Posted on

Windows Related Sites

This resources page contains a list of Windows centric security and forensics related sites.

Please note that MacForensicsLab is not necessarily affiliated with any of the sites listed below. Opinions and facts posted on these sites are the responsibility of the respective site owner. We have posted these links as a service to the forensics, eDiscovery, and law enforcement communities and receive no revenue for their placement.


Access Data

Access Data are the producers of ForensicToolKit (aka FTK) as well as other tools for the Microsoft Windows Platform.

Quoted from the AccessData website:

AccessData Group has pioneered digital forensics and litigation support for more than twenty years. Over that time, the company has grown to provide both stand-alone and enterprise-class solutions that can synergistically work together to enable both criminal and civil E-Discovery of any kind, including digital investigations, computer forensics, legal review, compliance, auditing and information assurance. More than 130,000 customers in law enforcement, government agencies, corporations and law firms around the world rely on AccessData software solutions, and its premier digital investigations products and services. AccessData Group is also a leading provider of digital forensics training and certification, with our much sought after AccessData Certified Examiner® (ACE®) and Mobile Phone Examiner Certification AME programs. Recommended Site -Guidance Software

Guidance Software are the producers of Encase – a venerable forensics tool for the Microsoft Windows Platform.

Quoted from the Encase website:

At Guidance, we exist to turn chaos and the unknown into order and the known–so that companies and their customers can go about their daily lives as usual without worry or disruption, knowing their most valuable information is safe and secure.

Makers of EnCase®, the gold standard in digital investigations and endpoint data security, Guidance provides a mission-critical foundation of applications that have been deployed on an estimated 33 million endpoints and work in concert with other leading enterprise technologies from companies such as Cisco, Intel, Box, Dropbox, Blue Coat Systems, and LogRhythm.

Our field-tested and court-proven solutions are used with confidence by 78 of the Fortune 100 and hundreds of agencies worldwide. Recommended Site - Information Week

Information Week Security provides the latest updates on sercurity news from around the web.


Microsoft Security Central

Microsoft Security Central contains information on the latest security updates for all Microsoft products.


Windows IT Pro

WindowsITPro is the leading independent, impartial source of practical, technical information to help IT professionals better understand and manage the Windows and Server enterprise. Each month, they help over millions of IT professionals overcome the same issues you struggle with every day. contains latest Windows security articles and tutorials on the following topics:

  • Authentication, Access Control & Encryption
  • Cloud Computing
  • Content Security (Email & FTP)
  • Firewalls & VPNs
  • Intrusion Detection
  • Misc Network Security
  • Mobile Device Security
  • Viruses, trojans and other malware
  • Web Application Security
  • Web Server Security
  • Windows 10 Security
  • Windows 2003 Security
  • Windows Networking
  • Windows OS Security
  • Windows Server 2008 Security
  • Windows Server 2012 Security
  • Windows Server 2016 Security
  • Wireless Security


Posted on

Linux Related Sites

This resources page contains a list of many authoritative Linux related sites and tools.

Please note that MacForensicsLab is not necessarily affiliated with any of the sites listed below. Opinions and facts posted on these sites are the responsibility of the respective site owner. We have posted these links as a service to the forensics, eDiscovery, and law enforcement communities and receive no revenue for their placement.

International Journal of Digital Evidence

The Sleuth Kit (TSK) is a collection of UNIX-based command line tools that allow you to investigate a computer. The current focus of the tools is the file and volume systems and TSK supports FAT, Ext2/3, NTFS, UFS, and ISO 9660 file systems.

The Sleuth Kit (previously known as TASK) is a collection of UNIX-based command line file and volume system forensic analysis tools. The file system tools allow you to examine file systems of a suspect computer in a non-intrusive fashion. Because the tools do not rely on the operating system to process the file systems, deleted and hidden content is shown.

The volume system (media management) tools allow you to examine the layout of disks and other media. The Sleuth Kit supports DOS partitions, BSD partitions (disk labels), Mac partitions, Sun slices (Volume Table of Contents), and GPT disks. With these tools, you can identify where partitions are located and extract them so that they can be analyzed with file system analysis tools.

When performing a complete analysis of a system, we all know that command line tools can become tedious. The Autopsy Forensic Browser is a graphical interface to the tools in The Sleuth Kit, which allows you to more easily conduct an investigation. Autopsy provides case management, image integrity, keyword searching, and other automated operations.


International Journal of Digital Evidence

ASR Data has been recognized as a leading authority in the field of computer investigations by the United States Department of Justice.

Quoted from the ASR website

In 1984 , ASR Data began providing custom software solutions to companies that needed vertical market software tailored to their specific requirements.

In 1992, ASR Data was asked to develop a software tool and methodology to support the unique requirements of the law enforcement community. At that time, conducting a computer investigation was a tedious, time consuming process which required the use of several single-purpose DOS command line utilities. Investigators were forced to image original media to tape or a disk, then restore the image to another disk. Searching the evidence was limited to one search term at a time and recovering deleted files was accomplished by using off-the-shelf software which was never designed to support the forensic process. Often times, the process changed data and analysts had to restore the image several times.

We sat down with leading authorities from the legal and law enforcement communities and took a close look at the forensic process and what was needed. One of the greatest challenges was the fact that there was no precedent for what we were trying to create. Nobody had done it before, there was no pattern to follow, no giants shoulders to stand on and no failures to learn from. As it turns out, this was also the greatest factor which enabled us to innovate and create something completely new. was first launched in 1996 by a handful of Open Source enthusiasts and security experts who recognized a void in the availability of accurate and insightful news relating to open source security issues. Led by Dave Wreski, who currently serves as chief executive officer of Guardian Digital, this group has grown into a global network of collaborators who devote their time to gathering and publicizing the latest security news, advisories and reports relevant to the Linux community. Headquartered in Guardian Digital’s offices in Allendale, New Jersey,’s editorial and web development staff also creates feature articles, commentaries and surveys designed to keep readers informed of the latest Linux advancements and to promote the general growth of Linux around the world.

The Coroners Toolkit

The Coroners Toolkit – a collection of programs by Dan Farmer and Wietse Venema for a post-mortem analysis of a UNIX system after break-in. The software was presented first in a Computer Forensics Analysis class in August 1999.

According to the site,development of the Coroner’s Toolkit was stopped years ago. It is updated only for for bug fixes which are very rare, and after Wietse discovers that the programs no longer work on a new machine. Users of The Coroners Toolkit are encourage to use Brian Carrier’s Sleuthkit. It is the official successor of TCT. – Their main goal is to inform the public about every company, project and group that uses the Linux operating system and to report on the hard work of countless developers, programmers and individuals who strive everyday to improve on the Linux offerings in the marketplace.

Linux Journal

Linux Journal – Their mission is to serve the Linux community and to promote the use of Linux worldwide. As more and more people see Linux as a viable alternative to traditional OSes, Linux is increasingly being used as a primary operating system. Linux Journal focuses specifically on Linux and other open-source OSes, allowing the content to be a highly specialized source of information for open-source enthusiasts. is always evolving. Their goal is to give you all of the resources and information you need to make your experience with Linux a success.

Security-Enhanced Linux

Security-Enhanced Linux – As part of its Information Assurance mission, the National Security Agency has long been involved with the computer security research community in investigating a wide range of computer security topics including operating system security. Recognizing the critical role of operating system security mechanisms in supporting security at higher levels, researchers from NSA’s Information Assurance Research Group have been investigating an architecture that can provide the necessary security functionality in a manner that can meet the security needs of a wide range of computing environments.