Forensics Reading List

This is the list that my professor has decided we need to read or be familiar with.
Thought I would pass it along in case someone wanted some Article to read, or want to add to it.

Required Reading List

Note: The instructor may make minor changes or add a few more papers to this list during the semester.

Module I: Digital Forensics: An Overview

1. [Required] Gary Palmer, A Road Map for Digital Forensic Research,  Digital Forensic Research Workshop (DFRWS), Final Report, Aug. 2001.
2. [Required] Carrie Morgan Whitcomb, An Historical Perspective of Digital Evidence: A Forensic Scientist�s View, IJDE, 2002.
3. [Required] Sarah Mocas, Building Theoretical Underpinnings for Digital Forensics Research, Digital Investigation, vol. 1, pp. 61-68, 2004.

Module II: Forensics Basics and Criminalistics

No required readings. Here is a reference book.

1. Richard Saferstein, Criminalistics: An Introduction to Forensic Science, 8th edition, Prentice Hall, Inc., 2004, ISBN: 0-13-111852-8.

Module III: Basic networking and OS Concepts: A Review

No required readings. Please read CprE 308 and 489 textbooks whenever needed.

1. Andrew Tanenbaum, Modern Operating Systems, 2nd Edition, Prentice Hall, Inc., 2001, ISBN: 0-13-031358-0.
2. Alberto Leon-Garcia and Indra Widjaja, Communication Networks: Fundamental Concepts and Key Architectures, 1st Edition, McGraw-Hill Companies, Inc., 2000, ISBN 0-07-022839-6.

Module IV: Advanced Topics in Computer and Network Forensics

Forensic Duplication and Analysis

1. [Required] NIST Disk Imaging Standards
2. [Required] NIST Hard Disk Write Block Tool Specification, 2002.
3. NIST Hardware Write Blocker Device (HWB) Specification Version 2.0, 2004.
4. [Required] Brian D. Carrier and Joe Grand, A Hardware-Based Memory Acquisition Procedure for Digital Investigations, Journal of Digital Investigations - March 2004 edition, 2004.
5. Joseph Grand, "pdd: Memory Imaging and Forensic Analysis of Palm OS Devices," http://www.atstake.com/research/reports/, 2002.
6. [Required] The survey of disk image formats, CDESF Technical Working Group, September 2006.

(More will be added).

Cyber Forensics Tools and the Testing Thereof

1. Encase Online Manual (on Lab Machines)
2. FTK Online Manual (on Lab Machines)
3. Bruce Schneier and John Kelsey, Secure Audit Logs to Support Computer Forensics, ACM Transactions on Information and System Security, v. 1, n. 3, 1999.
4. Alec Yasinsac and Yanet Manzano, "Policies to Enhance Computer and Network Forensics," in Proceedings of the 2001 IEEE Workshop on Information Assurance and Security United States Military Academy, West Point, NY, 5-6 June, 2001.
5. Eoghan Casey, Practical approaches to recovering encrypted digital evidence, Digital Forensic Research Workshop (DFRWS), Aug. 2002.
6. [Required] Brian Carrier, Defining Digital Forensic Examination and Analysis Tools Using Abstraction Layers, International Journal of Digital Evidence - Winter 2003 edition, 2003.
7. [Required] NIST, General Test Methodology for Computer Forensic Tools, 2001.
8. Test Results for Disk Imaging Tools: dd Provided with FreeBSD 4.4, January 2004. (Optional)
9. Test Results for Disk Imaging Tools: SafeBack 2.18, June 2003. (Optional)
10. Test Results for Disk Imaging Tools: EnCase 3.20, June 2003. (Optional)
11. Test Results for Disk Imaging Tools: Red Hat Linux dd Version: 7.1 GNU fileutils 4.0.36, August 2002. Setup and Test Procedures.(Optional)
12. Matthew Geiger, Evaluating Commercial Counter-Forensic Tools, Digital Forensic Research Workshop (DFRWS), Aug. 2005.
13. Honeynet Project, "Know Your Enemy: Passive Fingerprinting," http://project.honeynet.org, 2002.

PDA and Cell Phone Forensic Analysis

1. [Required] Wayne Jansen and Rick Ayers, Guidelines on PDA Forensics, NIST, August 2004.
2. [Required] Expanding the Potential for GPS Evidence Acquisition, http://www.ssddfj.org/current.asp, 2009.
3. [[Required] Mobile Device Forensics (Blackberry, Android), http://www.mobileforensicsworld.org/, 2009.

Network Surveillance

(Will be added).

Profiling Cyber Criminals

1. Eric Shaw, Keven G. Ruby, and Jerrold M. Post, The Insider Threat to Information Systems: The Psychology of the Dangerous Insider, Security Awareness Bulletin, No. 2-98. 1998.
2. [Required] Marc Rogers, A Social Learning Theory and Moral Disengagment Analysis of Criminal Computer Behavior: An Exploratory Study, Ph.D. Dissertation, 2001.

Network Attack Traceback and Attribution

IP Traceback

1. K. Shanmugasundaram, et al, Payload Attribution via Hierarchical Bloom Filters, in Proceedings of the ACM CCS 2004.
2. [Required] A. Belenky and N. Ansari, Ip traceback with deterministic packet marking, IEEE COMMUNICATIONS LETTERS, vol. 7, no. 4, pp. 162�164, Apr. 2003.
3. [Required] Alex C. Snoeren, Craig Partridge, Luis A. Sanchez, Christine E. Jones, Fabrice Tchakountio, Beverly Schwartz, Stephen T. Kent, and W. Timothy Strayer,Single-Packet IP Traceback, IEEE/ACM Transactions on Networking (ToN), Volume 10, Number 6, pp. 721-734, December 2002.
4. Micah Adler, Tradeoffs in Probabilistic Packet Marking for IP Traceback, in Proceedings of 34th ACM Symposium on Theory of Computing (STOC) 2002.
5. D. Song and A. Perrig, Advanced and authenticated marking schemes for ip traceback, in Proc. of IEEE INFOCOMM 2001, Apr. 2001.
6. K. Park and H. Lee, On the effectiveness of probabilistic packet marking for ip traceback under denial of service attack, in Proc. of IEEE INFOCOM 2001, Mar. 2001.
7. [Required] M. F. D. Dean and A. Stubblefield, An algebraic approach to ip traceback, in Network and Distributed System Security Symposium (NDSS �01), Feb. 2001.
8. [Required] Stefan Savage, David Wetherall, Anna Karlin and Tom Anderson, Practical Network Support for IP Traceback, Proceedings of the 2000 ACM SIGCOMM Conference, pp. 295-306, Stockholm, Sweden, August 2000.
9. Steve Bellovin, ICMP Traceback Nessages, Network Working Group Internet Draft, 2000.

Stepping Stone Attack Attribution

1. [Required] A. Blum, D. Song, and S. Venkataraman, Detection of interactive steping stones: Algorithms and confidence bounds, in 7th International Symposium on Recent Advances in Intrusion Detection (RAID 2004), Sophia Antipolis, France, Sept. 2004.
2. W. T. Strayer, C. E. Jones, I. Castineyra, J. B. Levin, and R. R. Hain, An integrated architecture for attack attribution, BBN Technologies, Tech. Rep. BBN REPORT-8384, Dec. 2003.
3. [Required] X. Wang and D. S. Reeves, Robust correlation of encrypted attack traffic through stepping stones by manipulation of interpacket delays, in Proceedings of the 10th ACM Conference on Computer and Communications Security (CCS 2003), Washington DC, USA, Oct. 2003.
4. X. Wang, D. S. Reeves, and S. F. Wu, Inter-packet delay based correlation for tracing encrypted connections through stepping stones, in Proceedings of the 7th European Symposium on Research in Computer Security (ESORICS 2002), Zurich, Switzerland, pp. 244�263, Oct. 2002.
5. D. L. Donoho, A. G. Flesia, U. Shankar, V. Paxson, J. Coit, and S. Staniford, Multiscale stepping-stone detection: Detecting pairs of jittered interactive streams by exploiting maximum tolerable delay, in Proceedings of the 5th International Symposium on Recent Advances in Intrusion Detection (RAID 2002), Zurich, Switzerland, Oct. 2002.
6. X. Wang, D. S. Reeves, S. F. Wu, and J. Yuill, Sleepy watermark tracing: An active network-based intrusion response framework, in Proceedings of 16th InternatConference on Information Security (IFIP/Sec�01), Paris, France, June 2001.
7. [Required] K. Yoda and H. Etoh, Finding a connection chain for tracing intruders, in Proceedings of the 6th European Symposium on Research in Computer Security (ESORICS 2000), Toulouse, France, Oct. 2000.
8. [Required] Y. Zhang and V. Paxson, Detecting stepping stones, in Proceedings of the 9th USENIX Security Symposium, Denver, USA, pp. 171�184, Aug. 2000.

VoIP Security, Caller-ID Services, and Tracing Anonymous VoIP Calls

1. [Required] R. Kuhn, T. Walsh, and S. Fries, Security Considerations for Voice Over IP Systems, NIST Special Publication 800-58, January 2005.
2. [Required] X. Wang, S. Chen, and S. Jajodia, Tracking Anonymous Peer-to-Peer VoIP Calls on the Internet, in Proceedings of ACM CCS, 2005.

P2P Forensics

1. [Required]  Robert Erdely, Thomas Kerle, Brian Levine, Marc Liberatore and Clay Shields, Forensic Investigation of Peer-to-Peer File Sharing Network, DFRWS 2010.

Botnets Investigative Analysis (Optional)

1. Laurianne McLaughlin, Bot Software Spreads, Causes New Worries, IEEE DISTRIBUTED SYSTEMS ONLINE, Vol. 5, No. 6; June 2004.
2. Bill Mccarty, Botnets: Big and Bigger, IEEE SECURITY & PRIVACY, JULY/AUGUST 2003.
3. David Dagon, Guofei Gu, Cliff Zou, Julian Grizzard, Sanjeev Dwivedi, Wenke Lee, Richard Lipton, A Taxonomy of Botnets, NSF Cybertrust PI meeting, September 25, 2005.
4. Felix C. Freiling, Thorsten Holz, and Georg Wicherski, Botnet Tracking: Exploring a Root-Cause Methodology to Prevent Distributed Denial-of-Service Attacks, tech report, Department of Computer Science, RWTH Aachen University, April 2005.
5. Ramneek Puri, Bots & Botnet: An Overview, GSEC Practical Assignment Version, SANS Institute, August 2003.
6. Evan Cooke, Farnam Jahanian, Danny McPherson, The Zombie Roundup: Understanding, Detecting, and Disrupting Botnets, USENIX SRUTI'05: Steps to Reducing Unwanted Traffic on the Internet Workshop, Cambridge, MA, July 7, 2005.
7. Know your Enemy: Tracking Botnets, http://www.honeynet.org/papers/bots/. A word version.
8. [Required] Anirudh Ramachandran, et al., �Revealing Botnet Membership Using DNSBL Counter-Intelligence,� in SRUTI '06.
9. [Required] Cliff C. Zou and Ryan Cunningham. �Honeypot-Aware Advanced Botnet Construction and Maintenance," in the International Conference on Dependable Systems and Networks (DSN), June 25-28, Philadelphia, 2006.
10. [Required] David Dagon, Cliff C. Zou, and Wenke Lee. "Modeling Botnet Propagation Using Time Zones," in 13th Annual Network and Distributed System Security Symposium (NDSS), p.235-249, Feb. 2-4, San Diego, 2006.

(Will be added).

Multimedia Forensics and Multicast Fingerprinting

1. [Required] H. Chu, L. Qiao, and K Nahrstedt, "A secure multicast protocol with copyright protection," Proceedings IS&T/SPIE Symposium on Electronic Imaging: Science and Technology, San Jose, CA, Jan. 1999.
2. [Required] B. Briscoe and I. Fairman, "Nark: Receiver-based multicast non-repudiation and key management," ACM Conference on Electronic Commerce, Denver, CO, Nov. 1999.
3. [Required] I. Brown, C. Perkins, and J. Crowcroft, "Watercasting: Distributed watermarking of multicast media," Network Group Communication, Pisa, Italy, pp. 286-300, Nov. 1999.
4. [Required] P. Judge and M. Ammar, "WHIM: Watermarking multicast video with a hierarchy of intermediaries," Proc. NOSSDAC, Chapel Hill, NC, Jun. 2000.
5. R. Parviainen and P. Parnes, "Large scale distributed watermarking of multicast media through encryption," in Proc. of the IFIP TC6/TC11 International Conference on Communications and Multimedia Security Issues of the New Century, vol. 64, pp. 149�158, 2001.
6. P. Judge and M. Ammar, "Security issues and solutions in multicast content distribution: a survey," IEEE Network, Jan./Feb. 2003.
7. W. Trappe, M. Wu, Z.J. Wang, and K.J.R. Liu, �Anti-Collusion Fingerprinting for Multimedia�, IEEE Trans. on Signal Processing, vol 51, no 4, pp.1069-1087, special issue on Signal Processing for Data Hiding in Digital Media and Secure Content Delivery, April 2003.
8. A. Eskicioglu, "Multimedia security in group communications: Recent progress in key management, authentication and watermarking," ACM Multimedia Systems, Special Issue on Multimedia Security 9, pp. 239�248, Sep. 2003.
9. [Required] M. Wu, W. Trappe, Z.J. Wang, and K.J.R. Liu, �Collusion-Resistant Fingerprinting for Multimedia,� IEEE Signal Processing Magazine, Special Issue on Digital Rights: Management, Protection, Standardization, vol 21, no 2, pp.15-27, March 2004.
10. Z.J.Wang, M.Wu, W. Trappe, and K.J.R. Liu, �Group-Oriented Fingerprinting for Multimedia Forensics,� EURASIP Journal on Applied Signal Processing, Special Issue on Multimedia Security and Rights Management, 2004:14, pp.2142-2162, Nov 2004.
11. H. Zhao and K. J. R. Liu, "Bandwidth efficient fingerprint multicast for video streaming," IEEE Int. Conf on Acoustics, Speech and Signal Processing, May 2004.
12. H. Zhao and K. J. R. Liu, "A secure multicast scheme for anti-collusion fingerprinted video," Global Telecommunications Conference, 2004.
13. H. Zhao, M. Wu, Z.J. Wang, and K.J.R. Liu, �Forensic Analysis of Nonlinear Collusion Attacks for Multimedia Fingerprinting,� IEEE Trans. on Image Processing, vol 14, no 5, pp.646-661, May 2005.
14.  Z.J. Wang, M. Wu, H. Zhao, W. Trappe, and K.J.R. Liu, �Anti-Collusion Forensics of Multimedia Fingerprinting Using Orthogonal Modulation,� IEEE Trans. on Image Processing, June 2005.
15. [Required] H. Zhao and K.J.R. Liu, �Fingerprint Multicast for Secure Video Streaming,�  in IEEE Trans. on Image Processing.

Crime Scene Reconstruction: Evidence Linkage Discovery and Causal Reasoning

1. [Required] J. Adibi, et al, The KOJAK Group Finder: Connecting the Dots via Integrated Knowledge-Based and Statistical Reasoning, in Proceedings of the Sixteenth Innovative Applications of Artificial Intelligence Conference (IAAI-04), 2004.
2. J. Adibi, et al, Measuring Confidence Intervals in Link Discovery: A Bootstrap Approach, ICDM 2004.
3. J. Zhang and V. Honavar, Learning Decision Tree Classifiers from Attribute Value Taxonomies and Partially Specified Data, in Proceedings of the International Conference on Machine Learning (ICML-03), 2003.
4. [Required] J. Xu and H. Chen, The Topology of Dark Networks, Communication of ACM, Vol. 51, No.10, October 2008.

Stock Spam

1. [Required] Frieder and Zittrain, Spam Works: Evidence from Stock touts and Corresponding Market Activity, working paper, March 2007.
2. [Required] Hanke and Hauser, On the Effects of Stock Spam E-mails, working paper (later version published in the Journal of Financial Markets, 11(1), February 2008.
3. [Required] Bohme and Holz, The Effect of Stock Spam on Financial Markets, working paper (also published in WEIS 2006), April 2006.

Case Studies

No required readings.

Module V: Investigative Techniques from Intrusion Detection and Response

Survey

1. [Required] H. Debar, M. Dacier, and A. Wespi, A Revised Taxonomy for Intrusion-Detection Systems, Research Report of IBM Zurich Research Lab, 1999.

General Model

1. D. Denning, An Intrusion-Detection Model, 1986.
2. P. Helman and G. Liepins, Statistical Foundations of Audit Trail Analysis for the Detection of Computer Misuse, 1993.
3. S. Axelsson, The Base-Rate Fallacy and Its Implications for the Difficulty of Intrusion Detection, 1998.
4. R. Maxion and K. M. C Tan, Benchmarking Anomaly-Based Detection Systems, 2000.

Detection Method

Misuse Detection

1. U. Lindqvist and P. A. Porras, Detecting Computer and Network Misuse Through the Production-Based Expert System Toolset (P-BEST), 1999.
2. S. Kumar and E. H. Spafford, An Application of Pattern Matching in Intrusion Detection, 1994.
3. K. Ilgun, R. A. Kemmerer, and P. A. Porras, State Transition Analysis: A Rule-Based Intrusion Detection Approach, 1995.
4. C. Y. Chung, M. Gertz, and K. Levitt, DEMIDS: A Misuse Detection System for Database Systems, 1999.

Anomaly Detection

1. H. S. Javitz and A. Valdes, The SRI IDES Statistical Anomaly Detector, 1991.
2. S. Forrest, S. A. Hofmeyr, A. Somayaji, and T. A. Longstaff, A Sense of Self for Unix Processes, 1996.
3. C. Ko, M. Ruschitzka, and K. Levitt, Execution Monitoring of Security-Critical Programs in Distributed Systems: A Specification-based Approach, 1997.
4. D. Wagner and D. Dean, Intrusion Detection via Static Analysis, 2001.
5. R. Sekar, M. Bendre, D. Dhurjati, and P. Bollineni, A Fast Automaton-Based Method for Detecting Anomalous Program Behaviors, 2001.

Learning (or Data Mining) Based Approaches

1. C. Warrender, S. Forrest, and B. Perlmutter, Detecting Intrusion Using System Calls: Alternative Data Models, 1999.
2. A. Valdes and K. Skinner, Probabilistic Alert Correlation, 2000.
3. W. Lee and S. J. Stolfo, A Framework for Constructing Features and Models for Intrusion Detection Systems, 2000.
4. C. Ko, Logic Induction of Valid Behavior Specifications for Intrusion Detection, 2000.
5. T. Lane and C. E. Brodley, Temporal Sequence Learning and Data Reduction for Anomaly Detection, 1999.

Implementation Issues

1. B. Mukherjee, L. T. Heberlein, and K. N. Levitt, Network Intrusion Detection, 1994.
2. V. Paxson, Bro: A System for Detecting Network Intruders in Real-Time, 1999.
3. T. H. Ptacek and T. N. Newsham, Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection, 1998.
4. M. Handley and V. Paxson, Network Intrusion Detection: Evasion, Traffic Normalization, and End-to-End Protocol Semantics, 2001.
5. F. Kerschbaum, E. H. Spafford, and D. Zamboni, Using Embedded Sensors for Detecting Network Attacks, 2000.
6. P. A. Porras and A. Valdes, Live Traffic Analysis of TCP/IP Gateways, 1998.
7. J. S. Balasubramaniyan, J. O. Garcia-Fernandez, D. Isacoff, E. H. Spafford, and D. Zamboni, An Architecture for Intrusion Detection Using Autonomous Agents, 1998.
8. S. Cheung, R. Crawford, M. Dilger, J. Frank, J. Hoagland, K. Levitt, J. Rowe, S. Staniford, R. Yip, D. Zerkle, The Design of GrIDS: A Graph-Based Intrusion Detection System, 1999.
9. W. Lee, W. Fan, M. Miller, S. Stolfo, and E. Zadok, Toward Cost-Sensitive Modeling for Intrusion Detection and Response, 2001.
10. G. H. Kim and E. H. Spafford, Experiences with Tripwire: Using Integrity Checkers for Intrusion Detection, 1994.

Evaluation Issues

1. N. J. Puketza, K. Zhang, M. Chung, B. Mukherjee, and R. A. Olsson, A Methodology for Testing Intrusion Detection Systems, 1996.
2. R. P. Lippmann, D. J. Fried, I. Graf, J. W. Haines, K. P. Kendall, D. McClung, D. Weber, S. E. Webster, D. Wyschogrod, R. K. Cunningham, and M. A. Zissman, Evaluating Intrusion Detection Systems: The 1998 DARPA Off-line Intrusion Detection Evaluation, 2000.
3. R. P. Lippmann, J. W. Haines, D. J. Fried, J. Korba, and K. Das, The 1999 DARPA Off-line Intrusion Detection Evaluation, 2000.
4. John McHugh, Testing Intrusion Detection Systems: A Critique of the 1998 and 1999 DARPA Off-line Intrusion Detection System Evaluation as Performed by Lincoln Laboratory, 2000.
5. K. Kendall, A Database of Computer Attacks for the Evaluation of Intrusion Detection Systems, 1999.
6. K. Das, Attack Development for Intrusion Detection Evaluation, 2000.

Module VI: Steganography & Steganalysis

1. [Required] Ross J. Anderson and Fabien A. P. Petitcolas, INFORMATION HIDING: AN ANNOTATED BIBLIOGRAPHY, 1999.
2. Ross Anderson, Fabien A.P. Petitcolas, On The Limits of Steganography, 1998.
3. Christian Cachin, An Information-Theoretic Model for Steganography, 2001.
4. Niels Provos, Defending Against Statistical Steganalysis, 2001.

Module VII: Anonymity/Pseudonymity/P3P

1. [Required] David Chaum, Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms, CACM, v. 24, n. 2, pp. 84-88, 1981.
2. [Required] David Chaum, The Dining Cryptographers Problem: Unconditional Sender and Recipient Untraceability, Journal of Cryptology , 1/1, pp. 65-75, 1988.
3. Michael Waidner. Unconditional sender and recipient untraceability in spite of active attacks. In Eurocrypt '89, volume Lecture Notes in Computer Science of 434, pages 302--319. Springer-Verlag, 1989.
4. J. Bos and B. den Boer. Detection of disrupters in the DC protocol. In Lecture Notes in Computer Science 434 (Eurocrypt '89). Springer-Verlag, 1989.
5. M. Waidner and B. Pfitzmann, The dining cryptographers in the disco: Unconditional sender and recipient untraceability with computationally secure serviceability, in Eurocrypt'89, vol. 434, LNCS, Springer-Vertag, 1990.
6. Ceki G�lc� and Gene Tsudik, Mixing Email with Babel, Proceedings of the 1996 Symposium on Network and Distributed System Security, 1996.
7. [Required] P. Syverson, D. Goldschlag, and M. Reed, Anonymous Connections and Onion Routing, Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA, IEEE CS Press, pp. 44-54, May 1997.
8. [Required] Michael Reiter and Aviel Rubin, Anonymous Webtransactions with Crowds, ACM Transactions on Information and System Security, v. 1, n. 1, pp. 66-92, 1998.
9. Adam Back, Ulf M�ller, and Anton Stiglic, Traffic Analysis Attacks and Trade-Offs in Anonymity Providing Systems, Lecture Notes in Computer Science, No. 2137, pp. 245, 2001.
10. Clay Shields and Brian Neil Levine, A Protocol for Anonymous Communication Over the Internet, Proceedings of the 7th ACM Conference on Computer and Communication Security, Athens, Greece, Nov. 1-4, 2000.
11. Rob Sherwood, Bobby Bhattacharjee, and Aravind Srinivasan, P⁵: A Protocol for Scalable Anonymous Communication, IEEE Symposium on Security and Privacy, 2002.
12. Michael Freedman, Emil Sit, Josh Cates, and Robert Morris, Introducing Tarzan, a Peer-to-Peer Anonymizing Network Layer, the First International Workshop on Peer-to-Peer Systems, 2002.
13. [Required] Yong Guan, Xinwen Fu, Riccardo Bettati, and Wei Zhao, "An Optimal Strategy for Anonymous Communication Protocols," in Proceedings of the 22nd IEEE International Conference on Distributed Computing Systems (ICDCS 2002), June 2002.
14. George Danezis, Roger Dingledine, David Hopwood, and Nick Mathewson, Mixminion: Design of a Type III Anonymous Remailer, 2003 IEEE Symposium on Security and Privacy, May 2003.
15. B. N. Levine, M. K. Reiter, C. Wang and M. Wright, Timing attacks in low-latency mix systems, In Financial Cryptography: 8th International Conference, FC 2004.
16. Michael K. Reiter and Xiaofeng Wang, Fragile Mixing, ACM CCS 2004.
17. Platform for Privacy Preferences (P3P) Project, http://www.w3.org/P3P/, 2002.
18. [Required] Anna Lysyanskaya, Ronald L. Rivest, Amit Sahai, Stefan Wolf, Pseudonym Systems, Selected Areas in Cryptography 1999, Lecture Notes in Computer Science.

Module VIII: Cyber Law, Security and Privacy Policies and Guidelines, and Legal Issues

1. [Required] U.S. DoJ, Searching and Seizing Computers and Obtaining Electronic Evidence in Criminal Investigations, Computer Crime and Intellectual Property Section, US DoJ, 2002.
2. Daniel Ryan and Gal Shpantzer, Legal Aspects of Digital Forensics, The George Washington University, 2000.
3. J. Patzakis and V. Limongelli, Encase Legal Journal, Guidance Software, April 2004.
4. SWGDE Document, Scientific Working Group on Digital Forensics, Arpil 2003.
5. THE SEDONA PRINCIPLES: Best Practices Recommendations &Principles for Addressing Electronic Document Production, SEDONA Principles, Jan. 2004.
6. ACPO Guide, Good Practice Guide for Computer based Electronic Evidence, Association of Chief Police Officers,
7. NIJ Guide, Electronic Crime Scene Investigation: A Guide for First Responders, 2001.

Module IX: Legal and Ethical Issues (Optional)

No required readings.

Module X: Court Report Writing and Testimony Skills

No required readings. Here are two useful documents:

1. Judy Nodurft, Documentation and Writing Skills for Legal Reports, California Social Work Education Center (CalSWEC), University of California, Berkeley, 2001.
2. ABA Litigation Section, Factors to Consider When Presenting Expert Testimony, ABA Litigation Section Annual Meeting, August 22, 2005.

Recent Cryptographic News on Hash Collision and Weakness

1. Xiaoyun Wang and Dengguo Feng and Xuejia Lai and Hongbo Yu, Collisions for Hash Functions MD4, MD5, HAVAL-128 and RIPEMD, Cryptology ePrint Archive, Report 2004/199, http://eprint.iacr.org/, August 2004.
2. Eli Biham and Rafi Chen, Near-Collisions of SHA-0, Cypto'2004.
3. NIST's NSRL Project response on recent cryptographic news on hash collision and weakness, 2004.

My Additions:

Blogs (I know I am missing some):

1. Sans Forensics Blog
2. Harlan Carvey
3. Fist full of Dongles
4. Digital Forensics Solutions
5. Tao Security