SANS InfoSec Reading Room - Forensics
Most of the computer security white papers in the Reading Room have been written by students seeking GIAC certification to fulfill part of their certification requirements and are provided by SANS as a resource to benefit the security community at large. SANS attempts to ensure the accuracy of information, but papers are published "as is". Errors or inconsistencies may exist or may be introduced over time as material becomes dated. If you suspect a serious error, please contact
webmaster@sans.org.
Featuring 9 papers as of Dec 2, 2008
- Data Carving Concepts
- Antonio Merola
- November 19, 2008
- - download paper

- Mobile Device Forensics
- Andrew Martin
- September 5, 2008
- - download paper

- A Forensic Primer for Usenet Evidence
- Mark Lachniet
- June 25, 2008
- - download paper

- Ex-Tip: An Extensible Timeline Analysis Framework in Perl
- Michael Cloppert
- May 21, 2008
- - download paper

- Taking advantage of Ext3 journaling file system in a forensic investigation
- Gregorio Narvaez
- December 11, 2007
- - download paper

- Forensic Analysis of a SQL Server 2005 Database Server
- Kevvie Fowler
- September 28, 2007
- - download paper

- Becoming a Forensic Investigator
- Mark Maher
- August 15, 2004
- - download paper

- A Case for Forensics Tools in Cross-Domain Data Transfers
- Dwane Knott
- October 31, 2003
- - download paper

- Forensic Analysis of a Compromised Intranet Server
- Roberto Obialero
- - download paper

This is hands-down, the premiere training opportunity.
- Dan Mather, JICPAC