I'd like to get an idea of the following
1. What other forensic resources do you use? Are there any technically-oriented listservs or groups that you frequent?
2. What technically-oriented web sites do you go to?
3. What technically-oriented blogs do you have bookmarked and/or visit regularly?
resources and sites
security focus mailing list -forensics
linux forensics mailing list
sans -ISC, reading room
computer forensics -incident response essentials -kruse
software forensics -slade
computer forensics -vacca
art of computer virus research and defense -szor
inside the windows nt filesystem -custer
tao of NSM -beitlich
extrusion detection -beitlich
RDF - jones, beitlich
File system forensic analysis -carrier
guide to computer forensics & investigations -phillips, nelson et al.
SANS GCIH material
I'm sure there's more that I have and use..but that's what comes to mind (my bookmarks are on my laptop).
Here is my collection. I have a lot more if you are intersested. Didn't want to make this a extra lengthy post. All the links are good.
I am very much learning, and have only recently found this site.
The other site I visit frequently though is Computer Forensics World at
As a learner I also recently bought a starter kit which I fend useful, called the Computer Forensics Toolkit http//computer-forensics.privacyresources.org
I have submitted both to the links area, and suggest the sites listed by arashiryu are submitted too.
I hope this helps.
Listservs and groups
All the securityfocus groups pretty much
Website and blogs
get an rss feed from Day in the Life of a Security Investigator
Books so far
Forensic Discovery - Farmer and Venema
Pretty much all the DOJ NIJ books
….and more to come.
for example, code project has this article
where the author explains how a program can tell if it is being run inside of vmware or virtualpc.
browsing or searching through sourceforge often helps because you can look at source code. IExtract is the last one i was taking a look at to try to learn of other ways to get metadata and to see what other file formats they covered.
i'm interested in foreign sources as well. so far a lot of stuff i've seen tends to be US centric, which is cool, but that makes me wonder if foreign companies and law enforcement are relying on US lead in this area, or are they developing their own expertise in the field?