| Paper |
Author |
| Techniques and Tools for Recovering and Analyzing Data from Volatile Memory |
Amari, Kristine |
| Mobile Device Forensics |
Martin, Andrew |
| A Forensic Primer for Usenet Evidence |
Lachniet, Mark |
| Mac OS X Malware Analysis |
Yonts, Joel |
| Data carving Concepts |
Merola, Antonio |
| Ex-Tip: An Extensible Timeline Analysis Framework in Perl |
Cloppert, Michael |
| Logic Models for Computer Forensics |
Garrett, Jim |
| Google Desktop Search as an Analysis Tool |
Poldervaart, Chris |
| Taking advantage of Ext3 journaling file system in a forensic investigation |
Narvaez, Gregorio |
| A Forensic Investigation Plan and Cookbook |
King, Gerald |
| Analysis of a serial based digital voice recorder |
Wright, Craig |
| Analysis of a seized USB Flashdrive |
Yuen, Cheuk Wai |
| Unspoken Truths - Forensic Analysis of an Unknown Binary |
Velocci, Louie |
| Forensic Analysis of a SQL Server 2005 Database Server |
Fowler, Kevvie |
| Forensic Analysis of a Compromised Intranet Server |
Obialero, Roberto |
| Discovery Of A Rootkit: A simple scan leads to a complex solution |
Melvin, John |
| Lessons from a Linux Compromise |
Ritchie, John |
| CC Terminals, Inc.Forensic Examination Report: Examination of a USB Hard Drive |
Duckworth, Brent |
| Forensic Analysis of a Compromised NT Server(Phishing) |
Velazquez, Andres |
| CC Terminals Computer Forensics Analysis Report |
Do, George |
| Analysis of a USB Flashdrive |
Chablais, Christian |
| Forensic Analysis of a USB Flash Drive |
Bennie, Norrie |
| Examining an Unknown Image & Analysis of a compromised Honeypot |
Ramli, Farina |
| Forensic Examination of USB Data storage artifact |
Reardon, Ben |
| Forensic analysis of a provided image |
Pereira, Rudolph |
| Analysis of an unknown USB JumpDrive image |
Hiew, Roger |
| Forensic Analysis on a compromised Windows 2000 system |
Ng, George |
| Forensic Analysis: Leila Conlay versus Robert Lawrence, Harassment Case |
Carpenter, Matthew |
| Forensic Investigation of USB Flashdrive Image for CC Terminals |
Diggs, Rhonda |
| Forensic Analysis of a Misused System |
Shettler, David |
| Forensic analysis of a Fedora Core 3 Notebook |
Halm, Michael |
| Steganography for spies and spybots for hackers |
Christensen, Andrew |
| ANALYSIS OF AN IMAGE PROVIDED FROM THE GIAC WEBSITE |
Reyes Muņoz, Juan Carlos |
| Forensic with Open-Source Tools and Platform: USB Flash Drive Image Forensic Analysis |
Ong, Leonard |
| CC Terminals Harassment Case |
Farrington, Dean |
| Computer forensics investigation - Image file analysis |
Spellane, Michael |
| Careless Crackers kill Computers |
O'Brien, Conall |
| Camouflaged and Attacked? |
Marasky, Bertha |
| Analysis of WinHex |
Dillinger, Jessica |
| Analyze an Unknown Image and Perform Forensic Tool Validation |
Watson, Patricia |
| Forensic Analysis of Camouflage and Validation of X-Ways Forensics Tool |
Aylor, Michael |
| Forensic Image Analysis of a USB Flashdrive |
Heerwagen, Howard |
| Forensic analysis of a seized USB Flashdrive image |
Doyle, Ben |
| Analysis of an unknown disk |
Simsic, Jure |
| Report on the Forensic Analysis of a recovered Floppy Disk |
Armstrong, Steve |
| Analysis of a FAT16 formatted image using Linux, TSK and Autopsy |
Hansen, Ove |
| Oracle Database Forensics using LogMiner |
Wright, Paul |
| Infected or Owned? |
Chuvakin, Anton |
| Analysis of a 64MB Lexar Media USB JumpDrive |
Chen, Joseph |
| Spanish-Forensic Analysis of a Windows 98b system |
Ruiz, Oscar |
| Forensic Analysis on a Windows 2000 Server |
Cassidy, Regis |
| Forensic Analysis of an Apple iBook G4 |
Partida, Alberto |
| NTLast as a Forensic Tool |
Grime, Richard |
| Analyze an image and Perform Forensic |
Pecorella, Francisco |
| Evaluaton of a Zero-Day Worm Variant at a Health Clinic |
Taylor, Jonathan |
| Analyze an Unknown Image and Forensic Tool Validation: Sterilize |
Becker, Steven |
| Analysis of a Windows XP Professional compromised system |
Santander, Manuel |
| Analysis of a Commercial Keylogger installed on multiple systems |
Namuth, Merlin |
| HONORS-Analysis of a USB Flashdrive Image |
Siles, Raul |
| Analysis of a USB Flashdrive Image |
Wenchel, Kevin |
| A Touch of Superiority in Linux |
Griffin, Slade |
| Forensic Analysis of a Windows 2000 Server |
Ghavalas, Byrne |
| Forensic analysis of a Windows XP SP1 |
Ferrill, Rob |
| Forensic analysis of a honeypot RedHat Linux 6.2 |
Read, Mark |
| Compromise analysis of a University SGI Indy workstation running IRIX |
Russel, Chris |
| Forensic analysis of a compromised Solaris server |
Shepherd, Russell |
| Analysis on a compromised RedHat 8.0 machine |
Deline, Jessica |
| Analysis on a compromised Linux RedHat 8.0 Honeypot |
Bryner, Jeff |
| Forensic analysis of a Windows 98 system |
Shenk, Jerry |
| Forensic Analysis on a Windows 2000 system |
Hayday, John |
| Forensic Investigation of a Hacked Redhat 7.1 System |
Khedekar, Nihar |
| Perform Forensic Analysis on a Red Hat Linux release 7.1.2 Server |
Pawar, Pramod |
| Forensic Analysis of a Red Hat Linux release 7.1 Server |
VK, Vijaykumar |
| Use of SSH as a forensic tool |
Bro, Layne |
| Forensic Analysis on a compromised Windows 2000 Honeypot |
Hewitt, Peter |
| Forensic Tool Validation of Compromised Computer Inventory System |
Perry, James |
| How not to use a rootkit |
Wilson, Michael |
| Analysis of a Red Hat Honeypot |
Shewmaker, James |
| Forensic Analysis on a compromised Linux Web Server |
Malone, Jeri |
| Forensic Analysis of a Sun Ultra System |
Chmielarski, Tom |
| Forensic Validity of Netcat |
Worman, Michael |
| Forensic Analysis on a Windows 2000 Pro Workstation |
Cragg, David |
| Forensic Analysis on acquired EBay Hard Drives |
Bunnell, Richard |
| Forensic Analysis on a Linux IPNET challenge syste |
Rinaldi, Alfredo |
| Forensic Analysis of a Windows 2000 Web Server |
Liu, Yi-Chung |
| Evaluation of The Forensic Toolkit |
Kamoshida, Akiteru |
| Forensic Analysis of an EBay acquired Drive |
Wesemann, Daniel |
| Analysis of a Compromised Honeypot-VMware/Linux7.3 |
Hall, Stephen |
| Becoming a Forensic Investigator/Use of Forensic Toolkit |
Maher, Mark |
| Forensic analysis of a Windows 2000 computer literacy training and software development device |
Richard, Golden |
| Sys Admins and Hackers/Analysis of a hacked system |
Fresen, Lars |
| Forensic Analysis of a Windows 2000 server with IIS and Oracle |
Binde, Beth |
| Romanian Winter-Forensic Analysis of a Linux system |
Ladstaetter, Garnot |
| Forensic Analysis of a compromised Sun Ultra 5 workstation |
Madzelan, Carl |
| Forensic analysis of a compromised Linux RedHat 7.3 system |
Miller, Kevin |
| Analysis of a Linux Honeypot |
Hudak, Tyler |
| Forensic Analysis Procedures of a Compromised system using Encase |
McGurk, Jeffrey |
| Analysis of tar2d2 as a Forensic Tool |
Adelstein, Frank |
| Forensic analysis of a Compromised Red Hat 7.2 Web Server |
Walker, Martin |
| Forensic analysis of a Compromised Windows 2000 workstation |
Fraser, Charles |
| Forensic Examination of a home firewall and network services system |
Carlson, Brian |
| Evaluation of Crocwareis Mount Image Pro as a Forensic Tool |
Tower-Pierce, Hugh |
| Forensic Tool Evaluation-Pasco |
Larabee, Rick |
| Forensic Tool Evaluation-MiTeC Registry File Viewer |
Fiscus, Kevin |
| Hidden Data Is Evidence Too/Metadata Assistant tool Evaluation |
Pelcher, Bob |
| Compromised Redhat Linux 7.2 Honeypot Analysis |
Anderson, Jason |
| Forensic analysis/process for a Windows 2000 SP2 Pro with IIS installed |
Callahan, Jennie |
| Trash and Treasure-Computer Forensics and Public Domain Data (Bmap Tool Analysis) |
Scott, Michael |
| Evaluation of Forensics SF-5000u as forensic Hardware |
Hickey, Steven |
| Hackers and Trackers(Linux Forensic Analysis) |
Scott, Andy |
| Review of Foundstone Vision as a forensic tool |
Bingham, Bil |
| Forensic Analysis of a RedHat 7.1 Server with Apache Web Server |
Sierra, Aaron |
| Analysis of a Suspect Red Hat 6.2 Linux Server |
Venere, Guilherme |
| Forensics under Brazilian Legislation(HoneyPot evaluation) |
Piccolini, Jacomo |
| Piping a Shell in a ICMP Tunnel-A Forensic Study of Malicious Code |
Noakes, Robert |
| Analysis of an IRC-bot compromised Microsoft Windows system |
Kolde, Jennifer |
| Eavaluation of Linux ext2 file system debugger/debugfs for forensic use |
Harvey, Michael |
| Evaluation of Windows Forensic Toolchest |
McDougal, Monty |
| An Endeavor Down the Forensic Highway(Windows 2000 Professional) |
Westphal, Kristy |
| Forensic Analysis of a Honeypot Redhat 6.2 system |
Olensky, Sven |
| Forensic Analysis of a Compromised Windows NT4 workstation |
Hammill, Adrian |
| Analysis of a Windows 2000 corporate web server |
Cordeschi, Carlo |
| Forensic event with a Microsoft Windows 2000 Server |
Nolin, Norbert |
| Validaton of icat and ils for Forensic Use |
Gabler, David |
| Safe at Home? |
Perez, David |
| Evaluation of a Honeypot Windows 2000 Server with an IIS Web/FTP Server |
Pearlstein, Kenneth |
| Forensic Tool Validation, and Legal Issues of Incident Handling |
Vera, Christopher |
| Forensic Analysis and process of a Mandrake Linux 9.1 system |
Da Cruz, Dennis |
| Binary Analysis, Forensics and Legal Issues |
Wyman, Michael |
| Analyses of Italian Malware, Romanian Rootkits, and United States Computer Law |
Ford, Michael |
| Forensic Analysis of a Compromised System |
Lee, Richard |
| Analysis of a compromised RedHat 6.2 web server running Apache |
Filmer, Bradley |
| If it quacks like a duck, is it really a duck? |
Hall, Andrew |
| Forensic Analysis of Shared Workstation |
Kerr, Michael |
| Ironically , Some Targets Are Harder Than Others |
Clarkson, Michael |
| Legal Issues of Computer Incident Handling |
Psaila, Helen |
| Forensics and Incident Response : Three Investigations |
Hutson, Brian |
| Digging covert tunnels Analysis of an unknown binary |
Murr, Michael |
| Computer Forensic Analysis of an Unknown Binary and The Complete Computer Forensic Investigation of a Hard Drive |
Capellini, Brian |
| An Exercise In Practical Computer Forensic Analysis |
Campaign, Adam |
| Forensic Analysis of a MUD Gaming/Development Server |
Banghart, John |
| Forensic Investigation, Analysis, Documentation, and Law |
Prentner, Karl |
| Forensic Analysis of Suplused system hard drives |
Bellamy, Jr., William |
| Analyzing a Binary File and File Partitions for Forensic Evidence |
Butler, James |
| Open Source Forensic Analysis - Windows 2000 Server - |
Arnes, Andre |
| Forensic Analysis of Another Honeypot |
Lisman, Jarrad |
| Forensic Analysis Think pad 600 laptop running Windows 2000 server |
Bowers, Brad |
| Analysis of a Suspect Red Hat Linux 7.2 System Running Apache v1.3.22 |
Lee, Christopher |
| EasyRecovery Professional (ER Pro) |
Khalid, Kamarul Baharin |
| A Proposal for a Binary Comparison Technique |
Lamastra, Gerardo |
| Forensic Analysis of dual bootable Operating System (OS) running a default Red Hat 6.2 Linux server installation and Windows 98 |
Othman, Mohd Shukri |
| Analysis of a Software Write Blocker - That Works? |
Chevalier, Suzanne |
| Forensic Analysis of an unfamiliar Windows 2000 system |
Kurasiewicz, Jeff |
| An Examination of a Compromised Solaris Honeypot, an Unknown Binary, and the Legal Issues Surrounding Incident Investigations |
Mccauley, Robert |
| Analysis of LOKI2, Using mtree as a Forensic Tool, and Sharing Data with Law Enforcement |
Korty, Andrew |
| Forensic Studies in the Digital World |
de Jong, Mark |
| System Analysis of a Compromised Windows 2000 Professional System |
Stuart, Robin |
| Loki & the Honeypot: Forensic Analyses |
Geiger, Matthew |
| Use of sg_dd for Computer Forensics |
Stone, Michael |
| Forensic Analysis of a Discarded University Computer System |
Craiger, Philip |
| Analysis of a Suspect Windows 2000 Server SP3 Running IIS |
Faber, Sid |
| Forensic analysis of a compromised RedHat Linux 7.0 system |
Cunningham, Jacob |
| Analysis of a Compromised Honeypot on a Cable Modem |
Schlereth, Matthew |
| Validation of Norton Ghost 2003 |
Brozycki, John |
| Validation of NTLast v3.0 |
Dolak, John |
| Analysis of a Suspect Red Hat Linux 6.2 System |
Strubinger, Ray |
| Analysis of a Suspect Windows 95 SR2 System |
Filiberto, James |
| Validation of TASK v1.50 fsstat and dstat |
Ginski, Richard |
| A Search for the Origin of a September 2001 Bomb Threat |
Curd, Bill |
| Validation of The Coroner's Toolkit v1.11 mactime |
Dalton, Matthew |
| Validation of GNU tar v1.13.19 & v1.13.25 and GNU cpio v2.4.2 & v2.5 |
Calabrese, Chris |
| Analysis of a Compromised Windows NT 4.0 Server Running MS SQL Server 7.0 |
Lukacs, Steven |
| Validation of GNU strings v2.11.90.0.8 |
Desai, Neil |
| Validation of Process Accounting Records |
Clausing, Jim |
| Analysis of a Honeypot running Red Hat Linux 6.2 |
Murphy, Keven |
| Analysis and Comparison of Red Hat Linux 6.2 Honeypots With & Without LIDS-enabled Kernels |
Owen, Greg |
| Analysis of a Suspect Red Hat Linux 6.2 System |
Van Riper, Ryan |
| Analysis of a Compromised Red Hat Linux 7.2 System |
Pierce, Jerry |
| Analysis of an Unknown Red Hat Linux 7.3 System |
Pedersen, Stephen |
| Analysis of an Unknown Mac OS X Public Beta System Using Mac OS X 10.2 |
Miller, Roland |
| Validation of ISObuster v1.0 |
Dietz, Steven |
| Analysis of a Suspect Windows XP Professional System |
Wagner, Dave |
| Analysis of a Potentially Misused Windows 95 System |
Leibolt, Gregory |
| Validation of Restorer 2000 Pro v1.1 (Build 110621) |
Brooker, Denis |
| Validation of a Modified UNIX "script" Command to Monitor Shell Sessions |
Barnett, Ryan |
| Analysis of a Suspect Red Hat Linux 6.1 System |
Fung, James |
| Analysis of a Virus Infected Windows 98 SE System |
Hayler, Richard |
GIAC Certification
"This is awsome! We're seeing details that most people don't even know exist" - John Wright, Info Tech, Inc.
"The class provided in-depth, real world, hands-on information" - Robert Dale Drollinger, General Dynamics
SANS Institute
