Digital Forensics Association

Papers

• Adventures in Computer Forensics
  by Diana Michaud, 2001.
• After Conversation - An Forensic ICQ Logfile Extraction Tool
  by Kim Morfitt & Craig Valli, Edith Cowan University, 2005.
• An Ad Hoc Review of Digital Forensic Models
  by Mark M. Pollitt, University of Central Florida, 2007. This is a pay-per-view link.
• An Analysis of the Integrity of Palm Images Acquired with PDD
  by Christian Frichot, Edith Cowan University, 2004.
• Analysis of LOKI2, Using mtree as a Forensic Tool, and Sharing Data with Law Enforcement
  by Andrew Korty, 2003.
• An Introduction to Forensic Readiness Planning
  by Robert Rowlingson, 2005.
• Automated Analysis for Digital Forensic Science: Semantic Integrity Checking
  by Tye Stallard and Karl Levitt, 2003.
• Automated computer forensics training in a virtualized environment
  by Stephen Bruecknera, David Guasparia, Frank Adelsteina, Joseph Weeksb, DFRWS Proceedings, 2008.
• Basic Steps in Forensic Analysis of Unix Systems
  by Ray Link, University of Pittsburg, 2001.
• Building a Low Cost Forensic Workstation
  by Matthew McMillon, 2003.
• Building Theoretical Underpinnings for Digital Forensics Research
  by Sarah Mocas.
• Can Digital Evidence Endure the Test of Time?
  by Mike Duren & Chet Hosmer, 2002.
• Computer Evidence v. Daubert: The Coming Conflict
  by Christopher Marsico, CERIAS Tech Report 2005-17, 2005.
• Computer Forensics: Bringing the Evidence to Court
  by Cornell Walker.
• Computer Forensics Field Triage Process Model
  by James Goldman, Rick Mislan, Timothy Wedge and Steve Debrota, 2006.
• Computer Forensics for Law Enforcement
  by Hassel Stacy Jr. & Phillip Lunsford, 2006.
• Computer Forensics in a LAN Environment
  by Michael J. Corby, M Corby & Associates, Inc., 1999.
• Computer Forensics: Meeting the Challenges of Scientific Evidence
  by Matthew Meyers & Marc Rogers, CERIAS Tech Report 2005-18, 2005.
• Computer Forensics: Towards Creating a Certification Framework
  by Matthew Meyers, CERIAS Tech Report 2005-28, 2005.
• Computer Forensics - We've had an Incident, Who do We Get to Investigate?
  by Karen Ryder, 2002.
• Computer Incident Investigations: e-forensic Insights on Evidence
  by Vlasti Broucek, Paul Turner, 2004.
• The Coroners Toolkit - In Depth
  by Clarke L. Jeffris, 2002.
• A Correlation Method for Establishing Provenance of Timestamps in Digital Evidence
  by Bradley Schatz, George Mohay & Andrew Clark, 2006.
• A Critical Evaluation of the Treatment of Deleted Files in Microsoft Windows Operation Systems
  by Gregory H. Carlton, 2005.
• A Cyber Forensics Ontology: Creating a New Approach to Studying Cyber Forensics
  by Ashley Brinson, Abigail Robinson & Marcus Rogers, 2006.
• Data Hiding Tactics for Windows and Unix File Systems
  by Hal Berghel, David Hoelzer and Michael Sthultz, Identity Theft and Financial Fraud Research and Operation Center.
• Defining Digital Forensic Examination and Analysis Tools Using Abstraction Layers
  by Brian Carrier, International Journal of Digital Evidence, Winter 2004, Volume 1, Issue 4.
• Design and Implementation of a Remote Forensics System
  by Jacob Pennock, Damon Smith and Geoffrey wilson, Information Networking Institute, Carnegie Mellon University, 2005.
• Detecting file fragmentation point using sequential hypothesis testing
  by Anandabrata Pal, Husrev T. Sencar, Nasir Memon, DFRWS Proceedings, 2008.
• Developing a Computer Forensics Team
  by Christine Vecchio-Flaim, 2001.
• Digital Evidence Integrated Management System
  by Hyun-Sang Kim, Sang-Jin Lee and Jong-in Lim, 2004.
• Digital Forensic Analysis of E-mails: A Trusted E-mail Protocol
  Digital Forensic Research Workgroups (DFRW), Workshop held in August 2003 in USA and International Journal of Digital Evidence (IJDE) in Spring 2004, Volume 2, Issue 4, Gaurav Gupta, Chandan Mazumdar, M.S. Rao
• Digital Forensics: A Demonstration of the Effectiveness of The Sleuth Kit and Autopsy Forensic Browser
  by Anthony Dowling, 2006.
• Digital Forensics: Validation and Verification in a Dynamic Work Environment
  by Jason Beckett and Jill Slay, 2007.
• A Digital Forensic Practitioner's Guide to Giving Evidence in a Court of Law
  by Shayne Sherman, Edith Cowan University, 2006.
• Digital Forensics Research
  by Svein Yngvar Willassen & Stig Frode Mj0lses, Telektronikk, 2005.
• Digital Forensics Tools: The Next Generation
  by Golden Richard III and Vassil Roussev, 2006.
• Digital Music Device Forensics
  by Christopher Marsico, CERIAS Tech Report 2005-27.
• Domain Name Forensics: A Systematic Approach to Investigating an Internet Presence
  by Bruce J. Nikkel, 2005.
• An Efficient Technique for Enhancing Forensic Capabilities of Ext2 File System
  Digital Forensic Research Workgroup conference held from 13th to 15th August 2007 in Pittsburg, PA. by Mridul Sankar Barik, Gaurav Gupta, Shubhro Sinha, Alok Mishra, Chandan Mazumdar
• An Empirical Study of Automatic Event Reconstruction Systems
  by Sundararaman Jeyaraman & Mike Atallah, CERIAS Tech Report 2006-20, 2006.
• Enhanced Digital Investigation Process Model, The
  by Venansius Baryamureeba & Florence Tushabe, Institute of Computer Science, Makere University, 2004.
• Enhancing the Forensic ICQ Logfile Extraction Tool
  by Kim Morrfitt, Edith Cowan University, 2006.
• Enterprise Computer Forensics: A Defensive and Offensive Strategy to Fight Computer Crime
  by Fahmid Imtiaz, Edith Cowan University, 2006.
• An Event-Based Digital Forensic Investigation Framework
  by Brian Carrier and Eugene Spafford, Center for Education and Research in Information Assurance and Security - CERIAS Purdue University.
• An Examination of Digital Forensic Models
  by Mark Reith, Clint Carr & Gregg Gunsch, 2002.
• An Extended Model of Cybercrime Investigations
  by Seamus O Ciardhuain, 2004.
• FACE: Automated digital evidence discovery and correlation
  by Andrew Case, Andrew Cristina, Lodovico Marziale, Golden G. Richard, Vassil Roussev, DFRWS Proceedings, 2008.
• FATKit: A Framework for the Extraction and Analysis of Digital Forensic Data from Volatile System Memory
  by Aaron Walters & Nick L. Petroni Jr., DFRWS 2006: Work In Progres, 2006.
• The Federal Court, the Music Industry and the Universities: Lessons for Forensic Computing Specialists
  by Vlasti Broucek, Sandra Frings and Paul Turner, 2003.
• First Responder Flesh Tone Detection Algorithms for Images
  by Michael Hoeschele & William Gillam, CERIAS Tech Report 2005-16, 2005.
• Forensic Acquisition and Analysis of Magnetic Tapes
  by Bruce J. Nikkel, 2005.
• Forensically Unrecoverable Hard Drive Data Destruction
  by Daniel G. James, 2006.
• Forensic Analysis of the Contents of Nokia Mobile Phones
  by B. Williamson, P. Apeldoorn, B. Cheam & M. McDonald, Edith Cowan University, 2006.
• Forensic analysis of the Windows registry in memory
  by Brendan Dolan-Gavitt, DFRWS Proceedings, 2008.
• Forensic Computing Theory & Practice: Towards developing a methodology for a standardised approach to Computer Misuse
  by Mathew Hannan, Sandra Frings, Vlasti Broucek and Dr. Paul Turner, 2003.
• Forensic Examination of a RIM (BlackBerry) Wireless Device
  by Michael Burnette, 2002.
• Forensic Feature Extraction and Cross-Drive Analysis
  by Simson L. Garfinkel, 2006.
• Forensics and the GSM Mobile Telephone System
  by Svein Yngvar Willassen, 2003.
• Forensic memory analysis: Files mapped in memory
  by R.B. van Baar, W. Alink, and A.R. van Ballegooij, DFRWS Proceedings, 2008.
• Forensics and SIM Cards: An Overview
  by Fabio Casadei, Antonio Savoldi & Paolo Gubian, 2006.
• Forensics Plan Guide
  by Gerald King, 2006.
• A Formalization of Digital Forensics
  by Ryan Leigland & Axel Krings, 2004.
• ForNet: A Distributed Forensics Network
  by Kulesh Shanmugasundaram, Nasir Memon, Anubhav Savant, & Herve Bronnimann, Polytechnic Universty, 2003.
• A Framework for attack patterns’ discovery in honeynet data
  by Olivier Thonnarda, Marc Dacier, DFRWS Proceedings, 2008.
• Freeware Live Forensic Tools Evaluation and Operation Tips
  by Ricci Ieong, 2006.
• Generalising Event Forensics Across Multiple Domains
  by Bradley Schatz, George Mohay & Andrew Clark, Queensland University of Technology, 2004.
• Generalizing Sources of Live Network Evidence
  by Bruce J. Nikkel, 2005.
• Getting Physical with the Digital Investigation Process
  by Brian Carrier & Eugene Spafford, CERIAS, 2003.
• Googling Forensics
  by Benjamin Turnbull, University of South Australia, 2005.
• Hardware-assisted Scanning for Signature Patterns in Image File Fragments
  by Yoginder Dandass, 2007.
• A Hardware-Based Memory Acquisition Procedure for Digital Investigations
  by Brian Carrier and Joe Grand, Digital Forensic Research Workshop, 2004.
• High-speed search using Tarari content processor in digital forensics
  Jooyoung Lee, Sungkyong Un, Dowon Hong, DFRWS Proceedings, 2008.
• An Historical Perspective of Digital Evidence: A Forensic Scientist's View
  by Carrie Morgan Whitcomb, 2002.
• Honeypot-based Forensics
  by F. Pouget & M. Dacier, 2004.
• A Hypothesis-Based Approach to Digital Forensic Investigations
  by Brian Carrier, CERIAS Tech Report 2006-06, 2006.
• The impact of Microsoft Windows pool allocation strategies on memory forensics
  by Andreas Schuster, DFRWS Proceedings, 2008.
• Improving Evidence Acquisition from Live Network Sources
  by Bruce Nikkel, 2006.
• Indexing Information for Data Forensics
  by M.J. Atallah, M.T. Goodrich & R. Tamassia, CERIAS Tech Report 2006-16, 2006.
• An Introduction to Investigating IPv6 Networks
  by Bruce J. Nikkel, 2007.
• Intrusion Detection: Forensic Computing Insights arising from a Case Study on SNORT
  by Vlasti Broucek, Paul Turner, 2003.
• iPod Forensics
  by Christopher Marsico & Marcus Rogers, Purdue University, 2005.
• iPod Forensics: Forensically Sound Examination of an Apple iPod
  by Andrew Przibilla.
• Is the Open Way a Better Way? Digital Forensics Using Open Source Tools
  by Dan Manson, Anna Carlin, Steve Ramos, Alain Gyger, Matthew Kaufman and Jeremy Treichelt, 2007.
• Know Your Enemy: A Forensic Analysis
  by Lance Spitzner, 2000.
• Know Your Enemy: The Tools and Methodologies of the Script Kiddie
  by the Honeynet Project, 2000.
• Know Your Enemy II: Tracking the Blackhat's Moves
  by the Honeynet Project, 2001.
• Know Your Enemy III: They Gain Root
  by the Honeynet Project, 2000.
• Language and Gender Author Cohort Analysis of E-mail for Computer Forensics
  by Olivier del Vel, Malcolm Corney, Alison Anderson & George Mohay, 2002.
• A Lessons Learned Repository for Computer Forensics
  by Warren Harrison et. al., 2002.
• LIARS - Laptop Inspector and Recovery System
  by Andrew Woodward, Edith Cowan University, 2006.
• Limewire examinations
  by Joseph Lewthwaitea, Victoria Smithb, DFRWS Proceedings, 2008.
• Mac OS X Security Part 2: The Mac Forensic Toolkit
  by Ryan Faas, Peachpit, 2007.
• Magnetic Data Recovery – The Hidden Threat
  by Joshua J Sawyer, 2006.
• Md5bloom: Forensic filesystem hashing revisited
  by Vassil Roussev, Yixin Chen, Timothy Bourg, and Golden G. Richard III, 2005.
• MEGA: A tool for Mac OS X operating system and application forensics
  by Robert A. Joyce, Judson Powers, Frank Adelstein, DFRWS Proceedings, 2008.
• MFP: The Mobile Forensic Platform
  by Frank Adelstein, 2002.
• Mobile Handset Forensics Evidence: A Challenge for Law Enforcement
  by Marwan Al-Zarouni, Edith Cowan University, 2006.
• Network Forensics and Privacy Enhancing Technologies "Living" Together in Harmony
  by Giannakis Antoniou & Stefanos Gritzalis, University of Melbourne, 2006.
• A novel approach of mining write-prints for authorship attribution in e-mail forensics
  by Farkhund Iqbal, Rachid Hadjidj, Benjamin C.M. Fung, Mourad Debbabi, DFRWS Proceedings, 2008.
• Open Source Computer Forensics Manual
  An open-source manual for computer forensics covering methodology, process and delving into technical standard operating procedures, available for download via sourceforge. (This is a download link.)
• Open Source Digital Forensics Tools: The Legal Argument
  by Brian Carrier, 2003.
• An Overall assessment of Mobile Internal Acquisition Tool
  by Alessandro Distefano, Gianluigi Me, DFRWS Proceedings, 2008.
• “Out of the Box” Forensics Labs
  by Ronald C Dodge Jr. and Dave Cook, 2007.
• Overcoming Reasonable Doubt in Computer Forensic Analysis
  by Jim Garrett, 2006.
• P2P Computer Forensics Examiners Guide
  by Timothy Fernalld, 2012
• Paradigm Shift in Document Related Frauds: Characteristics Identification for Development of Automated System
  Digital Investigation of Elsevier Science in Volume 3 Issue 1, page 43-55, Gaurav Gupta,, Chandan Mazumdar, M.S. Rao, R.B. Bhosale
• A Portable Network Forensic Evidence Collector
  by Bruce J. Nikkel, 2006.
• Practical Approaches to Recovering Encrypted Digital Evidence
  by Eoghan Casey, 2002.
• Predicting the types of file fragments
  by William C. Calhoun, Drue Coles, DFRWS Proceedings, 2008.
• Pre-Forensic Setup Automation for Windows 2000
  by Flavio de Souza Oliveria, Celio Cqardoso Guimaraes & Paulo Licio de Geus, 2002.
• A Preliminary Examination of Tool Markings on Flash Memory Cards
  by Chris Hu, Edith Cowan University, 2004.
• Preservation of Fragile Digital Evidence by First Responders
  by Special Agent Jesse Kornblum, Air Force Office of Special Investigations, 2002.
• Processing Flash Memory Media
  by Officer Fred Wiechmann, Portland Police Bureau
• Putting the Horse Back in Front of the Cart; At the Crossroads: Taking our Rightful Place in the Forensic Community
  by Peter Stephenson, International Institute for Digital Forensic Studies, 2003.
• PyFlag – An advanced network forensic framework
  by M.I. Cohen, DFRWS Proceedings, 2008.
• Real-Time and Forensic Network Data Analysis Using Animated and Coordinated Visualization
  by Sven Krasser, Gregory Conti, Julian Grizzard, Jeff Gribschaw & Henry Owen, IEEE Workshop on Information Assurance, 2005.
• Recovering deleted data from the Windows registry
  by Timothy D. Morgan, DFRWS Proceedings, 2008.
• A Recursive Session Token Protocol for Use in Computer Forensics and TCP Traceback
  by Brian Carrier & Clay Shields, CERIAS Tech Report 2002-41, 2002.
• A Strategy for Testing Hardware Write Block Devices
  by James Lyle, 2006.
• Structural Analysis of the Log Files of the ICQ Client Version 2003b
  by Kim Morfitt, Edith Cowan University, 2006.
• A Structured Approach to Detect Scanner-Printer used in Generating Fake Document
  International Conference on Information Systems Security (ICISS 2007) to be held in 16th to 20th December 2007 in University of Delhi, Gaurav Gupta, Rashmi Sultania, Somak Mondal, Sanjoy Kumar Saha
• Support for Computer Forensics Examination Planning with Domain Modeling: A Report of One Experiment Trial
  by Alfred Bogen, David Dampier and Jeffrey Carver, 2007.
• A Survey of Forensic Characterization Methods for Physical Devices
  by Nitin Khanna, et. al., 2006.
• To Revisit: What is Forensic Computing?
  by Mathew Hannan, University of South Australia, 2004.
• Taxonomy of Computer Forensics Methodologies and Procedures for Digital Evidence Seizure
  by Krishnun Sansurooah, Edith Cowan University, 2006.
• A Ten Step Process for Forensic Readiness
  by Robert Rowlingson, 2004.
• Towards Identifying Criteria for the Evidential Weight of System Event Logs
  by A. Ahmad & A.B. Ruighaver, University of Melbourne, 2004.
• The Trojan Horse Defense in Cybercrime Cases
  by Susan Brenner, Brian Carrier & Jef Henninger, CERIAS Tech Report 2005-15, 2005.
• TULP2G - An Open Source Forensics Software Framework for Acquiring and Decoding Data Stored in Electronic Devices
  by Jeroen van den Bos & Ronald van der Knijff, Netherlands Forensic Institute, 2005.
• Using Artificial Neural Networks for Forensic File Type Identification
  by Ryan Harris, CERIAS Tech Report 2007-19, 2007.
• Using Every Part of the Buffalo in Windows Memory Analysis
  by Jesse Kornblum, 2006.
• Using the HFS+ journal for deleted file recovery
  by Aaron Burghardt, Adam J. Feldman, DFRWS Proceedings, 2008.
• Using JPEG quantization tables to identify imagery processed by software
  Jesse D. Kornblum, DFRWS Proceedings, 2008.
• Using Linux VMware and SMART to Creat a Virtual Computer to Recreate a Suspect's Computer
  by Ernest Baca.
• Validation of Forensic Computing Software Utilizing Black Box Testing Techniques
  by Tom Wilsdon & Jill Slay, University of South Australia, 2006.
• Voice Over IP: Forensic Computing Implications
  by Matthew Simon & Jill Slay, University of South Australia, 2006.
• What You Don't See On Your Hard Drive
  by Brian Kuepper, 2002.
• Winning the Battles, Losing the War? Rethinking Methodology for Forensic Computing Research
  by Vlasti Broucek and Paul Turner, 2006.
• Wireless Forensic Analysis Tools for use in the Electronic Evidence Collection Process
  by Benjamin Turnbull and Jill Slay, 2007.
• Working with Law Enforcement: Asking the Right Questions
  by Mary Jagim & Mary Ann Teeter Wylie. Geared towards health professionals, but contains material useful to all practitioners who may need to bring in Law Enforcement.