Computer Forensics Procedures and Methods

Abstract : Computer forensics involves the preservation, identification, extraction and documentationof digital evidence in the form of magnetically, optically, or electronically stored media. Itis a relatively new science that is becoming increasingly important as criminalsaggressively expand the use of technology in their enterprise of illegal activities. Thischapter is a technical  introduction and overview to some of the fundamental methods and procedures of computer forensics. The topics covered parallel the order in which computer forensic procedures are typically conducted, beginning with process of creating a bit-stream image of the evidence and subsequent verification of the evidence using one-wayhash functions. Two forms of forensic analysis are covered, including logical and physicalanalysis procedures. Analytic procedures we demonstrate include hash and signatureanalysis; keyword and email searches; recovery and analysis of cookies, print spool andapplication residual files; slack and unallocated space analysis; manual recovery of deletedfiles; behavioral timelines creation; and collecting evidence from running systems. Weclose the chapter by describing several commercial tools.

Read more & Download in here

NetworkMiner packet analyzer 1.2

NetworkMiner is a Network Forensic Analysis Tool (NFAT) for Windows. NetworkMiner can be used as a passive network sniffer/packet capturing tool in order to detect operating systems, sessions, hostnames, open ports etc. without putting any traffic on the network. NetworkMiner can also parse PCAP files for off-line analysis and to regenerate/reassemble transmitted files and certificates from PCAP files.

NetworkMiner collects data (such as forensic evidence) about hosts on the network rather than to collect data regarding the traffic on the network. The main user interface view is host centric (information grouped per host) rather than packet centric (information showed as a list of packets/frames).

Platform Windows


  • Network Forensics
  • Network Sniffing
  • PCAP Parser
  • Digital Forensics
  • Packet Sniffer

Download : NetworkMiner 1.2.Zip

Read More In Here :

What a Honeypots?

A HONEYPOT is an information system resource whose value lies in unauthorized or illicit use of that Resource

It is defined as a computer system on the Internet that is expressly set up to attract and “trap” people who attempt to penetrate other person’s computer systems. Honeypot is a trap; an electronic bait. It is a computer or network resources that appear to be a part of the network but have been deployed as a honeypot can be as simple as a single computer running a program to listen on any number of ports; when a connection is made, the program logs the source IP and alerts the owner with an e-mail. The concept of Honeypots in general is to catch malicious network activity with a prepared machine. This computer is used as bait. A valuable compromised data is collected with the help of software that permanently collects data when a honeypot is attacked. This information is more of a surveillance and early warning tool that which also serves as an aid to computer and network forensics…[Read More In Here] . PDF Format

Source :

Update IP-Link 0.2

The goal of IP-Link is to show the relationships between different IP addresses from network traffic capture, thus quickly determining for a given address the IP address with which it communicates the most.

Release Notes: This version introduces the generation of Bézier curves. It is now possible to see the relations between IP and ports. The tutorial has been updated.

  • Python 2.7 or higher (of course, you have it already) ;
  • tcpdump;
  • Python SQLite interface.

Download & Read More in Here :