Links for Chapter Lectures

Ch 1a: Digital Forensics Backlog (Aug., 2012)
Ch 1b: Dennis Rader - Wikipedia
Ch 1c: Oops! Did Vice Just Give Away John McAfee's Location With Photo Metadata?
Ch 1d: Google's Billion Dollar eDiscovery Error
Ch 1e: Geotagging poses security risks The United States Army
Ch 1f: Meet the High-Ranking SEC Official Who Surfed Porn While Your 401K Vanished
Ch 1g: High Technology Crime Investigation Association
Ch 1h: SWGDE (Scientific Working Group on Digital Evidence)
Ch 1i: American Academy of Forensic Sciences
Ch 1j: ASCLDLAB (American Society of Crime Laboratory DirectorsLaboratory Accreditation Board)
Ch 1l: NIST - Computer Forensics
Ch 1k: ASTM E2763 - 10 Standard Practice for Computer Forensics

Ch 2a: ASCII - Wikipedia
Ch 2b: Unicode - Wikipedia
Ch 2c: Byte order mark - Wikipedia
Ch 2d: GIF Specification (Header on Page 7)
Ch 2e: Compact Disc - Wikipedia
Ch 2f: Princeton study on data retention in RAM
Ch 2g: Cloud Computing Legalities Infographic
Ch 2h: Instagram Wants To Sell Users' Photos Without Notice (Dec. 18, 2012)
Ch 2i: Instagram Loses Almost Half Its Daily Users In a Month (Jan. 14, 2013)
Ch 2j: Summary of the December 24, 2012 Amazon ELB Service Event in the US-East Region
Ch 2k: Amazon Web Services - Wikipedia
Ch 2l: Fastest Growing Startups (from 2011)
Ch 2m: Cloud computing - Wikipedia
Ch 2n: Defcon PDP11 02
Ch 2o: File Allocation Table - Wikipedia
Ch 2p: FAT16 vs. FAT32
Ch 2q: How NTFS Works
Ch 2r: B-tree - Wikipedia

Ch 3a: Best Practices In Digital Evidence Collection
Ch 3b: When Experts Lie: Fred Zain
Ch 3c: NIST Computer Forensic Tool Testing Program
Ch 3d: FTK 4 Hardware Requirements
Ch 3e: Cellebrite - Mobile Forensics and Data transfer solutions
Ch 3f: Creating a Cellular Device Investigation Toolkit: Basic Hardware and Software Specifications
Ch 3g: SANS SIFT KitWorkstation: Investigative Forensic Toolkit Download

Ch 4a: AFF - Forensics Wiki
Ch 4b: DuPont v. Kolon: A Lesson In How To Avoid Sanctions For Spoliation Of Evidence
Ch 4c: DuPont v. Kolon: Judge Payne Issues Breathtaking 20-Year Worldwide Injunction barring Kolon from Making Body Armor Fiber for Theft of DuPont's Kevlar Trade Secrets

Ch 5a: CurrentControlSet (Windows) Forensic Artifacts
Ch 5b: A Forensic Analysis Of The Windows Registry
Ch 5c: A Windows Registry Quick Reference
Ch 5d: Forensically interesting spots in the Windows 7, Vista and XP file system and registry (and anti-forensics)
Ch 5e: windows - Getting the Username from the HKEY_USERS values - Stack Overflow
Ch 5f: Well-known security identifiers in Windows operating systems
Ch 5g: Computername registry key
Ch 5h: Get Last Logged On User From Registry (different in Win XP and Win 7)
Ch 5i: Hibernate - Enable or Disable - Windows 7 Support Forums
Ch 5j: UserAssist Didier Stevens
Ch 5k: regripper
Ch 5l: SANS Forensic Artifact 6: UserAssist
Ch 5m: Computer Account Forensic Artifact Extractor
Ch 5o: Well-known security identifiers in Windows operating systems
CH 5p: Registry Hack: Enable Or Disable The Recycle Bin At Will!
Ch 5q: Windows Forensic Analysis DVD Toolkit - Harlan Carvey - Google Books
Ch 5r: The Sleuth Kit and macr timestamps
Ch 5s: Original John McAfee Photo with Metadata
Ch 5t: Jeffrey's Exif viewer
Ch 5u: Dangers of Metadata (pdf)
Ch 5v: Microsoft Office 2010 Document Inspector
Ch 5w: Metadata removal tool - Wikipedia
Ch 5x: ESCForensics: Analyzing Thumbcache
Ch 5y: Prefetch Parser
Ch 5z: What is the prefetch folder?
Ch 5z1: RecentFilesView - View the list of recently opened files

Ch 6a: ROT13 - Wikipedia
Ch 6b: NIST Special Publication 800-78-3 -- recommends 2048 bits for RSA keys
Ch 6c: View Your BitLocker Recovery Key in Your Microsoft Account
Ch 6d: Busted Alleged Russian Spies Used Steganography To Conceal Communications
Ch 6e: SARC - Steganography Analysis and Research Center : Home

Ch 7a: Porn, the Harvard dean and tech support
Ch 7b: Communications Assistance for Law Enforcement Act
Ch 7c: CALEA FAQ Electronic Frontier Foundation
Ch 7d: What is the USA Patriot Act -- Dept of Justice
Ch 7e: PATRIOT Act Electronic Frontier Foundation
Ch 7f: National Security Letters Electronic Frontier Foundation
Ch 7g: Shocker: Court Says National Security Letters Are Unconstitutional, Bans Them (March 15, 2013)
Ch 7h: Voluntary Consent to Search Form

Ch 8a: Who Wrote the Flashback OS X Worm?
Ch 8b: Gnutella - Wikipedia
Ch 8c: Where are Index.dat files located?
Ch 8d: Index.dat Reader for Windows 7 Vista
Ch 8e: Ghostery
Ch 8e: Chrome Web Store - Edit This Cookie
Ch 8g: HTTPS Caching and Internet Explorer
Ch 8h: Yahoo shuts chat rooms promoting adult-child sex (from 2005)
Ch 8i: IRC: 99.9 illegal
Ch 8j: Microsoft emails focus on DR-DOS threat
CH 8k: Oracle counsel quizzes Google's Rubin about Java emails
Ch 8l: Obama: first president to use email?
Ch 8m: Personal Storage Table - Wikipedia
Ch 8n: Yahoo Compliance Guide for Law Enforcement

Other Links

Forensic Toolkit 4.1 Download AccessData
Download ProDiscover Basic Edition
Digital Forensics Test Images
Free JPEG Data Carving Tool
PhotoRec -- Free Data Carving Software
Foremost (software) - Free Data Carving Software
PhotoRec Step By Step - CGSecurity
Honeynet Challenge dd image of a floppy
Fix zip file with DiskInternals ZIP Repair --It Works!
Introduction to ProDiscover Slides
Structure of FAT Disk
FAT disk description
looking for lost data in unallocated space on NTFS--good advice in this thread
File Signatures - useful JPEG header info
FTK Imager: file carving using the MFT --USEFUL INFORMATION
Examining Data Runs of a Fragmented File in NTFS
MetaData and Information Security
SSD firmware destroys digital evidence, researchers find
Solid State Drives: The Beginning of the End for Current Practice in Digital Forensic Recovery? (2010)
Why SSD Drives Destroy Evidence (2012) --Happens in Win 7 but not Win XP!
Recovering data from erased or formated SD and USB media
Of solid state drives and garbage collection Ars Technica
Make Sure TRIM Is Enabled for Your Solid State Drive in Windows 7 for Better Performance
Mac Forensics: Mac OS X and the HFS+ File System
Deleted Data Evaporates from a MacBook Air in an Hour
Dd - Destroyer of Disks
Forensic Live CD issues - They sometimes write to evidence drives!
All-Zero Hash Calculator
Anti-forensic images to show liveCDs failing
Raptor 2.5 - Forensic Acquisition and Preview - Simplified
Antiforensics image prevents Raptor from booting
How To: Forensically Image a Late 2010 Model A1370 Macbook Air
DEFT Linux - Computer Forensics live cd
USB write-blocking via the Registry doesn't protect evidence well
Digital Forensic SIFTing: How to perform a read-only mount of filesystem evidence
How To: Forensically Sound Mac Acquisition In Target Mode
Mac OS Forensics How-To: Simple RAM Acquisition and Analysis with Mac Memory Reader (Part 1)
Mac OS Forensics How-To: Simple RAM Acquisition and Analysis with Mac Memory Reader (Part 2)
Anti-Forensics The Rootkit Connection (from 2009)
Dd - Destroyer of Disks -- Excellent examples
MFT vs Super Timeline: Part 1
Overwriting Hard Drive Data: The Great Wiping Controversy (from 2008)
Local evidence time zone for FAT and NTFS evidence
File Times (Windows)
Sleuth Kit and Mac OS X -- macb times explained
Best explanation of MACB timestamps
How to determine the current control set from a registry image
Digital Assembly - A smart choice for photo forensics
Ch 5n: Encrypted Fax Service
Microsoft Windows File System Tunneling
Using LiME & Volatility to analyze Linux memory - YouTube
Analyzing Meterpreter infection with Redline - YouTube
Using Cuckoobox & Volatility to analyze APT1 malware - YouTube
Ch0rt's slides re DFIR
'Dementia' Wipes Out Attacker Footprints In Memory (From Jan.) --A simple zip bomb (antifornsics)
Volatility Cheat Sheet
Open Source Forensics for Windows, MacOS, and Linux: DFF
Anti-Forensics -- Part 1 -- EXCELLENT
Decrypting Apple FileVault Full Volume Encryption
iPhone Forensics -- Analysis of iOS 5 backups (from 2012)
Tracking Emails Through Headers

New Unsorted Links

Autopsy: Description -- including file viewing
GUI - Digital Forensics Framework
Ch 9a: Jerome Kerviel, The Most Indebted Person In The World, Owes $6.3 Billion
Ch 9b: NIKSUN NetIntercept
Ch 9c: NetIntercept
Cloud Forensics with F-Response
Ch 10a: Cell site - Wikipedia
Ch 10b: Electronic serial number - Wikipedia
Ch 10c: International Mobile Station Equipment Identity - Wikipedia
Ch 10d: US carriers agree to build stolen phone database, blacklist hot handsets
Ch 10e: Integrated Digital Enhanced Network - Wikipedia
Ch 10f: Mobile OS Market Share
Ch 10h: Barack Obama's BlackBerry 'no fun'
Ch 10i: Windows Phone - Wikipedia
Ch 10j: How to Secure Your Android Phone
Ch 10k: Damn You Auto Correct!
Ch 10l: Which Telecoms Store Your Data the Longest? Secret Memo Tells All
Ch 10m: Carrier IQ: What it is, what it isn't, and what you need to know
Ch 10n: Wi-Fi positioning system - Wikipedia
Ch 10o: Cell Tower Triangulation -- How it Works
How to use MANDIANT Memoryze
Ch 10p: Welcome to BitPim
Ch 10q: Oxygen Forensic Suite 2013 - Screenshots of Forensic Software for Cell Phones, Smartphones and other Mobile Devices
Ch 10r: Device Seizure by Paraben
Ch 10s: MPE Mobile Phone Forensics
Ch 10t: Reasons to Upgrade to EnCase Forensic V7
Ch 10u: What is the difference between Waypoints, Tracks, and routes on a Garmin GPS?
Ch 11a: Cloud computing - Wikipedia
Ch 11b: Dropbox - What is Packrat?
Ch 11c: Understanding SSDs
Ch 11d: Internal Structure of an SSD
Ch 11e: SSD Myths and Legends - 'write endurance' article in
How to image cloud servers for free
TrIDNet - File Identifier
MoonSols DumpIt goes mainstream ! RAM Acquisition
MoonSols Windows Memory Toolkit Win32dd and Win64dd
Mandiant Redline Download
Letters from the edge: Rajib Mitra cried out in despair before dying in Dane County jail - from 2003, TrueCrypt forensics example
Memory Forensics: How to Pull Passwords from a Memory Dump with Volatility
Mac Memory Analysis with Volatility
It works! Password hashes from a memory image, extracted with Volatility