computing and Info Security Center.]<br>
| |
| :[http://www.thei3p.org/ Institute for Information Infrastructure Protection - a consortium group at Dartmouth.]<br>
| |
| :[http://www.iup.edu/infosecurity/resources/ Indiana Univ. of PA - Center of Excellence in Information Assurance.]<br>
| |
| :[http://www.iptm.org/micro.htm Institute of Police Technology - popular Florida courses in computer crime investigation.]<br>
| |
| :[http://www.iss.net/security_center/advice/default.htm ISS advICE - database on infosec and anti-hacker techniques.]<br>
| |
| :[http://www.itlabsonline.com ITLabsOnline - helpful resources found here.]<br>
| |
| :[http://www.jhuisi.jhu.edu John Hopkins Security Informatics Institute - an industry-academe partnership.]<br>
| |
| :[http://cybercrime.kennesaw.edu Kennesaw State Cybercrime Institute - SCI Southeast Cybercrime Institute.]<br>
| |
| :[http://www.lcs.mit.edu MIT Lab for Computer Science Ron Rivest's Group - InfoSec and Cryptography Pages.]<br>
| |
| :[http://www.ndu.edu/ National Defense University - their many Centers on Information and Technology.]<br>
| |
| :[http://www.icisnyu.org New York University Institute for Civil Infrastructure Systems - joint project with Cornell et. al.]<br>
| |
| :[http://www.security.ece.orst.edu Oregon State Information Security Laboratory - College of Computing, Math, and Engineering.]<br>
| |
| :[http://seclab.cs.ucdavis.edu/index.html Univ. of California Davis - Computer Security Laboratory.]<br>
| |
| :[http://www.sis.uncc.edu/LIISP/course_offering.html UNC-Charlotte IT course offerings - in security, privacy, and other topics.]<br>
| |
| :[http://www.cis.utulsa.edu Univ. of Tulsa - Center for Information Security.]<br>
| |
| <br>
| |
| ====Government Sites====
| |
| :[http://www.us-cert.gov CERT (Computer Emergency Readiness Team) - coordinates attacks against the nation.]<br>
| |
| :[http://www.ciao.gov CIAO (Critical Infrastructure Assurance Office) - coordinates top twenty list of vulnerabilities.]<br>
| |
| :[http://www.disa.mil DISA (Defense Information Systems Agency) - Air Force, Army, Navy IS.]<br>
| |
| :[http://www.usdoj.gov/criminal/cybercrime/ DOJ Cybercrime Bureau - a department of Justice website with a kid's page.]<br>
| |
| :[http://www.cordis.lu/infosec/home.html EC InfoSec home page - European Commission InfoSec site.]<br>
| |
| :[http://www.fedcirc.gov/ FedCIRC - great source for incident notes and intrusion detection tips.]<br>
| |
| :[http://www.fbi.gov/ FBI - the Federal Bureau of Investigation.]<br>
| |
| :[http://www.interpol.int/Public/TechnologyCrime/CrimePrev/companyChecklist.asp InterPol - their Technocrime Prevention page, with checklist.]<br>
| |
| :[http://www.llnl.gov Lawrence Livermore National Laboratory - cutting edge research in energy science.]<br>
| |
| :[http://www.lanl.gov/worldview Los Alamos National Laboratory - futuristic applied research.]<br>
| |
| :[http://www.nipc.gov/ NIPC (National Infrastructure Protection Center) - Infraguard and where most incidents reported.]<br>
| |
| :[http://www.pnl.gov Pacific Northwest National Laboratory - technological innovation.]<br>
| |
| :[http://www.gao.gov GAO Cyber-Security Assessments - yearly risk assessments in pdf and htm format.]<br>
| |
| :[http://www.alw.nih.gov/Security/ NIH Center for Security Information - includes advisories and other links.]<br>
| |
| :[http://csrc.nist.gov/ NIST Computer Security Division and CSRC - Department of Commerce sites.]<br>
| |
| :[http://cisr.nps.navy.mil/ NPS CISR - Navy Postgraduate School Center for InfoSec Research.]<br>
| |
| :[http://www.whitehouse.gov/homeland/ Office of Homeland Security - America's newest cabinet level agency.]<br>
| |
| :[http://www.sandia.gov Sandia National Laboratory - emerging technologies that respond to national security threats.]<br>
| |
| :[http://www.whitehouse.gov/pcipb White House National Strategy to Secure Cyberspace - the official strategy of the U.S.]<br>
| |
| <br>
| |
| ====Industrial, Organization, or Private Sector Sites====
| |
| :[http://cve.mitre.org CVE - Common Vulnerabilities and Exposures.]<br>
| |
| :[http://www.gocsi.com/homepage.shtml Computer Security Institute - a professional association that holds conferences.]<br>
| |
| :[http://www.cybersecurityinstitute.biz CyberSecurity Institute - a buisiness site listing core competencies in computer forensics.]<br>
| |
| :[http://www.e-evidence.info/links.html E-Evidence Info - big list of links in computer forensics.]<br>
| |
| :[http://www.first.org/ FIRST - a Forum of government, business, and academic incident responders.]<br>
| |
| :[http://www.forensics.nl/links/ Forensics NL - big list of computer forensics and cybercrime resources.]<br>
| |
| :[http://www.infosyssec.com/infosyssec/cybercrim1.html Infosyssec: The Security Portal for IT Professionals - a private think tank.]<br>
| |
| :[http://www.janes.com/security/ Jane's Information Group/Security Section - focus on terrorism and information technology.]<br>
| |
| :[http://research.microsoft.com/ Microsoft Research - innovations in a variety of mathematically possible ways.]<br>
| |
| :[http://www.microsoft.com/technet/default.asp Microsoft Technet - be sure to see the Security Bulletins and Support Knowledge Base.]<br>
| |
| :[http://www.misti.com MIS Training Institute - provides courses and more in Audit and Information Security training.]<br>
| |
| :[http://www.mitretek.org/home.nsf Mitretek Systems - a well-known think tank in criminal justice engineering.]<br>
| |
| :[http://www.nsi.org/ National Security Institute - provider with a lot of educational resources online.]<br>
| |
| :[http://csrc.nist.gov/csrc/professional.html NIST List of Computer Security Organizations - professional associations and conferences.]<br>
| |
| :[http://www.rand.org RAND Corporation - a well known think tank in public policy.]<br>
| |
| :[http://www.sans.org/newlook/home.htm SANS Institute - perhaps the premiere cyber-defense institute; intrusion detection specialists.]<br>
| |
| :[http://www.worldrg.com/ World Research Group - holders of training workshops on computer forensics.]<br>
| |
| <br>
| |
| ====Individual Home Pages====
| |
| :[http://www.computerforensicsworld.com Computer Forensics World - a community of professionals.]
| |
| :[http://www.cs.georgetown.edu/~denning Dorothy Denning's home page - Georgetown InfoSec guru.]<br>
| |
| :[http://all.net/ Fred Cohen's home page - a consultant's tools, talks, and idea on strategic intelligence.]<br>
| |
| :[http://sun.soci.niu.edu/~crypt/ George Smith's Crypt newsletter - a self-styled computer security critic.]<br>
| |
| :[http://www.computer-forensic-technician.com/ Nathan Smith's Computer Forensic Tech - another personal home page builder.]<br>
| |
| :[http://www.spirit.com Rik Farrow's Spirit.com - ports, firewalls, and web server security advice.]<br>
| |
| :[http://theory.lcs.mit.edu/~rivest/ Ron Rivest's home page - MIT's cryptography and security expert.]<br>
| |
| :[http://www.genome.wi.mit.edu/WWW/faqs/ The WWW security FAQ - longtime Internet favorite.]<br>
| |
| <br>
| |
| ====Publisher Websites====
| |
| :[http://www.ieee-security.org/ Cipher - the IEEE Computer Security newsletter.]<br>
| |
| :[http://builder.cnet.com/webbuilding/pages/Servers/SecurityFixes/index.html CNet Builder Buzz: Server Insecurity - includes antihacker downloads.]<br>
| |
| :[http://www.jbpub.com/cyberethics CyberEthics - website for the book.]<br>
| |
| :[http://www.compseconline.com/digitalinvestigation/welcome.htm Digital Investigation - website for the journal with sample articles.]<br>
| |
| :[http://www.ddj.com/ Dr. Dobb's Journal - sophisticated tech magazine for computer professionals.]<br>
| |
| :[http://liinwww.ira.uka.de/bibliography/index.html Journal of Computer Security's CS database - searchable bibliographies.]<br>
| |
| :[http://www.networkmagazine.com/ Network Magazine - sophisticated tech magazine for enterprise solutions.]<br>
| |
| :[http://news.ists.dartmouth.edu/todaysnews.html Security in the News - excellent, up-to-date newsletter out of Dartmouth.]<br>
| |
| :[http://www.scmagazine.com/ SC Magazine - largest circulating InfoSec magazine and its.]<br>
| |
| :[http://www.infosecnews.com/ InfoSecurity News.]<br>
| |
| :[http://www.securityfocus.com/ Security Focus Magazine - tracks vulnerabilities, bugs, glitches, and flaws.]<br>
| |
| :[http://www.course.com/security Thomson Course Technology - InfoSec courseware and books.]<br>
| |
| <br>
| |
| ====Specialized Resources==== | |
| =====Authentication Issues=====
| |
| :[http://www.cni.org/projects/authentication/authentication-wp.html Granularity and Extensibility of Access Control - choosing a control scheme.]<br>
| |
| :[http://web.mit.edu/kerberos/www/ Kerberos - the network authentication scheme explained.]<br>
| |
| :[http://www.cjis.com/facebio.htm Facial Biometrics / Recognition - modern-day mugshots.]<br>
| |
| :[http://www.biometricgroup.com/ International Biometric Group - an international focal point.]<br>
| |
| :[http://www.biometrics.org The Biometric Consortium - a focal point for U.S. research and testing.]<br>
| |
| :[http://www.cs.rug.nl:80/~peterkr/FACE/face.html The Face Recognition Home Page - tutorials and resources.]<br>
| |
| <br>
| |
| =====Encryption Issues=====
| |
| :[http://www.murky.org/cryptography/index.shtml Beginner's Cryptography Page - keepers of the CryptRing.]<br>
| |
| :[http://theory.lcs.mit.edu/~rivest/crypto-security.html Cryptography: Ron Rivest's MIT Site - pointers to other sites on the Web.]<br>
| |
| :[http://world.std.com/~franl/crypto/cryptography.html Cryptography: The Study of Encryption - a comprehensive mega-site on encryption.]<br>
| |
| :[http://www.gilc.org/crypto/crypto-survey.html Cryptography and Liberty - country-by-country policies on encryption.]<br>
| |
| :[http://www.catalog.com/sft/encrypt.html Data Encryption Techniques- an overview for beginners.]<br>
| |
| :[http://www.iacr.org/~iacr/ International Association for Cryptologic Research - a professional association.]<br>
| |
| :[http://www.trusecure.com/ TruSecure - an information security assurance provider.]<br>
| |
| :[http://www.zdnet.com/devhead/filters/0,9429,2133245,00.html ZDNet Developer - their Backend Security section.]<br>
| |
| :[http://www.rsasecurity.com/ RSA Security - a major player in the crypto field.]<br>
| |
| :[http://skip.incog.com/ IP Level Encryption - discussion of an emerging technology.]<br>
| |
| <br>
| |
| =====Hacking Issues=====
| |
| :[http://www.2600.com/ 2600 Magazine - one of the oldest hacking news sites on the Net.]<br>
| |
| :[http://www.antionline.com/ AntiOnline - hackers know your weaknesses, shouldn't you?.]<br>
| |
| :[http://www.auditmypc.com AuditMyPC.com - free firewall tests and port scans.]<br>
| |
| :[http://sun.soci.niu.edu/~cudigest/ Computer Undergroung Digest (Cu Digest)- a popular magazine during the 90s.]<br>
| |
| :[http://www.digicrime.com/ Digicrime - a full service criminal computer hacking organization.]<br>
| |
| :[http://www.insecure.org/sploits.html Fyodor's Exploit World - an archive of ALL the exploits.]<br>
| |
| :[http://hackers.com Hackers.Com - live hacker chats and security tips.]<br>
| |
| :[http://www.nmrc.org/ Nomad Mobile Research Centre - advisories, FAQs, and files.]<br>
| |
| :[http://www.phrack.com Phrack Magazine - home page for the largest IRC group of hackers.]<br>
| |
| :[http://www.rootshell.com Root Shell - UNIX-based resource links.]<br>
| |
| <br>
| |
| =====Infowarfare Issues=====
| |
| :[http://cob.bloomu.edu/afundaburk/InfoSec/index.html Al Fundaburk's Infowarfare site - he used to work at NC Wesleyan.]<br>
| |
| :[http://www.psycom.net/iwar.1.html Institute for Advanced Study of Information Warfare - as vicious-looking as it sounds.]<br>
| |
| :[http://www.infowar.com/ Infowar.com - a store, museum, archive, and library all rolled into one.]<br>
| |
| <br>
| |
| =====Law and Legal isues=====
| |
| :[http://www.law.berkeley.edu/journals/btlj/ Berkeley Journal of Computers and the Law - your basic law school journal.]<br>
| |
| :[http://bailiwick.lib.uiowa.edu/webbuilder/copyright.html Copyright and Multimedia Law - a fascinating topic and website.]<br>
| |
| :[http://cwis.kub.nl/~frw/people/koops/lawsurvy.htm Crypto Law Survey - a dissertation on the law enforcement problems of cryptography.]<br>
| |
| :[http://www.ssrn.com/update/lsn/cyberspace/csl_menu.html Cyberspace Law - article abstracts viewable only.]<br>
| |
| :[http://www.eff.org/ Electronic Frontier Foundation - a major player on cyberspace issues.]<br>
| |
| :[http://www.cdt.org/crypto/index.html Government Crypto Policy - Center for Democracy and Technology.]<br>
| |
| :[http://jolt.law.harvard.edu/ Harvard Journal of Law and Technology - some free stuff online.]<br>
| |
| :[http://www.public-domain.org/database/database.html Proposals for regulating Public's right to use Databases - publicdomain.org.]<br>
| |
| :[http://stlr.stanford.edu/STLR/Core_Page/index.htm Stanford Technology Law Review - cyberspace speech controversies.]<br>
| |
| <br>
| |
| =====Planning Issues=====
| |
| :[http://www.alw.nih.gov/Security/security.html Computer Security Information and FAQ - helpful page from the NIH.]<br>
| |
| :[http://www.netsurf.com/nsf/v01/01/nsf.01.01.html Netsurfer Focus on Computer Network Security - a magazine-like website.]<br>
| |
| :[http://www.brown.edu/Research/Unix_Admin/cuisp Higher Education Security Policies-a survey.]<br>
| |
| :[http://www.interpol.int/Public/TechnologyCrime/CrimePrev/companyChecklist.asp Interpol Computer Security Checklist - helpful advice from Interpol.]<br>
| |
| :[http://web.mit.edu/security/www/iso1.htm MIT Information Security Office Web Page - sample policies to emulate.]<br>
| |
| :[http://www.rubyan.com/ Network Engineering Mistakes - a free virtual seminar program.]<br>
| |
| :[http://csrc.ncsl.nist.gov/ NIST Computer Security Resource Clearinghouse - a major website resource.]<br>
| |
| :[http://www.sans.org/newlook/resources/policies/policies.htm SANS Model Computer Security Policies - free online tutorials.]<br>
| |
| :[http://www-leland.stanford.edu/group/tdr-security/index.html Stanford University Information Security Office - a good many policies to sample.]<br>
| |
| <br>
| |
| =====Prevention Issues=====
| |
| :[http://www.greatcircle.com/tutorials/bif.html Building Internet Firewalls Tutorial - Brent Chapman's one-day tutorial.]<br>
| |
| :[http://security.ittoolbox.com/ IT Security Toolbox - a wealth of information and discussion groups.]<br>
| |
| :[http://www.presinet.com/ PresiNET - an Internet management solutions company.]<br>
| |
| :[http://www.zeuros.co.uk/firewall/ The Rotherwick Firewall Resource - UK site.]<br>
| |
| :[http://www.networkintrusion.co.uk/ Talisker's Intrusion Detection Systems List - UK site.]<br>
| |
| <br>
| |
| =====Protocols and Standards Issues=====
| |
| :[http://www.cert.dfn.de/eng/team/ske/pem-dok.html Comprehensive List of Public Key and Certificate Links- the PKI Page.]<br>
| |
| :[http://www.addsecure.net/inform.htm CGSB Independent Audit Standard - an auditing service company.]<br>
| |
| :[http://www.baselinesoft.com Baseline Software's Security Policies - a library of policies made easy.]<br>
| |
| :[http://search.ietf.org/ Internet Engineering Task Force - discussion of IPSEC.]<br>
| |
| :[http://www.itu.ch/itudoc/itu-t/rec/x/x500up/x509_27505.html International Telecommunication Union - X protocols.]<br>
| |
| :[http://theory.lcs.mit.edu/~rivest/rfc1321.txt MD5 - MIT's working group on MD5 algorithm.]<br>
| |
| :[http://www.imc.org/rfc2015 MIME Security with PGP - a request for comment paper.]<br>
| |
| :[http://www.imc.org/rfc1991 PGP Message Exchange Formats - another request for comment paper.]<br>
| |
| :[http://www.setco.org/set_specifications.html Secure Electronic Transactions- e-commerce merchandising protocols.]<br>
| |
| <br>
| |
| =====Virus Issues=====
| |
| :[http://www.kumite.com/myths/ Computer Virus Myths - a beginner's guide to hoaxes and legends.]<br>
| |
| :[http://www.metro.ch/avpve/ AVP Virus Encyclopaedia - a sophisticated classification encyclopedia.]<br>
| |
| :[http://www.unt.edu/virus/ Computer Virus Information and Resources Page - at the Univ. of N. Texas.]<br>
| |
| :[http://www.virusbtn.com Virus Bulletin - an online journal with wildlists of who found what.]<br>
| |
| :[http://www.wildlist.org/ WildList - more up-to-date collection of wildlists.]<br>
| |
| :[http://www.viruslist.com Viruslist.com An encyclopedia and news site in Russian and English.]<br>
| |
| <br>
| |
| | |
| =====Vulnerability Issues=====
| |
| :[http://www.cert.org/ CERT/CC Top Ten List of Exploits - advisories and incident notes.]<br>
| |
| :[http://cve.mitre.org/ Common Vulnerabilities and Exposures - definitions and examples of both.]<br>
| |
| :[http://www.securityfocus.com/ Security Focus - home of Bugtraq and a library of articles.]<br>
| |
| :[http://www.itsecurity.com/defaultie5.htm The Encyclopedia of Computer Security - more than just a glossary, tutorials too.]<br>
| |