Capital Region Cyber Crime Partnership header

First Responder and Advanced Resources

  • Standard Operating Procedures & Validation
    The University at Albany, State University of New York has served as a non-biased evaluator for computer forensic-related Standard Operating Procedures (SOP's). The revised SOP's and associated validation is available for download.
  • Computer Forensic References
    The following resource is a compiled list of electronic references that relate to computer forensics in general, forensic tool validation, as well as basic and advanced forensic preview and analysis. These references will continue to be updated as computer forensics papers and documents become available. If you find any broken links or want to suggest any useful publications not already listed, please send an email to Damira Pon at damira@gmail.com
 

Standard Operating Procedures Validation & Testing

In order to have access to this material, you can request a password by sending an email to: Sanjay Goel at goel@albany.edu or Damira Pon at damira@gmail.com and let us know:
  • Your agency name
  • SOP's / Validation documentation being downloaded
  • Purpose of downloading the files (e.g. prosecution/enforcement of cases)
  • How you heard about this material
The following validation tests have been performed.

Computer Forensics References

  1. Creation of Standard Operating Procedures
    1. Scientific Working Group on Digital Evidence (SWGDE). (2004). Recommended Guidelines for Developing Standard Operating
      Procedures Version 1.0. SWGDE, 1-8. http://68.156.151.124/documents/swgde2006/SWGDE%20-%20SWGIT%20Recommended%
      20Guidelines%20for%20Developing%20Standard%20Operating%20Procedures.pdf
  2. Validation and Testing of Tools
    1. Baca, E. (2002). Using Linux VMWare and SMART to Create a Virtual Computer to Recreate a Suspect's Computer. http://www.infosecwriters.com/text_resources/andrewrosen/SMARTForensics.pdf
    2. Baca, E. (2003). Knoppix Bootable CD Validation Study for Live Forensic Preview of Suspects Computer. Linux-Forensics.com, 1-18. http://web.archive.org/web/20051111160844/http://www.linux-forensics.com/KNOPPIXValidation.pdf
    3. Bowker, A. (2003). Knoppix Live Linux Filesystem First Responder Guide for Law Enforcement and Corrections Officers. http://www.penguinsleuth.org/linuxforensics/knoppixManual.pdf
    4. Gundy, B.J. (2004). The Law Enforcement and Forensic Examiner Introduction to Linux. A Beginner's Guide. http://www.rootsecure.net/content/downloads/pdf/forensic_guide_to_linux.pdf
    5. United States. Department of Commerce. Technology Administration. National Institute of Standards and Technology (NIST). (2005).
      Digital Data Acquisition Tool Test Assertions and Test Plan Version 1.0. [Draft] NIST, DA-ATP-PC-01, 1-47.
      http://www.cftt.nist.gov/DA-ATP-pc-01.pdf
    6. Information Technology Laboratory. Computer Forensics Tool Testing Program. Disk Imaging. National Institute of Standards and
      Technology (NIST). http://www.cftt.nist.gov/disk_imaging.htm
    7. Information Technology Laboratory. Computer Forensics Tool Testing Program. Write Block (Software). National Institute of
      Standards and Technology (NIST). http://www.cftt.nist.gov/software_write_block.htm
    8. Information Technology Laboratory. Computer Forensics Tool Testing Program. Write Block (Hardware). National Institute of
      Standards and Technology (NIST). http://www.cftt.nist.gov/hardware_write_block.htm
    9. Information Technology Laboratory. Computer Forensics Tool Testing Program. Posted Test Results. National Institute of
      Standards and Technology (NIST). http://www.ojp.usdoj.gov/nij/topics/ecrime/cftt.htm
    10. Scientific Working Group on Digital Evidence (SWGDE). (2004). Recommended Guidelines for Validation Testing Version 1.0.
      SWGDE, 1-22. http://www.cit.uws.edu.au/compsci/computerforensics/Online%20Materials/SWGDE%20Validation%20
      Guidelines%20_July%202004_.pdf
  3. General Computer Forensics Investigation
    1. Advisory Committee for Police Investigative Operations. (2006). Best Practices for Seizing Electronic Evidence. United States Secret Service. http://www.ustreas.gov/usss/electronic_evidence.shtml
    2. International Organization on Computer Evidence (IOCE). IOCE 2002 Digital Evidence Standards Working Group. (2002). Guidelines for Best Practice in the Forensic Examination of Digital Technology. http://www.cit.uws.edu.au/compsci/computerforensics/Online% 20Materials/Guidelines%20for%20Best%20Practices%20in%20Examination%20of%20Digital%20Evid.pdf
    3. Association of Chief Police Officers (ACPO). (2003). Good Practice Guide for Computer based Electronic Evidence Version 3.0. National Hi-Tech Crime Unit, 1-51. http://www.dataclinic.co.uk/ACPO%20Guide%20v3.0.pdf
    4. Pettinari, D. (2000). Computer Forensics Processing Checklist. Pueblo County Sheriff's Office. Pueblo High-Tech Crimes Unit. http://www.crime-research.org/library/Computer%20Forensics%20Processing%20Checklist.pdf
    5. Scientific Working Group on Digital Evidence (SWGDE). (2006). SWGDE Best Practices for Computer Forensics, Version 2.1. SWGDE, 1-7. http://68.156.151.124/documents/swgde2006/Best_Practices_for_Computer_Forensics%20July06.pdf
    6. United States. Department of Justice. Criminal Division. Computer Crime and Intellectual Property Section. Searching and Seizing Computers and Obtaining Electronic Evidence in Criminal Investigations. http://www.cybercrime.gov/s&smanual2002.htm#_IIIA_
    7. United States. Department of Justice. Office of Justice Programs. (2004). NIJ Special Report Forensic Examination of Digital Evidence: A Guide for Law Enforcement. NCJ 199408, Washington, D.C.: National Institute of Justice. http://www.ncjrs.gov/pdffiles1/nij/199408.pdf
    8. United States. Department of Justice. Office of Justice Programs. (2004). NIJ Special Report Forensic Examination of Digital Evidence: A Reference for Law Enforcement. NCJ 200160, Washington, D.C.: National Institute of Justice. http://www.ncjrs.gov/pdffiles1/nij/200160.pdf
    9. United States. Department of Justice. Office of Justice Programs. Technical Working Group for Electronic Crime Scene Investigation. (2001). Electronic Crime Scene Investigation: A Guide for First Responders. NCJ 187736, Washington, D.C.: National Institute of Justice. http://www.ncjrs.gov/pdffiles1/nij/187736.pdf
    10. Wright. T.E. (2005). A Method for Forensic Previews. SecurityFocus. http://www.securityfocus.com/infocus/1825
  4. Advanced Computer Forensics Investigation
    1. Nolan, R., Baker, M., Branson, J., Hammerstein, J., Rush, K., Waits, C., Schweinsberg, E. (2005). First Responders Guide to Computer Forensics: Advanced Topics. Carnegie Mellon Software Engineering Institute CMU/SEI-2005-HB-003, 1-150. http://www.cert.org/archive/pdf/05hb003.pdf
    2. United States. Department of Justice. Office of Justice Programs. (2007). NIJ Special Report Digital Evidence in the Courtroom A Guide for Law Enforcement and Prosecutors. NCJ 211314, Washington, D.C.: National Institute of Justice. http://www.ncjrs.gov/pdffiles1/nij/211314.pdf
    3. United States. Department of Justice. Office of Justice Programs. (2007). NIJ Special Report Investigations Involving the Internet and Computer Networks. NCJ 210798, Washington, D.C.: National Institute of Justice. http://www.ncjrs.gov/pdffiles1/nij/210798.pdf
  5. Analysis of Imaged Drives
    1. Dittrich, D. Basic Steps in Forensic Analysis of UNIX Systems. http://staff.washington.edu/dittrich/misc/forensics/
  6. Digital Forensics Guidelines
    1. Burnette, M.W. (2002). Forensic Examination of a RIM (Blackberry) Wireless Device. http://www.rh-law.com/ediscovery/Blackberry.pdf
    2. Jansen, W., and Ayers, R. (2004). Guidelines on PDA Forensics Recommendations of the National Institute of Standards and Technology. United States. Department of Commerce. Technology Administration. National Institute of Standards and Technology (NIST), 1-67. http://www.cit.uws.edu.au/compsci/computerforensics/Online%20Materials/nistir-7100-PDAForensics.pdf
    3. Ayers, R., Jansen, W., Cilleros, N., and Daniellou, R. (2005). Cell Phone Forensic Tools: An Overview and Analysis. National Institute of Standards and Technology. United States. Department of Commerce. Technology Administration. National Institute of Standards and Technology (NIST), 1-188. http://csrc.nist.gov/publications/nistir/nistir-7250.pdf
  7. Forensics Tools Resources
    1. 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery) http://www.darknet.org.uk/2006/03/10-best-security-live-cd-distros-pen-test-forensics-recovery/
  8. Other General Resources
    1. http://www.e-evidence.info/b.html
    2. http://www.cit.uws.edu.au/compsci/computerforensics/Online%20Materials/index.php