Forensic Education Resources:
INTERNET RESOURCES FOR COMPUTER FORENSICS
GENERAL RESOURCES
Educational Sites
- CARIS - Center for Advanced Research in InfoSec at University of Illinois.
- CERIAS - Purdue's Center for Education & Research in Information Assurance Security
- CERT - Carnegie Mellon's Coordination Center for Internet Security Expertise.
- Center for Computer Communications Security - also at Carnegie Mellon.
- Critical Infrastructure Project - joint project of George Mason and James Madison U.
- CISSP Certification - online study guides available.
- Colleges with Courses in Digital/Computer Forensics - from E-Evidence Info Center.
- Complete List of College Crypto and Security Courses - for U.S. and worldwide.
- Dartmouth College ISTS - Institute for Security Technology Studies.
- George Mason University.
- GMU Technology Law - an InfoSec Center think tank.
- George Washington University - Off-programs related to InfoSec.
- Georgia Tech Information Security Center - College of Computing and Info Security Center.
- Institute for Information Infrastructure Protection - a consortium group at Dartmouth.
- Indiana Univ. of PA - Center of Excellence in Information Assurance.
- Institute of Police Technology - popular Florida courses in computer crime investigation.
- ISS advICE - database on infosec and anti-hacker techniques.
- ITLabsOnline - helpful resources found here.
- John Hopkins Security Informatics Institute - an industry-academe partnership.
- Kennesaw State Cybercrime Institute - SCI Southeast Cybercrime Institute.
- MIT Lab for Computer Science Ron Rivest's Group - InfoSec and Cryptography Pages.
- National Defense University - their many Centers on Information and Technology.
- New York University Institute for Civil Infrastructure Systems - joint project with Cornell et. al.
- Oregon State Information Security Laboratory - College of Computing, Math, and Engineering.
- Univ. of California Davis - Computer Security Laboratory.
- UNC-Charlotte IT course offerings - in security, privacy, and other topics.
- Univ. of Tulsa - Center for Information Security.
Government Sites
- CERT (Computer Emergency Readiness Team) - coordinates attacks against the nation.
- CIAO (Critical Infrastructure Assurance Office) - coordinates top twenty list of vulnerabilities.
- DISA (Defense Information Systems Agency) - Air Force, Army, Navy IS.
- DOJ Cybercrime Bureau - a department of Justice website with a kid's page.
- EC InfoSec home page - European Commission InfoSec site.
- FedCIRC - great source for incident notes and intrusion detection tips.
- FBI - the Federal Bureau of Investigation.
- InterPol - their Technocrime Prevention page, with checklist.
- Lawrence Livermore National Laboratory - cutting edge research in energy science.
- Los Alamos National Laboratory - futuristic applied research.
- NIPC (National Infrastructure Protection Center) - Infraguard and where most incidents reported.
- Pacific Northwest National Laboratory - technological innovation.
- GAO Cyber-Security Assessments - yearly risk assessments in pdf and htm format.
- NIH Center for Security Information - includes advisories and other links.
- NIST Computer Security Division and CSRC - Department of Commerce sites.
- NPS CISR - Navy Postgraduate School Center for InfoSec Research.
- Office of Homeland Security - America's newest cabinet level agency.
- Sandia National Laboratory - emerging technologies that respond to national security threats.
- White House National Strategy to Secure Cyberspace - the official strategy of the U.S.
Industrial, Organization, or Private Sector Sites
- CVE - Common Vulnerabilities and Exposures.
- Computer Security Institute - a professional association that holds conferences.
- CyberSecurity Institute - a buisiness site listing core competencies in computer forensics.
- E-Evidence Info - big list of links in computer forensics.
- FIRST - a Forum of government, business, and academic incident responders.
- Forensics NL - big list of computer forensics and cybercrime resources.
- Infosyssec: The Security Portal for IT Professionals - a private think tank.
- Jane's Information Group/Security Section - focus on terrorism and information technology.
- Microsoft Research - innovations in a variety of mathematically possible ways.
- Microsoft Technet - be sure to see the Security Bulletins and Support Knowledge Base.
- MIS Training Institute - provides courses and more in Audit and Information Security training.
- Mitretek Systems - a well-known think tank in criminal justice engineering.
- National Security Institute - provider with a lot of educational resources online.
- NIST List of Computer Security Organizations - professional associations and conferences.
- RAND Corporation - a well known think tank in public policy.
- SANS Institute - perhaps the premiere cyber-defense institute; intrusion detection specialists.
- World Research Group - holders of training workshops on computer forensics.
Individual Home Pages
- Computer Forensics World - a community of professionals.
- Dorothy Denning's home page - Georgetown InfoSec guru.
- Fred Cohen's home page - a consultant's tools, talks, and idea on strategic intelligence.
- George Smith's Crypt newsletter - a self-styled computer security critic.
- Nathan Smith's Computer Forensic Tech - another personal home page builder.
- Rik Farrow's Spirit.com - ports, firewalls, and web server security advice.
- Ron Rivest's home page - MIT's cryptography and security expert.
- The WWW security FAQ - longtime Internet favorite.
Publisher Websites
- Cipher - the IEEE Computer Security newsletter.
- CNet Builder Buzz: Server Insecurity - includes antihacker downloads.
- CyberEthics - website for the book.
- Digital Investigation - website for the journal with sample articles.
- Dr. Dobb's Journal - sophisticated tech magazine for computer professionals.
- Journal of Computer Security's CS database - searchable bibliographies.
- Network Magazine - sophisticated tech magazine for enterprise solutions.
- Security in the News - excellent, up-to-date newsletter out of Dartmouth.
- SC Magazine - largest circulating InfoSec magazine and its.
- InfoSecurity News.
- Security Focus Magazine - tracks vulnerabilities, bugs, glitches, and flaws.
- Thomson Course Technology - InfoSec courseware and books.
Specialized Resources
Authentication Issues
- Granularity and Extensibility of Access Control - choosing a control scheme.
- Kerberos - the network authentication scheme explained.
- Facial Biometrics / Recognition - modern-day mugshots.
- International Biometric Group - an international focal point.
- The Biometric Consortium - a focal point for U.S. research and testing.
- The Face Recognition Home Page - tutorials and resources.
Encryption Issues
- Beginner's Cryptography Page - keepers of the CryptRing.
- Cryptography: Ron Rivest's MIT Site - pointers to other sites on the Web.
- Cryptography: The Study of Encryption - a comprehensive mega-site on encryption.
- Cryptography and Liberty - country-by-country policies on encryption.
- Data Encryption Techniques- an overview for beginners.
- International Association for Cryptologic Research - a professional association.
- TruSecure - an information security assurance provider.
- ZDNet Developer - their Backend Security section.
- RSA Security - a major player in the crypto field.
- IP Level Encryption - discussion of an emerging technology.
Hacking Issues
- 2600 Magazine - one of the oldest hacking news sites on the Net.
- AntiOnline - hackers know your weaknesses, shouldn't you?.
- AuditMyPC.com - free firewall tests and port scans.
- Computer Undergroung Digest (Cu Digest)- a popular magazine during the 90s.
- Digicrime - a full service criminal computer hacking organization.
- Fyodor's Exploit World - an archive of ALL the exploits.
- Hackers.Com - live hacker chats and security tips.
- Nomad Mobile Research Centre - advisories, FAQs, and files.
- Phrack Magazine - home page for the largest IRC group of hackers.
- Root Shell - UNIX-based resource links.
Infowarfare Issues
- Al Fundaburk's Infowarfare site - he used to work at NC Wesleyan.
- Institute for Advanced Study of Information Warfare - as vicious-looking as it sounds.
- Infowar.com - a store, museum, archive, and library all rolled into one.
Law and Legal isues
- Berkeley Journal of Computers and the Law - your basic law school journal.
- Copyright and Multimedia Law - a fascinating topic and website.
- Crypto Law Survey - a dissertation on the law enforcement problems of cryptography.
- Cyberspace Law - article abstracts viewable only.
- Electronic Frontier Foundation - a major player on cyberspace issues.
- Government Crypto Policy - Center for Democracy and Technology.
- Harvard Journal of Law and Technology - some free stuff online.
- Proposals for regulating Public's right to use Databases - publicdomain.org.
- Stanford Technology Law Review - cyberspace speech controversies.
Planning Issues
- Computer Security Information and FAQ - helpful page from the NIH.
- Netsurfer Focus on Computer Network Security - a magazine-like website.
- Higher Education Security Policies-a survey.
- Interpol Computer Security Checklist - helpful advice from Interpol.
- MIT Information Security Office Web Page - sample policies to emulate.
- Network Engineering Mistakes - a free virtual seminar program.
- NIST Computer Security Resource Clearinghouse - a major website resource.
- SANS Model Computer Security Policies - free online tutorials.
- Stanford University Information Security Office - a good many policies to sample.
Prevention Issues
- Building Internet Firewalls Tutorial - Brent Chapman's one-day tutorial.
- IT Security Toolbox - a wealth of information and discussion groups.
- PresiNET - an Internet management solutions company.
- The Rotherwick Firewall Resource - UK site.
- Talisker's Intrusion Detection Systems List - UK site.
Protocols and Standards Issues
- Comprehensive List of Public Key and Certificate Links- the PKI Page.
- CGSB Independent Audit Standard - an auditing service company.
- Baseline Software's Security Policies - a library of policies made easy.
- Internet Engineering Task Force - discussion of IPSEC.
- International Telecommunication Union - X protocols.
- MD5 - MIT's working group on MD5 algorithm.
- MIME Security with PGP - a request for comment paper.
- PGP Message Exchange Formats - another request for comment paper.
- Secure Electronic Transactions- e-commerce merchandising protocols.
Virus Issues
- Computer Virus Myths - a beginner's guide to hoaxes and legends.
- AVP Virus Encyclopaedia - a sophisticated classification encyclopedia.
- Computer Virus Information and Resources Page - at the Univ. of N. Texas.
- Virus Bulletin - an online journal with wildlists of who found what.
- WildList - more up-to-date collection of wildlists.
- Viruslist.com An encyclopedia and news site in Russian and English.