Skip to content

References: Digital Forensics and Cybercrime Investigation

  1. Digital forensics - Wikipedia - Comprehensive overview of digital evidence recovery, covering the order of volatility, forensic imaging, hash verification, file system analysis, network forensics, and the legal standards governing digital evidence admissibility.

  2. Write blocker - Wikipedia - Explains how forensic disk controllers prevent operating systems from modifying storage media during acquisition, including technical mechanisms, legal rationale, and NIJ requirements for hardware and software write blockers.

  3. Exif - Wikipedia - Details the Exchangeable Image File Format standard, covering embedded metadata categories (GPS coordinates, timestamps, camera settings), forensic applications for geolocation, and privacy/security implications relevant to digital evidence analysis.

  4. Digital Evidence and Computer Crime: Forensic Science, Computers, and the Internet (3rd Edition) - Eoghan Casey - Academic Press - Authoritative text covering volatile and non-volatile data acquisition, bit-stream imaging, hash verification, network forensics, encryption challenges, and the legal framework for digital evidence in criminal and civil proceedings.

  5. Guide to Computer Forensics and Investigations (6th Edition) - Bill Nelson, Amelia Phillips, and Christopher Steuart - Cengage Learning - Comprehensive textbook covering forensic imaging procedures, write-blocker protocols, file carving, metadata recovery, mobile device forensics, and investigative reporting used in professional digital forensics training programs.

  6. NIST Digital Evidence - National Institute of Standards and Technology - NIST's digital forensics research hub describing the National Software Reference Library, Computer Forensics Tool Testing, video analytics, and cloud forensics programs that define tool validation standards used by forensic laboratories.

  7. NIST Computer Forensics Tool Testing Program (CFTT) - National Institute of Standards and Technology - Tests and validates forensic software tools for disk imaging, deleted file recovery, hardware write blocks, mobile forensics, and file carving, producing test reports that practitioners use to select court-defensible tools.

  8. SANS Digital Forensics and Incident Response - SANS Institute - Leading professional training organization offering DFIR courses covering forensic acquisition, timeline analysis, network forensics, malware analysis, and cloud forensics, widely used by law enforcement and corporate investigators.

  9. NIST Forensic Science - National Institute of Standards and Technology - Overarching NIST forensic science hub covering OSAC standards, scientific validity reviews, and reference materials across forensic disciplines, including digital evidence integrity verification and measurement standards.

  10. DFIR Training - DFIR Training Community - Curated hub for digital forensics and incident response practitioners providing tool comparisons, downloadable forensic test images, course listings, and practical guides covering forensic acquisition, analysis, and mobile device investigation.