C.D. Smith Investigations

"Our Knowledge Is Your Power!"

Computer Forensics, Cybercrime and Steganography Resources

GENERAL RESOURCES:

Educational Sites

CARIS - Center for Advanced Research in InfoSec at University of Illinois
CERIAS - Purdue's Center for Education & Research in Information Assurance & Security
CERT/CC - Carnegie Mellon's Coordination Center for Internet Security Expertise
C 3S Center for Computer & Communications Security - also at Carnegie Mellon
Critical Infrastructure Project - joint project of George Mason & James Madison U.
CISSP Certification - online study guides available
Colleges with Courses in Digital/Computer Forensics - from E-Evidence Info Center
Complete List of College Crypto and Security Courses - for U.S. and worldwide
Dartmouth College ISTS - Institute for Security Technology Studies
George Mason University & GMU Technology & Law - an InfoSec Center & think tank
George Washington University - Off-programs related to InfoSec
Georgia Tech Information Security Center - College of Computing and Info Security Center
I 3P Institute for Information Infrastructure Protection - a consortium group at Dartmouth
Indiana Univ. of PA - Center of Excellence in Information Assurance
Institute of Police Technology - popular Florida courses in computer crime investigation
ISS advICE - database on infosec and anti-hacker techniques
ITLabsOnline - helpful resources found here
John Hopkins Security Informatics Institute - an industry-academe partnership
Kennesaw State Cybercrime Institute - SCI Southeast Cybercrime Institute
MIT Lab for Computer Science & Ron Rivest's Group - InfoSec and Cryptography Pages
National Defense University - their many Centers on Information and Technology
New York University Institute for Civil Infrastructure Systems - joint project with Cornell et. al.
Oregon State Information Security Laboratory - College of Computing, Math, & Engineering
Southwestern Comm. College Cybercrime Technology Program - syllabi and lecture notes
Univ. of California Davis - Computer Security Laboratory
UNC-Charlotte IT course offerings - in security, privacy, and other topics
Univ.of New Haven - syllabi for two or three courses usually available
Univ. of Tulsa - Center for Information Security

Government Sites

CERT (Computer Emergency Readiness Team) - coordinates attacks against the nation
CIAO (Critical Infrastructure Assurance Office) - coordinates top twenty list of vulnerabilities
DISA (Defense Information Systems Agency) - Air Force, Army, & Navy IS
DOJ Cybercrime Bureau - a department of Justice website with a kid's page
EC InfoSec home page - European Commission InfoSec site
FedCIRC - great source for incident notes and intrusion detection tips
FBI - the Federal Bureau of Investigation
InterPol - their Technocrime Prevention page, with checklist
Lawrence Livermore National Laboratory - cutting edge research in energy science
Los Alamos National Laboratory - futuristic applied research
NIPC (National Infrastructure Protection Center) - Infraguard and where most incidents reported
Pacific Northwest National Laboratory - technological innovation
GAO Cyber-Security Assessments - yearly risk assessments in pdf and htm format
NIH Center for Security Information - includes advisories and other links
NIST Computer Security Division and CSRC - Department of Commerce sites
North Carolina InfraGard - our state partnership and the National Chapter
NPS CISR - Navy Postgraduate School Center for InfoSec Research
Office of Homeland Security - America's newest cabinet level agency
Sandia National Laboratory - emerging technologies that respond to national security threats
White House National Strategy to Secure Cyberspace - the official strategy of the U.S.

Industrial, Organization, or Private Sector Sites

CVE - Common Vulnerabilities and Exposures from MITRE Corp.
Computer Security Institute - a professional association that holds conferences
CyberSecurity Institute - a biz site listing core competencies in computer forensics
E-Evidence Info - big list of links in computer forensics
FIRST - a Forum of government, business, and academic incident responders
Forensics NL - big list of computer forensics and cybercrime resources
Infosyssec: The Security Portal for IT Professionals - a private think tank
Intense School - Microsoft's famous "boot camps" for IT security professionals
Jane's Information Group/Security Section - focus on terrorism and information technology
Microsoft Research - innovations in a variety of mathematically possible ways
Microsoft Technet - be sure to see the Security>Bulletins and Support>Knowledge Base
MIS Training Institute - provides courses and more in Audit and Information Security training
Mitretek Systems - a well-known think tank in criminal justice engineering
National Security Institute - provider with a lot of educational resources online
NIST List of Computer Security Organizations - professional associations and conferences
RAND Corporation - a well known think tank in public policy
SANS Institute - perhaps the premiere cyber-defense institute; intrusion detection specialists
World Research Group - holders of training workshops on computer forensics

Individual Home Pages

Computer Forensics World - a community of professionals
Dorothy Denning's home page - Georgetown InfoSec guru
Fred Cohen's home page - a consultant's tools, talks, and idea on strategic intelligence
George Smith's "Crypt" newsletter - a self-styled computer security critic
Nathan Smith's Computer Forensic Tech - another personal home page builder
Rik Farrow's Spirit.com - ports, firewalls, and web server security advice
Ron Rivest's home page - MIT's cryptography and security expert
The WWW security FAQ - longtime Internet favorite

Publisher Websites

Cipher - the IEEE Computer Security newsletter
CNet Builder Buzz: Server Insecurity - includes antihacker downloads
CyberEthics - website for the book
Digital Investigation - website for the journal with sample articles
Dr. Dobb's Journal - sophisticated tech magazine for computer professionals
Journal of Computer Security's CS database - searchable bibliographies
Lists of Computer Forensics Books reviewed - by an Amazon.com member
MSNBC Technology Front Page - Hacks, Attacks, Bugs, and Vulnerabilities
Network Magazine - sophisticated tech magazine for enterprise solutions
Security in the News - excellent, up-to-date newsletter out of Dartmouth
SC Magazine - largest circulating InfoSec magazine and its InfoSecurity News
Security Focus Magazine - tracks vulnerabilities, bugs, glitches, and flaws
Thomson Course Technology - InfoSec courseware and books

SPECIALIZED RESOURCES:

Authentication Issues

Granularity and Extensibility of Access Control - choosing a control scheme
Kerberos - the network authentication scheme explained
Facial Biometrics / Recognition - modern-day mugshots
International Biometric Group - an international focal point
The Biometric Consortium - a focal point for U.S. research and testing
The Face Recognition Home Page - tutorials and resources

Encryption Issues

Beginner's Cryptography Page - keepers of the CryptRing
Cryptography: Ron Rivest's MIT Site - pointers to other sites on the Web
Cryptography: The Study of Encryption - a comprehensive mega-site on encryption
Cryptography and Liberty - country-by-country policies on encryption
Data Encryption Techniques- an overview for beginners
International Association for Cryptologic Research - a professional association
TruSecure - an information security assurance provider
ZDNet Developer - their Backend Security section
RSA Security - a major player in the crypto field
IP Level Encryption - discussion of an emerging technology
S/MIME & PGP-a comparison of the two technologies

Hacking Issues

2600 Magazine - one of the oldest hacking news sites on the Net
AntiOnline - hackers know your weaknesses, shouldn't you?
AuditMyPC.com - free firewall tests and port scans
Computer Undergroung Digest (Cu Digest)- a popular magazine during the 90s
Digicrime - a full service criminal computer hacking organization
Fyodor's Exploit World - an archive of ALL the exploits
Hackers.Com - live hacker chats and security tips
@Stake.com -security advisories from a hacker's point of view
Nomad Mobile Research Centre - advisories, FAQs, and files
Phrack Magazine - home page for the largest IRC group of hackers
Root Shell - UNIX-based resource links

Infowarfare Issues

Al Fundaburk's Infowarfare site - he used to work at NC Wesleyan
Institute for Advanced Study of Information Warfare- as vicious-looking as it sounds
Infowar.com - a store, museum, archive, and library all rolled into one

Law and Legal isues

Berkeley Journal of Computers and the Law-your basic law school journal
Copyright and Multimedia Law - a fascinating topic and website
Crypto Law Survey - a dissertation on the law enforcement problems of cryptography
Cyberspace Law - article abstracts viewable only
Electronic Frontier Foundation - a major player on cyberspace issues
Government Crypto Policy - Center for Democracy and Technology
Harvard Journal of Law and Technology - some free stuff online
Proposals for regulating Public's right to use Databases - publicdomain.org
Stanford Technology Law Review -cyberspace speech controversies

Planning Issues

Atomic Tangerine-a vendor/portal website
Computer Security Information and FAQ - helpful page from the NIH
Netsurfer Focus on Computer & Network Security - a magazine-like website
Higher Education Security Policies-a survey
Interpol Computer Security Checklist - helpful advice from Interpol
MIT Information Security Office Web Page - sample policies to emulate
Network Engineering Mistakes - a free virtual seminar program
NIST Computer Security Resource Clearinghouse - a major website resource
SANS Model Computer Security Policies - free online tutorials
Stanford University Information Security Office - a good many policies to sample

Prevention Issues

Building Internet Firewalls Tutorial - Brent Chapman's one-day tutorial
Firewalls Mailing List - archived discussions at GNAC
IT Security Toolbox - a wealth of information and discussion groups
PresiNET - an Internet management solutions company
The Rotherwick Firewall Resource - UK site
Talisker's Intrusion Detection Systems List - UK site

Protocols and Standards Issues

Comprehensive List of Public Key and Certificate Links- the PKI Page
CGSB Independent Audit Standard - an auditing service company
Baseline Software's Security Policies - a library of policies made easy
Internet Engineering Task Force - discussion of IPSEC
International Telecommunication Union - X protocols
MD5 - MIT's working group on MD5 algorithm
MIME Security with PGP - a request for comment paper
PGP Message Exchange Formats - another request for comment paper
Point to Point Tunnelling Protocol - 3Com's tech specs
Secure Electronic Transactions- e-commerce merchandising protocols

Virus Issues

Computer Virus Myths - a beginner's guide to hoaxes and legends
AVP Virus Encyclopaedia - a sophisticated classification encyclopedia
Computer Virus Information and Resources Page - at the Univ. of N. Texas
Datafellows (F-Prot) Virus Database Page - the F-Secure virus info center
SaferSite -makers of Pest Patrol, which cleans up remnants of virii
Symantec Virus Database Page-the Symantec (IBN, Norton) virus info center
Trend Micro Antivirus Page-the Trend (PC-cillin) virus info center
Virus Bulletin -an online journal with wildlists of who found what
WildList - more up-to-date collection of wildlists
Viruslist.com-an encyclopedia/news site in Russian and English