Forensic resources

resources and sites
security focus mailing list -forensics
this site
linux forensics mailing list
computerforensicsworld.com
infosyssec.com
sans -ISC, reading room
ijde
dfrws
norman.sandbox.no
virustotal.com
virus.jotti.org
winhex forums
irc
e-evidence.info
opensourceforensics.org
DOJ, NSRL
sleuthkit.org

blogs
yours
taosecurity
wormblog
russinovich
F-secure

books
yours
computer forensics -incident response essentials -kruse
software forensics -slade
computer forensics -vacca
art of computer virus research and defense -szor
inside the windows nt filesystem -custer
tao of NSM -beitlich
extrusion detection -beitlich
RDF - jones, beitlich
File system forensic analysis -carrier
guide to computer forensics & investigations -phillips, nelson et al.
incident response
SANS GCIH material

I'm sure there's more that I have and use..but that's what comes to mind (my bookmarks are on my laptop).

Here is my collection. I have a lot more if you are intersested. Didn't want to make this a extra lengthy post. All the links are good.

http//www.evidencetalks.com/forensic_toolsets/mobile_phone_forensics.php

http//forensictracer.com/account.php

http//www.nu2.nu/pebuilder/

http//www.blackhat.com/html/bh-multi-media-archives.html

http//www.digital-evidence.org/index.html

http//forensic.to/links/pages/Forensic_Sciences/Field_of_expertise/Computer_Investigation/

http//www.computerforensicsworld.com/modules.php?name=Forums&file=viewtopic&t=82

http//www.forensics.nl/

http//www.citsf.com/swapmeet.html

http//www.contentpurity.com/scanintro.htm

http//www.ddj.com/

http//www.e-evidence.info/

http//www.forensicfocus.com

http//www.forinsect.de/forensics/forensics-tools.html

http//www.nirsoft.net/utils/index.html

http//www.data-recovery-hub.com/information/Diagnose/index.php

http//air-imager.sourceforge.net/

http//www.htcia.org/classified/index.shtml

http//www.loganalysis.org/

http//www.theinquirer.net/email_tracker.htm

http//www.securityfocus.com

http//www.forensics-intl.com/ev-info.html

http//www.rootkit.com/index.php

http//www.windows-ir.com

http//www.ultimatewindowssecurity.com/encyclopedia.html

http//www.sleuthkit.org/

http//www.sleuthkit.org/

www.e-fense.com/helix/

I am very much learning, and have only recently found this site.

The other site I visit frequently though is Computer Forensics World at
http//www.computerforensicsworld.com

As a learner I also recently bought a starter kit which I fend useful, called the Computer Forensics Toolkit http//computer-forensics.privacyresources.org

I have submitted both to the links area, and suggest the sites listed by arashiryu are submitted too.

I hope this helps.

Listservs and groups

All the securityfocus groups pretty much
insecure.org groups
nessus groups

Website and blogs

security-forums.com
computerforensicworld.com infrequently
gentoo.org
get an rss feed from Day in the Life of a Security Investigator

Books so far

Yours keydet89
Forensic Discovery - Farmer and Venema
Pretty much all the DOJ NIJ books

….and more to come.

Don't forget code oriented sites like
http//www.codeproject.com
http//www.codeguru.com
http//www.oreillynet.com/
http//sourceforge.net/

for example, code project has this article
http//www.codeproject.com/system/VmDetect.asp
where the author explains how a program can tell if it is being run inside of vmware or virtualpc.

browsing or searching through sourceforge often helps because you can look at source code. IExtract is the last one i was taking a look at to try to learn of other ways to get metadata and to see what other file formats they covered.

i'm interested in foreign sources as well. so far a lot of stuff i've seen tends to be US centric, which is cool, but that makes me wonder if foreign companies and law enforcement are relying on US lead in this area, or are they developing their own expertise in the field?