Friday, January 03, 2003

File Signature Database
This is the first release of the File Signature Database, designed to assist examiners primarily for the process of searching unallocated space. With the ever growing number of forensic tools being produced I have attempted to create a portable database, allowing examiners to export the data within, for use on the majority of the leading forensic computing tools.

Thursday, January 02, 2003

F.A.C.T.
The Forensic Association of Computer Technologists was formed in 1993 as a not-for-profit association for the purpose of training law enforcement in the scientific techniques of examining computers. The association originates from Des Moines, Iowa, and holds annual training conferences that provide introductory and advanced instruction in the areas of computer forensics.

F.A.C.T. is made up primarily of law enforcement personnel from federal, state, and local agencies from around the United States. Membership is available to those involved in corporate security for companies which support law enforcement goals.
PMDump
PMDump is a tool that lets you dump the memory contents of a process to a file without stopping the process. This can be useful in a forensic investigation.
Burn-Eye
Teso has a program (“burn-eye”) that encrypts binaries, and it can be used with machine fingerprinting (virtual memory, routing table, partitioning, hostname) so it cannot be run on another machine.
Forensic Links
Digital Forensics Liniks.
Digital Forensic Links
This is a growing list of [digital/cyber/computational] forensic related resources.
IP mapping
IP address to country mapping.
Anti-keylogger.com
Anti-keylogger™ for Microsoft® Windows® 95/98/ME/NT/2000/XP is the FIRST product of its kind in the world that can provide every computer with strong protection against most types of unauthorized activity monitoring software, both KNOWN and UNKNOWN.

Anti-keylogger™ is a program designed to combat against various types of intrusion and monitoring programs currently in use or presently being developed worldwide.Unlike the typical "antivirus" approach, it does not rely on pattern-matching, so it may work on new or unknown types of monitoring programs.
Our applications are the result of extensive mathematical research and modeling carried out by in-house specialists. They are based on operating principles common to all types of activity monitoring programs running under full range of Microsoft® Windows® operating systems.
Using Linux, VMware and SMART to create a virtual computer to recreate a suspect's computer
An interesting whitepaper on some of SMART's acquisition options.
MS Exchange Server Security
Microsoft Exchange Server runs on Windows NT Server platform and is using Windows NT security features. In addition to this it is using a custom mechanism to control access to its MAPI public folders. Also, Exchange offers advanced security on top it by providing means of encryption and digital signatures for messages. These advanced features require installation of Key Management Server (can be installed from Microsoft Exchange Server CD). It provides its features to end users via Exchange client programs such as Outlook. Key Management Server does not expose any documented API. Because of this it will not be discussed here, as well as advanced security features offered through it.
When describing Exchange server security the following topics need to be addressed:
How logon to Exchange server is secured? What exactly protects user's mailboxes against attacks?
How the Directory is protected? How can one observe and change security attributes associated with Directory objects?
How access to public folders is controlled?
SQLSecurity.com
MS SQLSecurity Checklist.
Windows XP Baseline Security Checklists
These checklists outline the steps you should take to reach a baseline of security with Windows XP Home Edition and Windows XP Professional computers, either on their own or as part of a Windows NT or Windows 2000 domain.
Windows XP Security Checklist
Although Windows XP Professional is built on the Windows 2000 kernel, there are significant differences between the operating systems - especially when it comes to security. This checklist is partially based on our popular Windows 2000 security checklist and covers both Windows XP Professional and XP Home Edition. Unfortunately, Windows XP Home Edition doesn't have all of the security features of XP Professional, so not all of the options are available for both versions. If you're concerned about your data, we strongly recommend upgrading to XP Professional as soon as possible. When implementing these recommendations, keep in mind that there is a trade off between increased security levels and usability for any Operating System. To help you decide how much security you need, we've divided the checklist into Basic, Intermediate, and Advanced Security options. You should assess your potential security risks, determine the value of your data, and balance your needs accordingly.