Wednesday, August 18, 2010
Restablishing the SIC communication for Checkpoint
FirewallA[admin]# cpconfig
This program will let you re-configure
your Check Point products configuration.
Configuration Options:
----------------------
(1) Licenses
(2) SNMP Extension
(3) PKCS#11 Token
(4) Random Pool
(5) Secure Internal Communication
(6) Enable Check Point High Availability/State Synchronization
(7) Automatic start of Check Point Products
(8) Exit
Enter your choice (1-8) :5
Configuring Secure Internal Communication...
============================================
The Secure Internal Communication is used for authentication between
Check Point components
Trust State: Trust established
Would you like re-initialize communication? (y/n) [n] ? y
Note: The Secure Internal Communication will be reset now.
No communication will be possible until you reset and re-initialize the
communication properly!
Are you sure? (y/n) [n] ? y
Enter Activation Key: xyz123
Again Activation Key: xyz123
initial_module:
Compiled OK.
Hardening OS Security: Initial policy will be applied until the first
policy is installed
The Secure Internal Communication was successfully initialized
Configuration Options:
----------------------
(1) Licenses
(2) SNMP Extension
(3) PKCS#11 Token
(4) Random Pool
(5) Secure Internal Communication
(6) Enable Check Point High Availability/State Synchronization
(7) Automatic start of Check Point Products
(8) Exit
Enter your choice (1-8) :8
Thank You...
You have changed Check Point products Configuration.
You need to restart ALL Check Point modules (performing cpstop &
cpstart)
in order to activate the changes you have made.
Would you like to do now? (y/n) [y] ? y
VPN-1/FW-1 stopped
SVN Foundation: cpd stopped
SVN Foundation: cpWatchDog stopped
SVN Foundation stopped
initial_module:
Compiled OK.
Hardening OS Security: Initial policy will be applied
until the first policy is installed
cpstart: Start product - SVN Foundation
SVN Foundation: Starting cpWatchDog
SVN Foundation: Starting cpd
SVN Foundation started
cpstart: Start product - FireWall-1
FireWall-1: starting external VPN module -- OK
FireWall-1: Starting VPN-1 Accelerator Card
VPN-1: The VPN Accelerator driver is not responding
VPN-1 Accelerator Card is not enabled
FireWall-1: Failed to start VPN-1 Accelerator Card
FireWall-1: Starting fwd
Installing Security Policy InitialPolicy on all.all@FirewallA
Fetching Security Policy from localhost succeeded
Fetching Security Policy From: 192.1.1.1
Fetch failed: Connection failed - SIC failure
Policy Fetch Failed
Failed to fetch policy from masters in masters file
FireWall-1 started
cpstart error: UserAuthority was not started, marked as not active.
cpstart error: FloodGate-1 was not started, marked as not active.
cpstart error: SmartView Monitor was not started, marked as not active.
cpridstop: cprid stopped
cpridstart: Starting cprid
[1] 21300
FirewallA[admin]#
FirewallA[admin]#
Also Reset SIC on the firewall object from the Security Policy:
1.Double click on the Firewall Object on Policy
2.Click on Communication.
3.Click on Reset Button.
4.Put the activation key
5.Put the activation Key on Confirm Activation Key
6.Click on Initialize button.
7.Click on Test SIC status.
8.Push the policy
Verify the policy push on the firewall.
This program will let you re-configure
your Check Point products configuration.
Configuration Options:
----------------------
(1) Licenses
(2) SNMP Extension
(3) PKCS#11 Token
(4) Random Pool
(5) Secure Internal Communication
(6) Enable Check Point High Availability/State Synchronization
(7) Automatic start of Check Point Products
(8) Exit
Enter your choice (1-8) :5
Configuring Secure Internal Communication...
============================================
The Secure Internal Communication is used for authentication between
Check Point components
Trust State: Trust established
Would you like re-initialize communication? (y/n) [n] ? y
Note: The Secure Internal Communication will be reset now.
No communication will be possible until you reset and re-initialize the
communication properly!
Are you sure? (y/n) [n] ? y
Enter Activation Key: xyz123
Again Activation Key: xyz123
initial_module:
Compiled OK.
Hardening OS Security: Initial policy will be applied until the first
policy is installed
The Secure Internal Communication was successfully initialized
Configuration Options:
----------------------
(1) Licenses
(2) SNMP Extension
(3) PKCS#11 Token
(4) Random Pool
(5) Secure Internal Communication
(6) Enable Check Point High Availability/State Synchronization
(7) Automatic start of Check Point Products
(8) Exit
Enter your choice (1-8) :8
Thank You...
You have changed Check Point products Configuration.
You need to restart ALL Check Point modules (performing cpstop &
cpstart)
in order to activate the changes you have made.
Would you like to do now? (y/n) [y] ? y
VPN-1/FW-1 stopped
SVN Foundation: cpd stopped
SVN Foundation: cpWatchDog stopped
SVN Foundation stopped
initial_module:
Compiled OK.
Hardening OS Security: Initial policy will be applied
until the first policy is installed
cpstart: Start product - SVN Foundation
SVN Foundation: Starting cpWatchDog
SVN Foundation: Starting cpd
SVN Foundation started
cpstart: Start product - FireWall-1
FireWall-1: starting external VPN module -- OK
FireWall-1: Starting VPN-1 Accelerator Card
VPN-1: The VPN Accelerator driver is not responding
VPN-1 Accelerator Card is not enabled
FireWall-1: Failed to start VPN-1 Accelerator Card
FireWall-1: Starting fwd
Installing Security Policy InitialPolicy on all.all@FirewallA
Fetching Security Policy from localhost succeeded
Fetching Security Policy From: 192.1.1.1
Fetch failed: Connection failed - SIC failure
Policy Fetch Failed
Failed to fetch policy from masters in masters file
FireWall-1 started
cpstart error: UserAuthority was not started, marked as not active.
cpstart error: FloodGate-1 was not started, marked as not active.
cpstart error: SmartView Monitor was not started, marked as not active.
cpridstop: cprid stopped
cpridstart: Starting cprid
[1] 21300
FirewallA[admin]#
FirewallA[admin]#
Also Reset SIC on the firewall object from the Security Policy:
1.Double click on the Firewall Object on Policy
2.Click on Communication.
3.Click on Reset Button.
4.Put the activation key
5.Put the activation Key on Confirm Activation Key
6.Click on Initialize button.
7.Click on Test SIC status.
8.Push the policy
Verify the policy push on the firewall.
TIPS for how to manage the CheckPoing firewall
1. Use the latest version of the OS software available for your particular firewall. Install the latest patches and if possible/applicable, the latest software version available.
2. Use a stealth Rule at the top of the rule base.
What is a stealth rule? A stealth rule is a rule which disallows any communication to the firewall itself from unauthorized networks/hosts. It is a rule to protect the firewall itself from attacks.
3. Place the most commonly used or accessed rules on the top of the rule base. When a packet reaches a firewall it gets checked against the rulebase of the firewall from top down. Once it matches a rule, it is either accepted, denied or acted upon depending on what the action defined is. So it is best to place the most accessed rules on top of the rule base so that it need not get matched against all the rules in rule base. This would decrease load on the firewall.
4. Keep the rulebase as simple as possible. Do not allow access to anything and everything. Give access only if it is needed or required.
5. Use object groups where possible and combine similar rules into one rule. This would keep the rule base short and simple and thus reduce the load on the firewall.
6. If your network is using VPN, then give preference to use AES 128 where ever possible. Some firewalls like the popular Checkpoint Firewall, recommend AES 128 over 3DES and AES 256, in terms of firewall load and performance issues. Check with your firewall manufacturer which encryption would provide best performance on the given make, taking into consideration that security is also one of your main priorities.
7. Keep logging to a minimum. Example: If you have a couple of busy web servers, then logging each and every http connection might bring in addition load onto the firewall and also fill up the log server quickly.
8. Try to implement High Availability if your budget would allow that. This would reduce the down time of your network considerably. If a firewall is down it would mean that pretty much most of your operations are down. If High Availability is implemented, then even if the primary were to fail, the secondary would take over. Firewall Clustering is something which can provide your firewall both redundancy and load sharing. Check with the manufacturer if it is available.
9. If there are too many VPN connections that need to connect to your network, then try to get a dedicated VPN device. How many connections are too many connections? Check the firewall manufacturer’s manual. Another way of doing it is checking the load on the firewall – memory, cpu utilization etc.
10. End your rule base with a clean up rule or a ANY ANY DENY rule. Try to also log this rule. This would assist you in analyzing the dropped connections in case you ever attacked or even while simple troubleshooting.
2. Use a stealth Rule at the top of the rule base.
What is a stealth rule? A stealth rule is a rule which disallows any communication to the firewall itself from unauthorized networks/hosts. It is a rule to protect the firewall itself from attacks.
3. Place the most commonly used or accessed rules on the top of the rule base. When a packet reaches a firewall it gets checked against the rulebase of the firewall from top down. Once it matches a rule, it is either accepted, denied or acted upon depending on what the action defined is. So it is best to place the most accessed rules on top of the rule base so that it need not get matched against all the rules in rule base. This would decrease load on the firewall.
4. Keep the rulebase as simple as possible. Do not allow access to anything and everything. Give access only if it is needed or required.
5. Use object groups where possible and combine similar rules into one rule. This would keep the rule base short and simple and thus reduce the load on the firewall.
6. If your network is using VPN, then give preference to use AES 128 where ever possible. Some firewalls like the popular Checkpoint Firewall, recommend AES 128 over 3DES and AES 256, in terms of firewall load and performance issues. Check with your firewall manufacturer which encryption would provide best performance on the given make, taking into consideration that security is also one of your main priorities.
7. Keep logging to a minimum. Example: If you have a couple of busy web servers, then logging each and every http connection might bring in addition load onto the firewall and also fill up the log server quickly.
8. Try to implement High Availability if your budget would allow that. This would reduce the down time of your network considerably. If a firewall is down it would mean that pretty much most of your operations are down. If High Availability is implemented, then even if the primary were to fail, the secondary would take over. Firewall Clustering is something which can provide your firewall both redundancy and load sharing. Check with the manufacturer if it is available.
9. If there are too many VPN connections that need to connect to your network, then try to get a dedicated VPN device. How many connections are too many connections? Check the firewall manufacturer’s manual. Another way of doing it is checking the load on the firewall – memory, cpu utilization etc.
10. End your rule base with a clean up rule or a ANY ANY DENY rule. Try to also log this rule. This would assist you in analyzing the dropped connections in case you ever attacked or even while simple troubleshooting.
Network Security Tools list
Penetration Testing
NO TOOL PURPOSE PLATFORM
1. Nmap Port scanner Windows and Linux
2. Nessus Vulnerability Scanner Windows and Linux
3. Xprobe Operating System detection Linux
4. Ethereal Packet Sniffer Windows and Linux
5. J2SDK and JRE Java framework needed for many tools to run Windows and Linux
6. Citrix client Client used to connect to Citrix instance if running Windows
7. MySQL client Client used to connect to running MySQL database Windows and Linux
8. VNC Client Client used to connect to a running VNC server Windows
9. OAT Oracle enumeration toolkit Windows and Linux
10. Tnscmd.pl Oracle enumeration tool Windows and Linux
11. Wget Website downloader Windows and Linux
12. Tsgrinder Terminal Services brute force password cracker Windows
13. SqlPing3 MS-SQL enumeration Windows
14. Orabf Oracle brute force password crackers Windows and Linux
15. Checkpwd Oracle brute force password crackers Windows and Linux
16. Explore2fs Copying files on local Linux partition to Windows Windows
17. Getif SNMP enumeration Windows
18. Enum Check for null session establishment Windows
19. Site-Digger Google hacking Windows
20. httprint Web server fingerprinting Windows
21. Cerebrus FTP server Simple FTP server used when you need to upload tools on to the server Windows
22. Netcat Create a listener on remote host once you’re in Windows and Linux
23. Screenshooter Used to take quick screenshots using predefined hotkeys Windows
24. Resource Kit tools Numerous windows tools to enumerate various service offered by the Windows OS Windows
25. Lsnrcheck Enumerate Oracle listener Windows
26. Putty Establish connections to open ports Windows
27. Cain and Abel ARP poisoning and brute forcing various types of passwords among many others Windows
28. Adfind and LdapMiner Enumerate Active Directory objects Windows
29. Nikto Web vulnerability scanner Windows and Linux
30. P0f Passive OS fingerprinting Windows and Linux
31. Metasploit Canned exploit tool Windows and Linux
Application Security Assessment
NO TOOL PURPOSE PLATFORM
1. Paros Web proxy interceptor and editor Windows
2. WinHex RAM content viewer Windows
3. WpePro Real time Packet editor (Thick client ) Windows
4. EchoMirage Function call interceptor (Thick client ) Windows
5. ITR Application traffic interceptor (Thick client ) Windows
6. FileMon Identifies files that the application accesses while running Windows
7. RegMon Identify registry keys that the application accesses while running Windows
8. DllHell Identify DLL files that the application uses to run Windows
9. TcpView Identifies connections to and from local running processes Windows
10. JsView Firefox extension which picks out all the running Javascripts on that web page Windows and Linux
11. View_source_chart Firefox extension which displays HTML source cleanly Windows and Linux
12. Smbrelay Intercepts SMB traffic Windows
NO TOOL PURPOSE PLATFORM
1. Nmap Port scanner Windows and Linux
2. Nessus Vulnerability Scanner Windows and Linux
3. Xprobe Operating System detection Linux
4. Ethereal Packet Sniffer Windows and Linux
5. J2SDK and JRE Java framework needed for many tools to run Windows and Linux
6. Citrix client Client used to connect to Citrix instance if running Windows
7. MySQL client Client used to connect to running MySQL database Windows and Linux
8. VNC Client Client used to connect to a running VNC server Windows
9. OAT Oracle enumeration toolkit Windows and Linux
10. Tnscmd.pl Oracle enumeration tool Windows and Linux
11. Wget Website downloader Windows and Linux
12. Tsgrinder Terminal Services brute force password cracker Windows
13. SqlPing3 MS-SQL enumeration Windows
14. Orabf Oracle brute force password crackers Windows and Linux
15. Checkpwd Oracle brute force password crackers Windows and Linux
16. Explore2fs Copying files on local Linux partition to Windows Windows
17. Getif SNMP enumeration Windows
18. Enum Check for null session establishment Windows
19. Site-Digger Google hacking Windows
20. httprint Web server fingerprinting Windows
21. Cerebrus FTP server Simple FTP server used when you need to upload tools on to the server Windows
22. Netcat Create a listener on remote host once you’re in Windows and Linux
23. Screenshooter Used to take quick screenshots using predefined hotkeys Windows
24. Resource Kit tools Numerous windows tools to enumerate various service offered by the Windows OS Windows
25. Lsnrcheck Enumerate Oracle listener Windows
26. Putty Establish connections to open ports Windows
27. Cain and Abel ARP poisoning and brute forcing various types of passwords among many others Windows
28. Adfind and LdapMiner Enumerate Active Directory objects Windows
29. Nikto Web vulnerability scanner Windows and Linux
30. P0f Passive OS fingerprinting Windows and Linux
31. Metasploit Canned exploit tool Windows and Linux
Application Security Assessment
NO TOOL PURPOSE PLATFORM
1. Paros Web proxy interceptor and editor Windows
2. WinHex RAM content viewer Windows
3. WpePro Real time Packet editor (Thick client ) Windows
4. EchoMirage Function call interceptor (Thick client ) Windows
5. ITR Application traffic interceptor (Thick client ) Windows
6. FileMon Identifies files that the application accesses while running Windows
7. RegMon Identify registry keys that the application accesses while running Windows
8. DllHell Identify DLL files that the application uses to run Windows
9. TcpView Identifies connections to and from local running processes Windows
10. JsView Firefox extension which picks out all the running Javascripts on that web page Windows and Linux
11. View_source_chart Firefox extension which displays HTML source cleanly Windows and Linux
12. Smbrelay Intercepts SMB traffic Windows
Upgradation porcess of Nortel Switched firewall
Purpose: This document provides the procedure to upgrade the existing cluster of Nortel Switched Firewall. The cluster of accelerated platform consists of 2 accelerators running in active-standby mode and 2 directors in active-active mode.
Pre Requisites:
1. Backup of the configuration
2. Image CD of 4.1.3_R55
3. Minimum downtime of 3 Hours.
Procedure:
1. Remove the standby accelerator (Accelerator-2) and the connected director (Director-2) from the cluster.
2. Upgrade the image in Director-2 by installing the image 4.1.3_R55.
3. Once the installation is completed successfully, connect the accelerator-2 to the director-2 and power it on. When the accelerator comes up and detected by the director, the director will upgrade the image of the accelerator automatically.
4. Physically disconnect the active accelerator & active director ie Accelerator-1 director-1 (Actual Downtime starts).
5. Connect the Accelerator-1 to the already upgraded Accelerator-2 over Inter Accelerator Port.
6. Director-2 connected to the Accelerator-1 will now detect the Accelerator-1 also and upgrades it automatically.
7. Now Accelerator-2, Director-2 and Accelerator-1 are upgraded to 4.1.3_R55
8. Install the new image 4.1.3_R55 in Director-1. After up gradation, connect the Director-1 to the Accelerator-1 and join it to the cluster.
9. Restore the configuration in the cluster.
10. Connect the cables from the zones to the respective ports on the accelerators.
11. Check the connectivity to all the zones and to the management server from both the directors.
12. Reset the SIC in both the firewall objects (Director-1, Director-2) in the Checkpoint Management Server.
13. Re Establish the SIC with new activation key.
14. Install the policy on the Cluster.
15. Check all the traffic and the applications status.
Pre Requisites:
1. Backup of the configuration
2. Image CD of 4.1.3_R55
3. Minimum downtime of 3 Hours.
Procedure:
1. Remove the standby accelerator (Accelerator-2) and the connected director (Director-2) from the cluster.
2. Upgrade the image in Director-2 by installing the image 4.1.3_R55.
3. Once the installation is completed successfully, connect the accelerator-2 to the director-2 and power it on. When the accelerator comes up and detected by the director, the director will upgrade the image of the accelerator automatically.
4. Physically disconnect the active accelerator & active director ie Accelerator-1 director-1 (Actual Downtime starts).
5. Connect the Accelerator-1 to the already upgraded Accelerator-2 over Inter Accelerator Port.
6. Director-2 connected to the Accelerator-1 will now detect the Accelerator-1 also and upgrades it automatically.
7. Now Accelerator-2, Director-2 and Accelerator-1 are upgraded to 4.1.3_R55
8. Install the new image 4.1.3_R55 in Director-1. After up gradation, connect the Director-1 to the Accelerator-1 and join it to the cluster.
9. Restore the configuration in the cluster.
10. Connect the cables from the zones to the respective ports on the accelerators.
11. Check the connectivity to all the zones and to the management server from both the directors.
12. Reset the SIC in both the firewall objects (Director-1, Director-2) in the Checkpoint Management Server.
13. Re Establish the SIC with new activation key.
14. Install the policy on the Cluster.
15. Check all the traffic and the applications status.
Nortel Contivity (VPN box) image upgradation
Upgrading the Image of the Contivity VPN Router:
1. Acquire the image v5_05.241 (128 bit) in the optimized format (.tar extension).
2. Connect your laptop or PC to Contivity via a cross cable to contivity’s private LAN interface.
3. Make sure that your Laptop’s or PC’s IP address is in the same range as that of Contivity’s Management IP address.
4. Then open the Internet Explorer (Version 6) and using the Mgmt. IP of the Contivity open the web based mgmt. of Contivity.
5. Start the FTP server in your Laptop or PC and configure a user and its password.
6. Give the path of the image file in the FTP server to the folder in which you have stored the optimized (.tar file) image file.
7. Please note that the Optimized image file with .tar extension has one more extension .gz which is hidden.
8. Now in web based mgmt. of Contivity go to Admin upgrades.
9. In this screen you need to enter the following info:
Host IP, IP address of your Laptop or PC running FTP server.
Path -Just give the image file name with .tar.gz extension.
Version -name of the image but without the .tar.gz extension.
User name and password of the FTP server.
Make sure that in the Internet Explorer POP Up’s are allowed
10. After entering all the info. correctly and after making sure that the FTP server is running, click on the Retrieve button on that page.
11. A small window will open showing the status of the image copied to the Contivity.
12. When in this window there is a display that the transfer completed successfully, you can close this small window.
13. Now that you have dumped the image to the Contivity hard disk, you need to apply this image.
14. In the same path (Admin Upgrades) there will be a drop down box where you can see the new image that you just transferred to the Contivity.
15. Select that new image version and click Apply.
16. Wait for some time, the new image will be applied and the Contivity will reboot automatically.
17. After the Contivity is booted again access the Contivity via web based and go to Status System and verify the new image version.
1. Acquire the image v5_05.241 (128 bit) in the optimized format (.tar extension).
2. Connect your laptop or PC to Contivity via a cross cable to contivity’s private LAN interface.
3. Make sure that your Laptop’s or PC’s IP address is in the same range as that of Contivity’s Management IP address.
4. Then open the Internet Explorer (Version 6) and using the Mgmt. IP of the Contivity open the web based mgmt. of Contivity.
5. Start the FTP server in your Laptop or PC and configure a user and its password.
6. Give the path of the image file in the FTP server to the folder in which you have stored the optimized (.tar file) image file.
7. Please note that the Optimized image file with .tar extension has one more extension .gz which is hidden.
8. Now in web based mgmt. of Contivity go to Admin upgrades.
9. In this screen you need to enter the following info:
Host IP, IP address of your Laptop or PC running FTP server.
Path -Just give the image file name with .tar.gz extension.
Version -name of the image but without the .tar.gz extension.
User name and password of the FTP server.
Make sure that in the Internet Explorer POP Up’s are allowed
10. After entering all the info. correctly and after making sure that the FTP server is running, click on the Retrieve button on that page.
11. A small window will open showing the status of the image copied to the Contivity.
12. When in this window there is a display that the transfer completed successfully, you can close this small window.
13. Now that you have dumped the image to the Contivity hard disk, you need to apply this image.
14. In the same path (Admin Upgrades) there will be a drop down box where you can see the new image that you just transferred to the Contivity.
15. Select that new image version and click Apply.
16. Wait for some time, the new image will be applied and the Contivity will reboot automatically.
17. After the Contivity is booted again access the Contivity via web based and go to Status System and verify the new image version.
DNS and Forensic tools resources
DNSMap - DNS Subdomain Brute-force Tool
• Dnsgrep - DNS Enumeration Tool
• txdns - Aggressive Multithreaded DNS digger/brute-forcer
• Mscan 1.0
• FoFuS - PoC bot using DNS cover channel
• spoofer2.pl.txt
• dnsstat
• Tools to manage DNS
• DNSSEC Software, DNSSEC Tools, DNSSEC Utilities
DNS Dump
https://www.astalavista.net/member/index.php?cmd=forum&act=topic_show&tid=16477
Koders
http://www.koders.com/default.aspx?s=reverse+dns+lookup&btn=&la=C&li=*
http://www.koders.com/default.aspx?s=proxy+lookup&la=C&li=*
Sourceforge
http://sourceforge.net/search/?type_of_search=soft&words=reverse+dns+proxy
Google CodeSearch
http://www.google.com/codesearch?q=proxy+lookup+.c&hl=en
http://www.google.com/codesearch?hl=en&lr=&q=reverse+dns+.c
http://linux.softpedia.com/get/System/Networking/MassResolve-29981.shtml
http://www.pentester.com.au/downloads/rdns.exe
https://www.astalavista.net/member/index.php?cmd=forum&act=topic_show&tid=16477
Koders
http://www.koders.com/default.aspx?s=reverse+dns+lookup&btn=&la=C&li=*
http://www.koders.com/default.aspx?s=proxy+lookup&la=C&li=*
Sourceforge
http://sourceforge.net/search/?type_of_search=soft&words=reverse+dns+proxy
Google CodeSearch
http://www.google.com/codesearch?q=proxy+lookup+.c&hl=en
http://www.google.com/codesearch?hl=en&lr=&q=reverse+dns+.c
http://linux.softpedia.com/get/System/Networking/MassResolve-29981.shtml
http://www.google.com/codesearch?hl=en&lr=&q=reverse+dns+.c
http://www.google.com/codesearch?hl=en&q=show:FwzQRvnL2P8:Jt60AsYNq9I:JsKUtuOcjdo&sa=N&ct=rd&cs_p=ftp://ftp.sunfreeware.com/pub/freeware/SOURCES/gnupg-1.4.7.tar.gz&cs_f=gnupg-1.4.7/util/ttyio.c
http://www.forensics.nl/presentations
More Resources
Forensic Tools| Training| Resources| Publications| Groups|
Want to post a link or make an announcement? Send it to contact@knujon.com
________________________________________
Forensic Tools
"Illicit traffic is not about products, it's about transactions." - Moisés Naím, Illicit
• veresoftware.com
Vere Software is dedicated to creating a "more safe" online environment. We specialize in software applications that can be used to help your investigations maintain structure while properly gathering evidence that can be used in court. Our clients include law enforcement agencies and special investigators. Our products are designed as a tool for the investigator to collect evidence of online criminal activity. We will help you, the investigator, "make the internet your regular beat" .
• Maresware/dmares.com
Maresware: The Suite
Maresware: Linux Computer Forensics
Validation Tools and other products
• ProDiscover/Techpathways.com
Investigator
Forensics
Incident Response
Other tools
• Paraben Corporation/paraben.com
P2 Power Pack
Hard Drive Forensics
Forensic Replicator Complete bit-stream acquisition software for hard drives and media
P2 eXplorer Mount almost any forensic image as a virtual drive
Forensic Sorter Save time by sorting your evidence into workable categories
E-mail Examiner A full featured e-mail examination tool for over 30 popular e-mail formats
Network E-mail Examiner Examine large network e-mail stores including Exchange, Notes, and GroupWise
Text Searcher Perform advanced, fast text searching through indexing
Registry Analyzer Analyze entire Windows registry files
Chat Examiner Examine chat log files for Yahoo, MSN, ICQ, and more
Decryption Collection Break passwords for over 35 types of encrypted files
Case Agent Companion View over 250 different file formats for detailed analysis & reporting of digital evidence
Enterprise Forensics
Enterprise Forensics
Moble Devices
Cell Seizure v3.0 ADVANCED MOBILE PHONE FORENSIC SOFTWARE
SIM Card Seizure v1.0.2131
ComputraceComplete laptop security
Computrace Data Protection
• Guidance Software/guidancesoftware.com
EnCase Enterprise
Field Intelligence Model
• AccessData Corp/accessdata.com
The Ultimate Toolkit
Forensic Toolkit
Password Recovery Toolkit
Registry Viewer
• Wetstone/wetstonetech.com
Gargoyle Investigator
DETS
• Determina/determina.com
Determina VPS
Determina Memory Firewall
Determina LiveShield
• EnterEdge/enteredge.com
Intrusion Protection Solutions
EnterEdge Vulnerability Management Service (VMS)
• Digital Intelligence/digitalintelligence.com
Intrusion Protection Solutions
EnterEdge Vulnerability Management Service (VMS)
• DocuLex/doculex.com
Litigation Support
Electronic Discovery
• snort.org
In 1998, Martin Roesch wrote an open source technology called Snort, which he termed a "lightweight" intrusion detection technology in comparison to commercially available systems. Today that moniker doesn't even begin to describe the capabilities that Snort brings to the table as the most widely deployed intrusion prevention technology worldwide. Over the years Snort has evolved into a mature, feature rich technology that has become the de facto standard in intrusion detection and prevention. Recent advances in both the rules language and detection capabilities offer the most flexible and accurate threat detection available, making Snort the "heavyweight" champion of intrusion prevention.
• bleedingthreats.net
Bleeding Edge Threats is a center for Open Security Research. We produce data feeds regarding new and up to the minute threats and research, and a number of other related security projects. Bleeding Edge Threats brings together the most experienced, and the least experienced security professionals.
• wiresharktraining.com/wiresharkU.com
The Wireshark Certification Program strives to test a candidate's knowledge and ability to troubleshoot, optimize and secure a network based on evidence found by analyzing the traffic.
• cacetech.com
CACE (Creative, Advanced Communication Engineering) Technologies is dedicated to enhancing the Wireshark user experience. Our staff of accomplished computer scientists and engineers has created Wireshark®, the world’s most popular network analyzer, WinPcap™, the industry-standard open source packet capture library for Windows, and AirPcap™ Product Family 802.11 WLAN packet capture devices for Wireshark. Our collective experience and talents combine to offer exciting networking products as well as a broad range of engineering, development, and consulting services.
• packet-level.com
The four Wireshark University courses were written by Laura - these courses include new trace files, more details on troubleshooting techniques and case studies. In addition, Laura has hand-picked instructors to teach the courses - these instructors have years of packet-level experience and are some of the best instructors in the industry. Laura (and the WSU advisory committe) are developing the certification test to validate candidate capabilities in the area of troubleshooting and securing networks using Wireshark. Laura works closely with Gerald Combs (original author of Wireshark) and Loris Degioanni (original author of WinPcap) to build the most current and complete educational materials to support Wireshark.
• insecure.org
Nmap ("Network Mapper") is a free and open source (license) utility for network exploration or security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. It was designed to rapidly scan large networks, but works fine against single hosts. Nmap runs on all major computer operating systems, and both console and graphical versions are available.
• netscantools.com
NetScanTools Pro is an ideal tool for those who work in the network security, administration, training, internet forensics or law enforcement internet crimes fields.
• mjmenz.com
“Finding the Truth, One bit at a Time”
• cyberevidence.com
CyberEvidence, Inc. is a leading provider of computer forensics. The concepts of digital data investigation and security will be an ever expanding part of the future.The need for professional, proficient and highly trained investigative resources dedicated to this fast developing industry is evident. CyberEvidence, Inc. addresses this need in three primary ways:
1. providing clients with a range of digital data incident response, investigative and consulting services;
2. providing industry leading training to individuals and organizations involved in digital forensics; and
3. developing partnerships with institutions of higher learning to help move the digital forensics industry into the academic mainstream.
• infobin.org
DeepDarkAbyss, ForensicsWeb, and the main Infobin site, as well as an updated Jatero.Com site.
• hightechcrimecops.org
To train, support and encourage investigators through information sharing to preserve, recover, and analyze digital evidence in a forensically sound manner for criminal, civil and administrative purposes. To provide digital crime prevention education to the public. To promote knowledge of the impact of digital crime among senior leaders, both in the public and private sectors.
• tucofs.com
TUCOFS, or T.U.C.O.F.S., stands for The Ultimate Collection of Forensic Software. This site places all Law Enforcement Personnel in touch with the latest and greatest Internet based resources for High Tech Law Enforcement purposes. Resource types include files, sofware, websites and documentation. TUCOFS can be used as an index pointing you to various resources, allowing you to quickly find exactly what you are looking for.
• wotsit.org
Programmer's file and data format resource. This site contains information on hundreds of different file types, data types, hardware interface details and all sorts of other useful programming information; algorithms, source code, specifications, etc.
• DFLabs
DFLabs is an ISO9001 certified consulting company founded by Dario Forte, CISM, CFE, specializing in Information Security Risk Management. Our mission is: Supporting Information Security Strategies and Guarenteeing Business Security.Proud of its professional experience, DFLabs provides consulting services in the following areas: Information Security Strategy, Incident Prevention and Response, Digital Forensics, Infosecurity Training, Intrusion Prevention, Log and Vulnerability Management. We are based in Northern Italy, and we perform our operations worldwide.
• PTK a new advanced interface for “The Sleuth Kit”
PTK is an alternative advanced interface for the suite TSK (The Sleuth Kit). PTK was developed from scratch and besides providing the functions already present in Autopsy Forensic Browser it implements numerous new features essential during forensic activity. PTK is not just a new graphic and highly professional interface based on Ajax technology but offers a great deal of features like analysis, search and management of complex cases of digital investigation. The core component of the software is made up of an efficient Indexing Engine performing different preliminary analysis operations during importing of every evidence. PTK allows the management of different cases and different levels of multi-users. It is possible to allow more than one investigators to work at the same case at the same time. All the reports generated by an investigator are saved in a reserved section of the Database. PTK is a Web Based application and builds its indexing archive inside a Database MySQL, using thus the construction LAMP(Linux-Apache-MySql-PHP).
• 10-23 On-Scene Investigator
This toolkit was created for the non-technical first responder to a computer incident involving a Windows computer. It is remastered from Knoppix a bootable distribution of Linux. The toolkit runs completely off of the CD and out of RAM and does not touch the suspect hard drive(s). This was verified by SHA256 hashes of before and after the toolkit was used on a Windows system. As reported by Ernie Baca here there is an issue with Linux (and therefore KNOPPIX) where a bit is changed on journaling filesystems when mounted (even read-only). Therefore caution should be exercised when using 10-23 on a Linux system.
• THE FARMER'S BOOT CD (FBCD)
FBCD provides you with an environment to safely and quickly preview data stored within various storage media (hard drives, USB thumbdrives, handheld music players such as iPods, digital camera media, etc.), enabling you to identify and locate data of interest.
• crackpdf.com
PDF Password Cracker is an utility to remove the security on PDF documents (of course, you should have the right to do it, for example, in case of forgotten user/owner password). Only standard PDF security is supported, neither third-party plug-ins nor e-books.
• americantower.com
Locate Cell Phone Towers
• cellreception.com
Find Cell Tower Locations
• searchbug.com
Find and investigate people, locate businesses, verify phone numbers and addresses
• techcrime.com
Massive list of useful sites
• KBSolutions Inc/kbsolutions.com
KBSolutions provides computer forensic investigations as well as consultation and training in various aspects of cyber crime. We specialize in sex offender management as it relates to cyber criminal activities. We do not provide forensic services in civil matters or do defense work.
• wigle.net
Wireless Geographic Logging Engine
• OnScene Investigator/forensicsmatter.com
OnScene Investigator is a cost effective, simple to use tool for quickly searching and/or imaging computers (in Encase format). It is ideal for on scene triage of computers to identify relevant evidence before imaging . OnScene Investigator is suitable for all Intel PCs, especially Apple Macbook, Macbook Pro and PPC Imac and Powerbook G4.
• zillow.com
Zillow.com is an online real estate service dedicated to helping you get an edge in real estate by providing you with valuable tools and information.
• centralops.net
This site is a collection of Internet utilities developed by Hexillion using its HexGadgets components. Most of the utilities have ASP or ASP.NET source code available.
• ic3.gov
The Internet Crime Complaint Center (IC3) is a partnership between the Federal Bureau of Investigation (FBI) and the National White Collar Crime Center (NW3C).
• Better Business Bureau
U.S. and Canada
United States
________________________________________
Training
• Cell Phones
ohiohtcia.org
forensicts.co.uk
• Computer Forensics
Maresware Training Seminars
Mississipi State Center for Computer Sercurity Research
AccessData
Paraben
iacis.info
newhorizons.com
wetstonetech.com
cftco.com
securityuniversity.net
Apple Mac OS X
vigilar.com
wright.edu
CCE Bootcamp
• Fingerprints
FBI Fingerprint Training
• Hacking Investigations
newhorizons.com
• Security
Learning Tree
newhorizons.com
• Steganography
GaryKessler.Net
wetstonetech.com
________________________________________
Resources
dshield.org
FBI: HAS YOUR BUSINESS BEEN HACKED?
itsecurity.com
FBI Computer Analysis and Response Team
techpathways.com
Back to Information Security Basics
security-books.com
NSA Information Assurance
Hetherington Information Services
Laboratoire d'EXpertise en Sécurité Informatique
PEI Systems
AlliedBarton Security Services
securityhorizon
Mandiant(formerly Red Cliff)
Mares and Company
Medford Police
LAPD Online
LAPD Crimemaps
computer-forensic.com
forensicts.co.uk
tucofs.com
CygnaCom Solutions
MITRE
Password Recovery Pro recovers hidden passwords by simply holding the mouse cursor over the asterisks field
Hidden Keyboard Memory Mod
• Computer Forensics
Maresware Training Seminars
Mississipi State Center for Computer Sercurity Research
AccessData
Paraben
iacis.info
newhorizons.com
wetstonetech.com
cftco.com
securityuniversity.net
Apple Mac OS X
vigilar.com
wright.edu
CCE Bootcamp
• Dnsgrep - DNS Enumeration Tool
• txdns - Aggressive Multithreaded DNS digger/brute-forcer
• Mscan 1.0
• FoFuS - PoC bot using DNS cover channel
• spoofer2.pl.txt
• dnsstat
• Tools to manage DNS
• DNSSEC Software, DNSSEC Tools, DNSSEC Utilities
DNS Dump
https://www.astalavista.net/member/index.php?cmd=forum&act=topic_show&tid=16477
Koders
http://www.koders.com/default.aspx?s=reverse+dns+lookup&btn=&la=C&li=*
http://www.koders.com/default.aspx?s=proxy+lookup&la=C&li=*
Sourceforge
http://sourceforge.net/search/?type_of_search=soft&words=reverse+dns+proxy
Google CodeSearch
http://www.google.com/codesearch?q=proxy+lookup+.c&hl=en
http://www.google.com/codesearch?hl=en&lr=&q=reverse+dns+.c
http://linux.softpedia.com/get/System/Networking/MassResolve-29981.shtml
http://www.pentester.com.au/downloads/rdns.exe
https://www.astalavista.net/member/index.php?cmd=forum&act=topic_show&tid=16477
Koders
http://www.koders.com/default.aspx?s=reverse+dns+lookup&btn=&la=C&li=*
http://www.koders.com/default.aspx?s=proxy+lookup&la=C&li=*
Sourceforge
http://sourceforge.net/search/?type_of_search=soft&words=reverse+dns+proxy
Google CodeSearch
http://www.google.com/codesearch?q=proxy+lookup+.c&hl=en
http://www.google.com/codesearch?hl=en&lr=&q=reverse+dns+.c
http://linux.softpedia.com/get/System/Networking/MassResolve-29981.shtml
http://www.google.com/codesearch?hl=en&lr=&q=reverse+dns+.c
http://www.google.com/codesearch?hl=en&q=show:FwzQRvnL2P8:Jt60AsYNq9I:JsKUtuOcjdo&sa=N&ct=rd&cs_p=ftp://ftp.sunfreeware.com/pub/freeware/SOURCES/gnupg-1.4.7.tar.gz&cs_f=gnupg-1.4.7/util/ttyio.c
http://www.forensics.nl/presentations
More Resources
Forensic Tools| Training| Resources| Publications| Groups|
Want to post a link or make an announcement? Send it to contact@knujon.com
________________________________________
Forensic Tools
"Illicit traffic is not about products, it's about transactions." - Moisés Naím, Illicit
• veresoftware.com
Vere Software is dedicated to creating a "more safe" online environment. We specialize in software applications that can be used to help your investigations maintain structure while properly gathering evidence that can be used in court. Our clients include law enforcement agencies and special investigators. Our products are designed as a tool for the investigator to collect evidence of online criminal activity. We will help you, the investigator, "make the internet your regular beat" .
• Maresware/dmares.com
Maresware: The Suite
Maresware: Linux Computer Forensics
Validation Tools and other products
• ProDiscover/Techpathways.com
Investigator
Forensics
Incident Response
Other tools
• Paraben Corporation/paraben.com
P2 Power Pack
Hard Drive Forensics
Forensic Replicator Complete bit-stream acquisition software for hard drives and media
P2 eXplorer Mount almost any forensic image as a virtual drive
Forensic Sorter Save time by sorting your evidence into workable categories
E-mail Examiner A full featured e-mail examination tool for over 30 popular e-mail formats
Network E-mail Examiner Examine large network e-mail stores including Exchange, Notes, and GroupWise
Text Searcher Perform advanced, fast text searching through indexing
Registry Analyzer Analyze entire Windows registry files
Chat Examiner Examine chat log files for Yahoo, MSN, ICQ, and more
Decryption Collection Break passwords for over 35 types of encrypted files
Case Agent Companion View over 250 different file formats for detailed analysis & reporting of digital evidence
Enterprise Forensics
Enterprise Forensics
Moble Devices
Cell Seizure v3.0 ADVANCED MOBILE PHONE FORENSIC SOFTWARE
SIM Card Seizure v1.0.2131
ComputraceComplete laptop security
Computrace Data Protection
• Guidance Software/guidancesoftware.com
EnCase Enterprise
Field Intelligence Model
• AccessData Corp/accessdata.com
The Ultimate Toolkit
Forensic Toolkit
Password Recovery Toolkit
Registry Viewer
• Wetstone/wetstonetech.com
Gargoyle Investigator
DETS
• Determina/determina.com
Determina VPS
Determina Memory Firewall
Determina LiveShield
• EnterEdge/enteredge.com
Intrusion Protection Solutions
EnterEdge Vulnerability Management Service (VMS)
• Digital Intelligence/digitalintelligence.com
Intrusion Protection Solutions
EnterEdge Vulnerability Management Service (VMS)
• DocuLex/doculex.com
Litigation Support
Electronic Discovery
• snort.org
In 1998, Martin Roesch wrote an open source technology called Snort, which he termed a "lightweight" intrusion detection technology in comparison to commercially available systems. Today that moniker doesn't even begin to describe the capabilities that Snort brings to the table as the most widely deployed intrusion prevention technology worldwide. Over the years Snort has evolved into a mature, feature rich technology that has become the de facto standard in intrusion detection and prevention. Recent advances in both the rules language and detection capabilities offer the most flexible and accurate threat detection available, making Snort the "heavyweight" champion of intrusion prevention.
• bleedingthreats.net
Bleeding Edge Threats is a center for Open Security Research. We produce data feeds regarding new and up to the minute threats and research, and a number of other related security projects. Bleeding Edge Threats brings together the most experienced, and the least experienced security professionals.
• wiresharktraining.com/wiresharkU.com
The Wireshark Certification Program strives to test a candidate's knowledge and ability to troubleshoot, optimize and secure a network based on evidence found by analyzing the traffic.
• cacetech.com
CACE (Creative, Advanced Communication Engineering) Technologies is dedicated to enhancing the Wireshark user experience. Our staff of accomplished computer scientists and engineers has created Wireshark®, the world’s most popular network analyzer, WinPcap™, the industry-standard open source packet capture library for Windows, and AirPcap™ Product Family 802.11 WLAN packet capture devices for Wireshark. Our collective experience and talents combine to offer exciting networking products as well as a broad range of engineering, development, and consulting services.
• packet-level.com
The four Wireshark University courses were written by Laura - these courses include new trace files, more details on troubleshooting techniques and case studies. In addition, Laura has hand-picked instructors to teach the courses - these instructors have years of packet-level experience and are some of the best instructors in the industry. Laura (and the WSU advisory committe) are developing the certification test to validate candidate capabilities in the area of troubleshooting and securing networks using Wireshark. Laura works closely with Gerald Combs (original author of Wireshark) and Loris Degioanni (original author of WinPcap) to build the most current and complete educational materials to support Wireshark.
• insecure.org
Nmap ("Network Mapper") is a free and open source (license) utility for network exploration or security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. It was designed to rapidly scan large networks, but works fine against single hosts. Nmap runs on all major computer operating systems, and both console and graphical versions are available.
• netscantools.com
NetScanTools Pro is an ideal tool for those who work in the network security, administration, training, internet forensics or law enforcement internet crimes fields.
• mjmenz.com
“Finding the Truth, One bit at a Time”
• cyberevidence.com
CyberEvidence, Inc. is a leading provider of computer forensics. The concepts of digital data investigation and security will be an ever expanding part of the future.The need for professional, proficient and highly trained investigative resources dedicated to this fast developing industry is evident. CyberEvidence, Inc. addresses this need in three primary ways:
1. providing clients with a range of digital data incident response, investigative and consulting services;
2. providing industry leading training to individuals and organizations involved in digital forensics; and
3. developing partnerships with institutions of higher learning to help move the digital forensics industry into the academic mainstream.
• infobin.org
DeepDarkAbyss, ForensicsWeb, and the main Infobin site, as well as an updated Jatero.Com site.
• hightechcrimecops.org
To train, support and encourage investigators through information sharing to preserve, recover, and analyze digital evidence in a forensically sound manner for criminal, civil and administrative purposes. To provide digital crime prevention education to the public. To promote knowledge of the impact of digital crime among senior leaders, both in the public and private sectors.
• tucofs.com
TUCOFS, or T.U.C.O.F.S., stands for The Ultimate Collection of Forensic Software. This site places all Law Enforcement Personnel in touch with the latest and greatest Internet based resources for High Tech Law Enforcement purposes. Resource types include files, sofware, websites and documentation. TUCOFS can be used as an index pointing you to various resources, allowing you to quickly find exactly what you are looking for.
• wotsit.org
Programmer's file and data format resource. This site contains information on hundreds of different file types, data types, hardware interface details and all sorts of other useful programming information; algorithms, source code, specifications, etc.
• DFLabs
DFLabs is an ISO9001 certified consulting company founded by Dario Forte, CISM, CFE, specializing in Information Security Risk Management. Our mission is: Supporting Information Security Strategies and Guarenteeing Business Security.Proud of its professional experience, DFLabs provides consulting services in the following areas: Information Security Strategy, Incident Prevention and Response, Digital Forensics, Infosecurity Training, Intrusion Prevention, Log and Vulnerability Management. We are based in Northern Italy, and we perform our operations worldwide.
• PTK a new advanced interface for “The Sleuth Kit”
PTK is an alternative advanced interface for the suite TSK (The Sleuth Kit). PTK was developed from scratch and besides providing the functions already present in Autopsy Forensic Browser it implements numerous new features essential during forensic activity. PTK is not just a new graphic and highly professional interface based on Ajax technology but offers a great deal of features like analysis, search and management of complex cases of digital investigation. The core component of the software is made up of an efficient Indexing Engine performing different preliminary analysis operations during importing of every evidence. PTK allows the management of different cases and different levels of multi-users. It is possible to allow more than one investigators to work at the same case at the same time. All the reports generated by an investigator are saved in a reserved section of the Database. PTK is a Web Based application and builds its indexing archive inside a Database MySQL, using thus the construction LAMP(Linux-Apache-MySql-PHP).
• 10-23 On-Scene Investigator
This toolkit was created for the non-technical first responder to a computer incident involving a Windows computer. It is remastered from Knoppix a bootable distribution of Linux. The toolkit runs completely off of the CD and out of RAM and does not touch the suspect hard drive(s). This was verified by SHA256 hashes of before and after the toolkit was used on a Windows system. As reported by Ernie Baca here there is an issue with Linux (and therefore KNOPPIX) where a bit is changed on journaling filesystems when mounted (even read-only). Therefore caution should be exercised when using 10-23 on a Linux system.
• THE FARMER'S BOOT CD (FBCD)
FBCD provides you with an environment to safely and quickly preview data stored within various storage media (hard drives, USB thumbdrives, handheld music players such as iPods, digital camera media, etc.), enabling you to identify and locate data of interest.
• crackpdf.com
PDF Password Cracker is an utility to remove the security on PDF documents (of course, you should have the right to do it, for example, in case of forgotten user/owner password). Only standard PDF security is supported, neither third-party plug-ins nor e-books.
• americantower.com
Locate Cell Phone Towers
• cellreception.com
Find Cell Tower Locations
• searchbug.com
Find and investigate people, locate businesses, verify phone numbers and addresses
• techcrime.com
Massive list of useful sites
• KBSolutions Inc/kbsolutions.com
KBSolutions provides computer forensic investigations as well as consultation and training in various aspects of cyber crime. We specialize in sex offender management as it relates to cyber criminal activities. We do not provide forensic services in civil matters or do defense work.
• wigle.net
Wireless Geographic Logging Engine
• OnScene Investigator/forensicsmatter.com
OnScene Investigator is a cost effective, simple to use tool for quickly searching and/or imaging computers (in Encase format). It is ideal for on scene triage of computers to identify relevant evidence before imaging . OnScene Investigator is suitable for all Intel PCs, especially Apple Macbook, Macbook Pro and PPC Imac and Powerbook G4.
• zillow.com
Zillow.com is an online real estate service dedicated to helping you get an edge in real estate by providing you with valuable tools and information.
• centralops.net
This site is a collection of Internet utilities developed by Hexillion using its HexGadgets components. Most of the utilities have ASP or ASP.NET source code available.
• ic3.gov
The Internet Crime Complaint Center (IC3) is a partnership between the Federal Bureau of Investigation (FBI) and the National White Collar Crime Center (NW3C).
• Better Business Bureau
U.S. and Canada
United States
________________________________________
Training
• Cell Phones
ohiohtcia.org
forensicts.co.uk
• Computer Forensics
Maresware Training Seminars
Mississipi State Center for Computer Sercurity Research
AccessData
Paraben
iacis.info
newhorizons.com
wetstonetech.com
cftco.com
securityuniversity.net
Apple Mac OS X
vigilar.com
wright.edu
CCE Bootcamp
• Fingerprints
FBI Fingerprint Training
• Hacking Investigations
newhorizons.com
• Security
Learning Tree
newhorizons.com
• Steganography
GaryKessler.Net
wetstonetech.com
________________________________________
Resources
dshield.org
FBI: HAS YOUR BUSINESS BEEN HACKED?
itsecurity.com
FBI Computer Analysis and Response Team
techpathways.com
Back to Information Security Basics
security-books.com
NSA Information Assurance
Hetherington Information Services
Laboratoire d'EXpertise en Sécurité Informatique
PEI Systems
AlliedBarton Security Services
securityhorizon
Mandiant(formerly Red Cliff)
Mares and Company
Medford Police
LAPD Online
LAPD Crimemaps
computer-forensic.com
forensicts.co.uk
tucofs.com
CygnaCom Solutions
MITRE
Password Recovery Pro recovers hidden passwords by simply holding the mouse cursor over the asterisks field
Hidden Keyboard Memory Mod
• Computer Forensics
Maresware Training Seminars
Mississipi State Center for Computer Sercurity Research
AccessData
Paraben
iacis.info
newhorizons.com
wetstonetech.com
cftco.com
securityuniversity.net
Apple Mac OS X
vigilar.com
wright.edu
CCE Bootcamp
Subscribe to:
Posts (Atom)