SANS Forensic Community provides analysts with a variety of forensic resources. Interact with your fellow analysts and forensic experts on the SANS Forensic Blog, discover solutions to forensic related issues with a multitude of White Papers, or peruse a variety of industry related news and blog sites.
SANS is continually updating and adding information to this page, so check back often to see what's new.
- SANS Computer Forensics Blog
- SANS Forensics Reading Room - White papers on Forensics
- SANS Computer Security Newsletters
Washington Post Security Page
Computer Forensic Blogs
- Windows Incident Response Blog
- Computer Forensics, Malware Analysis & Digital Investigations
- Computer Forensics Information
- Forensic Secure Blog
- Jesse Kornblum's Blog
- Computer Forensics - International
- Forensic Computing
- Alexander Geschonneck's Security Blog
- Forensic Focus Computer Forensic Community
- Forensic Incident Response Blog
- Matthieu Suiche's Blog
- Advanced Memory Forensics Blog
- Mandiant Blog
- Digital Forensics Notes
- The Digital Standard Blog
- Digital Forensics Solutions Blog
- Forensics Blog
- Digital Forensics Source
- Ralph Losey E-Discover Team Blog
- Granick Blog
- Ride the Lightning Blog
- Electronic Data Discovery
- Electronic Discovery Law
- Electronic Data Law
Computer Forensics Podcasts
Computer Forensics Wiki
Reverse-Engineering MalwareLenny Zeltser's fighting malware articles:
The International Society of Forensic Computer Examiners
Law Enforcement Links
This section is intended to provide Digital Forensic investigators a resource for appropriate contact and process logic contained in the Legal Spy guides published.
These documents were created to assist Law enforcement and appropriate investigators of what can be provided and the methodology for request. The guides were generally considered confidential in nature when distributed. It is not my intent to break confidentiality of the source or creator. It is intended to assist in digital forensic discovery. Many of these documents are strictly intended for Law Enforcement and not corporate investigations. This should not deter the reader in my opinion using the contact information provided.
The published documents contain appropriate process for requests and available detail from the source. Some links listed are example documents or public record examples of evidence gathered. The guides/handbooks were originally created and provided for informational purposes to all law enforcement and legal requests.
The following sources have been referenced and published from Cryptome.org:
- Microsoft Online Services Global Criminal Compliance Handbook
- eBay/PayPal Law Enforcement Guide
- MySpace.com Law Enforcement Investigators Guide
- Comcast Cable Law Enforcement Handbook
- AOL Law Enforcement Manual
- Responding to Law Enforcement Records Requests on Skype
- Notice to parties serving subpoenas on Cox Communications
- Ning Law Enforcement Compliance Guide
- myYearbook.com Law Enforcement Guidelines
- Law Enforcement Guide for Stickam.com
- USPS Procedures 1 and USPS Procedures 2
- Cisco's Guide
- 3GPP Lawful Interception and Security
- Verizon Law Enforcement Legal Compliance Guide
- Sprint CALEA Delivery System
- Sprint Corporate Security Electronic Surveillance Manual
- Nextel's Guide For Law Enforcement
- Voicestream Law Enforcement Reference Guide
- Yahoo Compliance Guide for Law Enforcement
- Obtaining Customer Records from SBC-Ameritech
- Ameritech Law Enforcement Reference Guide
- Cingular Wireless Legal Process & Court Orders
- Cricket Communications
- Pactel Law Enforcement Reference Guide
- GTE Security Control Information
There are three key elements found in each guide. These assist the investigator when conducting an authorized investigation and they are:
- Contact address, Phone number, email address and hours of access for the Provider/Corporate Security
- What detail can and cannot be delivered by the provider. This includes retention duration of the data available.
- Description on the process and requirements for making a request. The capability of the provider response depends upon the authority of the request. A Statute or Judicial request is handled differently than a Law Enforcement inquiry as is a corporation's legal request. It should be understood; these requests do not come without cost. The cost to process a request may exceed $10,000 depending upon request and duration. Some requests cost much less. There are some providers that do not appear to have a charge associated with the service.
In many of the guides, there is also a template or form to use when making a request. It is useful to know these details when conducting an investigation. The same logic of Time Based Security can be applied to responding to evidence acquisition. The clock is ticking, the longer the delay, the greater the potential for lost evidence.
Special thanks to Steven Dietz for compiling this list.