All Products

Sort by:


... more info	01: Introduction to MacForensicsLab
This section provides an overview of MacForensicsLab, its features, functionality and design. Welcome to MacForensicsLab. If this is your first time ... more info

... more info	01: Introduction to MacLockPick
MacLockPick™ is a valuable tool for law enforcement professionals to perform live forensics on Mac OS X systems. The solution is based on a USB Flash ... more info

... more info	01: Overview of MacForensicsLab Field Agent
Overview Overview of MacForensicsLab Field Agent This section provides an overview of MacForensicsLab Field Agent and it’s features, functionality ... more info

... more info	01: Overview of MacForensicsLab Web Agent
Overview Overview of MacForensicsLab Web Agent This section provides an overview of MacForensicsLab Web Agent and it’s features, functionality and ... more info

... more info	02: Elements of MacForensicsLab Web Agent
Elements of MacForensicsLab Web Agent The ‘Source‘ area The source window is where the user sets the criteria for the search. The first required ... more info

... more info	02: Getting Started With MacLockPick
System Requirements MacLockPick is programmed to run on the following minimum specification: Apple Power Macintosh CPU, that is capable of running ... more info

... more info	02: Running MacForensicsLab Field Agent
Running MacForensicsLab Field Agent Step 1: Devices After the initial startup splash screen, the Step 1: Devices screen appears. Here the ... more info

... more info	02: System Requirements
System Requirements This section covers the basic and recommended system requirements for successfully running MacForensicsLab. Modern forensic ... more info

... more info	03: Running MacForensicsLab 3 for the first time
This section demonstrates how to run MacForensicsLab for the first time. To launch the MacForensicsLab application, double click on the ... more info

... more info	03: Running MacForensicsLab Web Agent
Running MacForensicsLab Web Agent Configuring MacForensicsLab Web Agent The first step in configuring Web Agent is entering the URL the user desires ... more info

... more info	03: Using MacLockPick For Your Investigations
The MacLockPick Process The investigation process is a simple 4-step procedure: Insert the MacLockPick flash drive into your suspect's computer ... more info

... more info	04: Appendices
A - Question and Answers Can I make my own MacLockPick CD? No. MacLockPick is secured to the USB key and will not operate from a CD. Attempting to ... more info

... more info	04: Case Preparation
This section will discuss how to prepare for a case using MacForensicsLab. During the course of using MacForensicsLab the examiner will come across a ... more info

... more info	05: Core Functions
This section will outline the core functions of MacForensicsLab for further, detailed discussion. The Core Functional Areas of MacForensicsLab ... more info

... more info	06: Main Window
This section will describe the layout and functionality of MacForensicsLab's Main Window. Overview The ‘Main’ window is the starting point after ... more info

... more info	07: The Acquire Function
This section will discuss the acquisition capabilities of MacForensicsLab. MacForensicsLab can work with original devices and media, as well as disk ... more info

... more info	08: Search Functions
This section will discuss the search functionality of MacForensicsLab. Overview The ‘Search’ function of MacForensicsLab provides the examiner with ... more info

... more info	09: The Analyze Function
This section will discuss the Analyze Function within MacForensicsLab. There will come a point in the case when an examiner may wish to analyze the ... more info

... more info	10: Using The Browse Window To Locate Illegal Pornography
This section will describe the core functionality of the Browse function of MacForensicsLab. Overview The ‘Browse’ window provides the examiner with ... more info

... more info	11: Using The Salvage Window To Locate Lost or Deleted Files
This section discusses the Salvage function contained within MacForensicsLab. Overview MacForensicsLab’s ‘Salvage’ function will search a device, ... more info

... more info	12: Using the Audit function to extract key facts
This section describes the Audit function of MacForensicsLab. The Audit function enables the examiner to quickly and easily locate relevant OS ... more info

... more info	13: Hash functions for files and devices
This section will describe the hash function contained within MacForensicsLab. Using the Hash Function The Hash functionality is a new feature added ... more info

... more info	14: Using Bookmarks to keep track of files of interest
This section will cover Bookmarks within MacForensicsLab. MacForensicsLab uses bookmarks to assist the examiner in collecting files of investigative ... more info

... more info	15: Keeping and managing notes
This section will describe the Note functionality contained within MacForensicsLab. Case Notes are an extremely useful function of MacForensicsLab ... more info

... more info	16: Managing the Database
This section will cover the organization and layout of the MacForensicsLab database. When whichever database (local file, RealSQL server, MySQL ... more info

... more info	17: Creating Reports
This section will cover the report functions within MacForensicsLab 3. Generating a Report This section covers how to write a report using ... more info

... more info	18: Keyboard Shortcuts
This section will list the keyboard shortcuts supported by MacForensicsLab. The following shortcuts are specific to the MacForensicsLab Application. ... more info

... more info	19: Install, Uninstall and Glossary
This section covers how a user can install and uninstall MacForensicsLab as well as providing definitions of commonly used terms. Install To ... more info

... more info	A letter to those who wonder
A letter from the CEO of SubRosaSoft.com Inc To the wise, the curious, and to those who wonder . SubRosaSoft.com Inc. has built MacForensicsLab for ... more info

... more info	Access Data
Access Data are the producers of ForensicToolKit (aka FTK) as well as other tools for the Microsoft Windows Platform. Quoted from the AccessData ... more info

... more info	Adding a Case in MacForensicsLab 2.9
This lesson demonstrates how to add a case using MacForensicsLab 2.9 Open Preferences Window Select MacForensicsLab from the Main Window and select ... more info

... more info	Adding a Disk Image in MacForensicsLab 2.9
This lesson demonstrates how to add a disk image to a case. Attach a Disk Image From the Main Window, select " File " (1) and from the ... more info

... more info	Adding Exported Files into a Report in MacForensicsLab 2.9
This lesson demonstrates how to add exported files back into the case so they can be bookmarked and added into the report. Navigate to exported ... more info

... more info	Adhere to Commonly Held Forensic Practices
Having a computer forensic triage model in place for first responders is important. It is also important that the model adheres to commonly held ... more info

... more info	Advanced Forensics Format (AFF)
AFF® (Advanced Forensics Format) is an open and extensible file format designed to store disk images and associated metadata. Using AFF, the user is ... more info

... more info	AFCEA International
AFCEA International is a non-profit membership association serving the military, government, industry, and academia as an ethical forum for advancing ... more info

... more info	American Academy of Forensics Sciences
The American Academy of Forensics Sciences is a multi-disciplinary professional organization that provides leadership to advanced science and it's ... more info

... more info	American Board of Criminalistics
The American Board of Criminalistics is composed of regional and national organizations which represent forensic scientists. It's an organization ... more info

... more info	AntiChildPorn.Org
AntiChildPorn.Org (ACPO) is an organization, comprised of volunteers from all around the world, whose mission is to stop the sexual exploitation of ... more info

... more info	Apple Forensic Roundtable at Macworld 2009
Join Apple in an interactive forensics discussion and learn how others are using Apple’s Technology. Register Today! (limited seating) - ... more info

... more info	Apple Forensics Mailing List
Mailing list for government computer forensics professionals interested in learning and discussing how to best leverage Apple technology and various ... more info

... more info	Apple Keychain access
Apple has been growing their market share for a number of years now. With the machines becoming more popular there comes the need for specialized ... more info

... more info	Apple Links
AppleLinks.com is a venerable news agent for stories in the Mac OS World. Many of the aggregator sites get their information from this site.

... more info	Apple Product Specifications
An official and comprehensive list of specifciations for all Apple products. Use this list to get details on past and present features for iPods, Mac ... more info

... more info	Apple Security Updates
An official source for security updates on Mac OS X. Users of Mac OS X can also get all their updates by selecting 'Software update...' from the ... more info

... more info	Apple Seminars Online - Mac for Computer Forensics & e-discovery
While most computer users have good intentions, a small minority do not. Law enforcement and security-focused IT professionals need flexible, ... more info

... more info	ASR Data
ASR Data has been recognized as a leading authority in the field of computer investigations by the United States Department of Justice. Quoted from ... more info

... more info	Assess the Danger a Suspect Poses
Through the use of field triage and live forensics tools, an investigator can not only gather evidence against a suspect but also use the data ... more info

... more info	Association Of Sites Advocating Child Protection
Association Of Sites Advocating Child Protection - Founded in 1996, the Association of Sites Advocating Child Protection (ASACP) is a non-profit ... more info

... more info	Australian High Tech Crime Centre
Australian High Tech Crime Centre - The AHTCC provides a nationally coordinated approach to technology enabled crime. Its brief is to combat serious ... more info

... more info	Automate When Possible
Even small errors in the investigative process of a suspects machine may mean the difference between a conviction and a criminal going free. To ... more info

... more info	Automated Triage
Time is a important factor in any criminal investigation. Both in time critical cases such as child abduction, kidnapping, death threats, missing and ... more info

... more info	Basic Steps in Forensic Analysis of Unix Systems
An excellent article written by Dave Dittrich. Quoted from the article Your job, as a forensic investigator, is to do your best to comb through the ... more info

... more info	Boot A Mac From CD/DVD
Making a forensic acquisition using a forensic work station and a hardware write blocker is the preferred method of acquiring a suspect drive. ... more info

... more info	Browser Artifacts
Web browsers create a number of artifacts that can be of interest to an investigator during the triage state of an investigation and later on during ... more info

... more info	Capture Running Processes
Knowing what a suspect was doing on their computer before an investigation begins can be helpful to most examinations. All running applications open ... more info

... more info	Cases where Less Traditional Workflows are Required
While more traditional workflow's may work for most cases, when it comes to time critical cases such as child abduction, kidnapping, missing persons, ... more info

... more info	Catching a Murderer
Criminals always leave a trail for investigators to find. Zeroing in on this critical data can be difficult at times but the use of specialize tools ... more info

... more info	Cell Phone Data
Cell phones have become part of our everyday life's. With the advances made in the last several years, the phones have started storing not just phone ... more info

... more info	CERT
The CERT® Program is part of the Software Engineering Institute (SEI), a federally funded research and development center at Carnegie Mellon ... more info

... more info	CFLab.CN
CFLab.CN provide eDiscovery services and distribute forensics software to the law enforcement communities in mainland China and Hong Kong. CFLab is a ... more info

... more info	Choosing a USB Port for MacLockPick
Up until the release of Apple's new aluminum keyboard, all Apple branded keyboards featured USB 1.1 ports. Because of the much higher data transfer ... more info

... more info	Comparing the Mac OS X Property List to the Windows Registry
Apple Property List: Comparing the Mac OS X Property List to the Windows Registry Dennis Browning Champlain College Burlington, VT ... more info

... more info	Computer Forensic Field Triage Process Model
The Computer Forensic Field Triage Process Model (Rogers, Goldman, Mislan, Wedge, Debrota, 2006) outlines the process and phases of a triage ... more info

... more info	Computer Forensics Field Triage Process Model
This document is reprinted with kind permission from Mr Marcus K. Rogers. The original pdf form of this document can be found at ... more info

... more info	Computer Forensics World
Computer Forensics World - A large database driven news site for the law enforcement, e-discovery, and digital forensics community. A quote for the ... more info

... more info	Computer Forensics World: Forums
A bulletin board brought to you by the Computer Forensics World website.

... more info	Computer Security Institute
Computer Security Institute serves the needs of Information Security Professionals through membership, educational events, security surveys and ... more info

... more info	Computer-Forensics.co.uk
Computer-Forensics.co.uk - The main users of Computer Forensics are law enforcement officers, as a large percentage of crimes in some way utilise ... more info

... more info	Consideration for Common Practices
While time is critical in many investigations, it's important to insure that investigation procedures used to minimize the time required to find ... more info

... more info	COSPOL Internet Related Child Abusive Material Project
CIRCAMP is one of several COSPOL groups on various crime areas, and had worked on other Action Plans since its initiation in 2004. COSPOL is an ... more info

... more info	Creating A Bootable Drive For MacForensicsLab Using DasBoot
Bootable acquisition drives are very handy for onsite acquisitions of suspect material. Creating a bootable acquisition drive for MacForensicsLab ... more info

... more info	Creating a Custom Bookmarks Folder in MacForensicsLab 2.9
Open Bookmarks Window From MacForensicsLab Main Window select "Bookmarks" (1) and from the drop down list "Show All Bookmarks" ... more info

... more info	Credit Card and Social Security Number Searching
Identity theft is a growing issue. With phishing scams and corporate theft, it's an issue that can affect everyone, even those not online. ... more info

... more info	Cross Platform Forensic Tools
Computers have become more and more common in criminal investigations. Likewise, the number of different operating systems that investigators are ... more info

... more info	Customize the Report within MacForensicsLab 2.9
This lesson will demonstrate how to customize the Report by altering default files and adding files that the examiner wants to be added to every case ... more info

... more info	Cybercrime Summit
The Cybercrime Summit is a yearly computer forensics event held in Kennesaw, Georgia. Forensic professionals from all over the US attend this 5 day ... more info

... more info	Departure from The Norm
The Computer Forensic Field Triage Process Model may be a bit difficult for some investigators to get use to at first as it is a bit backwards from ... more info

... more info	DFRWS (Digital Forensics Research Conference)
DFRWS is dedicated to the sharing of knowledge and ideas about digital forensics research. Ever since it organized the first open workshop devoted to ... more info

... more info	Digital Creativity Free Mac Software List
Digital Creativity In The Classroom provides links to many great free software programs for the Mac. Included in this list are utilities that may be ... more info

... more info	Digital Reconnaissance, Inc.
2323 Clear Lake City Blvd. Suite 180-215 Houston, Texas 77062 p. 877.344.7267 f. 877.454.6376 e. sales@digitalreconnaissance.com ... more info

... more info	Disabling Windows Autorun
Care needs to be taken when examining suspect USB thumb drives and CDs. These types of media may contain autorun viruses and malware that could ... more info

... more info	Disabling Windows BitLocker Encryption
BitLocker is a new drive encryption technology introduced with the Vista operating system. With BitLocker enabled, all files on a personal computer’s ... more info

Add:	Disk Jockey Pro - Forensic Edition Model: Forensics Edition Manufacturer: Diskology Price: $599.00 Weight: 1lbs
Introducing the worlds most affordable combination disk copy and write blocking tool designed for the computer forensic market. The Disk Jockey PRO ... more info

... more info	DOJ Computer Crime and Intellectual Property Section
The Computer Crime and Intellectual Property Section (CCIPS) is responsible for implementing the Department's national strategies in combating ... more info

... more info	Drug Slang Words to Include in a Keyword Search
The drug community has a vast array of slang words for illegal substances. Performing a forensics search on these terms takes knowledge and awareness ... more info

... more info	E-Evidence Information
E-Evidence Information is a large collection of links to various forensic material throughout the internet.

... more info	Email Artifacts
Email is a valuable tool for all online users. It's also a common tool used by criminals. The information found in the email messages of a suspect ... more info

... more info	Erasing a Target Drive
Securely erasing a drive will overwrite the contents of the device to insure that no data can be recovered. This process involves overwriting every ... more info

... more info	Evidence has Gone Digital
The increase in technology also changes our concept of what constitutes evidence in a criminal investigation. Where previously most evidence was ... more info

... more info	eWalker Consulting Ltd.
eWalker Consulting Ltd. www.ewalker.com.hk Unit 1211, Hang Shing Building, 363 Nathan Road, Kowloon, Hong Kong eWalker Consulting Ltd. specializes in ... more info

... more info	Expert Witness Network
Expert Witness Network - The mission of the Expert Witness Network is to link attorneys and expert witnesses via the World Wide Web by using online ... more info

... more info	Exporting Data from the MacLockPick Logs
MacLockPick acquires lots of detailed information about a suspect. Much of the data it finds can be very helpful in an investigation. When viewing ... more info

... more info	Federal Bureau Of Investigation
The FBI is the principal investigative arm of the United States Department of Justice. It has the authority and responsibility to investigate ... more info

... more info	Feedback from Triage
There are many benifits to field triage such as on site access to evidence. An additioan benifit to performing triage on the scene is the feedback ... more info

... more info	Field Triage Tool Benefits
The use of forensic triage tools can increase the effectiveness of any investigation. Through the use of forensic triage tools an investigator can ... more info

... more info	Filtering with MacLockPick
This lesson is designed to demonstrate how to use the filter feature in MacLockPick. Insert MacLockPick into USB Port This demo is done using Mac OS ... more info

... more info	Financial Crimes
Financial crimes such as currency counterfeiting, money laundering, intellectual property crime affect all levels of society. When searching for ... more info

... more info	Find the Last Server a User was Connected to in Mac OS X
Mac OS X makes connecting to remote servers very easy. Retrieving information about servers a suspect has connected to will help an investigator find ... more info

... more info	Finding Child Pornography with the Skin Tone Analyzer
The distribution of child pornography is one of the most disturbing cyber crimes. With the growth of the internet and the ease of file-sharing these ... more info

... more info	Finding Disk Images that Have Been Burnt to CD/DVD
Disk Images (.dmg) are very common on Mac OS X. Disk Images allow both compression and password protection so they are very common for the ... more info

... more info	Finding Evidence Quickly
Finding useable evidence quickly is one of the most important focuses of field triage and live forensics. Being able to zero in on suspect evidence ... more info

... more info	Finding iChat Usernames on Mac OS X
iChat is an AIM (AOL Instant Messenger) client and comes built-in to Mac OS X. It is popular with many Mac OS X users as it has an easy to use ... more info

... more info	Finding Past and Present Address Book Content
The Apple Address Book is the central address book in Mac OS X. In addition to containing user entered names and addresses, it also contains an entry ... more info

... more info	Finding Recent Google Searches
Google is the most popular search engine on the planet. Safari, the default web browser in Mac OS X, has a built in Google search bar in the upper ... more info

... more info	Finding Recently Played Windows Media Files on Mac OS X
Although Microsoft has officially dropped support for Windows Media Player for Mac (Microsoft redirects Mac users to the Flip4Mac website as they ... more info

... more info	Finding Recently Viewed Pictures in Mac OS X
The default image browsing application in Mac OS X is Preview. It is a popular program for viewing images as it supports a large number of file ... more info

... more info	Finding Remote Desktop Connections
Apple Remote Desktop (sometime abbreviated ARD) allows users to control or monitor another computer over a network or internet connection. You can ... more info

... more info	Finding the Last iPod Connected to Mac OS X
iPod sales have almost topped 10 million world wide. They are also becoming a popular device for suspects to store information other then just MP3s ... more info

... more info	Finding the Original Registrant of Mac OS X
When Mac OS X is run for the first time after installation, the user is prompted to enter their registration information such as name, address, ... more info

... more info	Finding the system time and date on a Mac
Acquiring the computer time from a Mac is a common task for many investigators. Having the computer time allows and investigator to correlate ... more info

... more info	Firefox Artifacts
Mozilla Firefox is fast becoming one of the most popular browsers on the internet today. Current estimates as of June 2007 believe Firefox makes up ... more info

... more info	First Responders
First responders must be very aware of their tasks when first arriving to perform forensic triage. The efforts of the first responder is critical to ... more info

... more info	Flash Drive Registry Information
USB thumb drives (flash drives) have become a very popular tool for transferring files from computer to computer. They're small, portable, and often ... more info

... more info	Forensic Computers
www.Forensic-Computers.com Forensic Computers, Inc. specializes in building forensic workstations for lab and mobile use, providing forensic ... more info

... more info	Forensic Focus
Forensic Focus is a forensic community with forums, email discussion list, and newsletter.

... more info	Forensic Focus Forums
A bulletin board brought to you by the Forensic Focus website.

... more info	Forensic Image Hash Validation
The ability to obtain a valid forensic image is critical to the successful completion of a forensic examination. Therefore, as with all forensic ... more info

... more info	Forensic Imaging of the Amazon Kindle
The Amazon Kindle is currently the most popular ebook reader on the market. With expected sales of 5 million Kindles in 2010 and up to 11.5 million ... more info

... more info	Forensic Science Communication
Forensic Science Communications (FSC) is a peer-reviewed forensic science journal published quarterly in January, April, July, and October by FBI ... more info

... more info	Forensically Sound Examination of a Macintosh (Part 1)
June 21, 2007 Macintosh Forensics A Guide for the Forensically Sound Examination of a Macintosh Computer Part 1 of 2 Ryan R. Kubasiak, Investigator - ... more info

... more info	Forensically Sound Examination of a Macintosh (Part 2)
June 21, 2007 Macintosh Forensics A Guide for the Forensically Sound Examination of a Macintosh Computer Part 2 of 2 Ryan R. Kubasiak, Investigator - ... more info

... more info	Forensics Wiki
Forensics Wiki - a Creative Commons-licensed wiki devoted to information about digital forensics.

... more info	ForensicScience.net
JUVENILE OFFENDERS & TROUBLED TEENS With crime in certain areas of America reaching new highs and fever pitches, we thought it important to address ... more info

... more info	Forum for Incident Response and Security Teams (FIRST)
FIRST brings together a variety of computer security incident response teams from government, commercial, and educational organizations. FIRST aims ... more info

... more info	Forward Discovery
Forward Discovery is a SubRosaSoft authorized training partner and is available to provide training and certification on the MacForensicLab ... more info

... more info	FrontLine Inc
FRONTLINE Inc. is a software developer and a distributor specialized in system utilities and forensics applications. The distributor for ... more info

... more info	Fulcrum Management
Fulcrum Management Asia Pte Ltd http://www.fulcrum.net.au 100 Jalan Sultan #05-39C Sultan Plaza Singapore, 199001 Fulcrum is a digital investigation ... more info

... more info	Gain SYSTEM User Access in Microsoft Vista
Gaining SYSTEM user access in Microsoft Vista is a simple procedure and allows a forensic investigator higher level access then the administrator. ... more info

... more info	Gaining Root Access in Linux
There may be times when it can be beneficial to an investigation for the investigator to be able to login to a suspect machine as the root user to ... more info

... more info	GovernmentSecurity.org
GovernmentSecurity.org is not a "Black Hat" or "White Hat" web site. Yes, we are a security related web site but, we consider this site to hold a ... more info

... more info	GraphicConverter
Perhaps the most powerful tool for working with graphic formats. This program can open almost every graphic format ever made, and is well known for ... more info

... more info	Guidance Software
Guidance Software are the producers of Encase - a venerable forensics tool for the Microsoft Windows Platform. Quoted from the Encase website ... more info

... more info	Guide an Ongoing Investigation
Field triage and live forensics are key to acquiring critical evidence in an active investigation. This information can be used to guide an ... more info

... more info	Hardware and Software Write Blocking
When creating an image of a suspect drive, the investigator needs to insure that the evidence is not altered and it remains forensically sound. This ... more info

... more info	Help Net Security
Help Net Security (HNS) is an online portal that covers all the major information security happenings. The portal has been online since 1998 and ... more info

... more info	HTCIA
The High Technology Crime Investigation Association (HTCIA) is designed to encourage, promote, aid and effect the voluntary interchange of data, ... more info

... more info	Identify Criminal Charges
The use of triage on scene and live forensic tools can identify evidence that can lead to potential charges. Quickly finding proof of a crime ... more info

... more info	Identify Victims of Crime
The use of field triage can help to identify current and possible future victims. By quickly examining the evidence on the scene, a forensic examiner ... more info

... more info	Imaging a Drive via Target Disk Mode
Sometimes an investigator may not have access to a hardware write blocker or may not be able to remove the suspect drive from their Mac (we do not ... more info

... more info	Importance of Volatile Data
Capturing information about the current state of a suspect computer before powering it down is important to a forensic investigation. There is a ... more info

... more info	Information Week Security
Information Week Security provides the latest updates on sercurity news from around the web.

... more info	Insectra Technology Services
Insectra Technology Services is Technology Company that delivers a wide range of Technology Products and Services to customers in Europe, the Middle ... more info

... more info	Insecure.org
Insecure.org is an internet security site and the home of the popular NMAP Network Security Scanner tool.

... more info	Instant Message (IM) Artifacts
Instant messaging is a common method of communication on the internet. Many instant message programs store contact lists along with chat histories. ... more info

... more info	International Journal of Digital Evidence
International Journal of Digital Evidence (IJDE) is a forum for discussion of theory, research, policy, and practice in the rapidly changing field of ... more info

... more info	Internet Artifacts
Almost every investigation will involve the analysis of internet artifacts. Web browsing caches store records of sites a suspect has visited. Emails ... more info

... more info	iPhone Artifacts
iPhones and iPod Touch with firmware version 2.0 or later will call home periodicly to see if any applications have been blacklisted by Apple. This ... more info

... more info	iPhone Artifacts
The Apple iPhone has become a popular cell phone for many due to the mass market appeal and the easy of use. It's feature rich and has become much ... more info

... more info	iPhone Unlocking
As Apple guys and forensics experts we are constantly aware of the legendary iPhone We have them ourselves (and love them) and we are aware of the ... more info

... more info	Justnet.org
The National Institute of Justice's (NIJ's) Office of Science and Technology, the National Law Enforcement and Corrections Technology Center (NLECTC) ... more info

... more info	Linux Journal
Linux Journal - Their mission is to serve the Linux community and to promote the use of Linux worldwide. As more and more people see Linux as a ... more info

... more info	Linux.com
Linux.com is always evolving. Their goal is to give you all of the resources and information you need to make your experience with Linux a success.

... more info	Linux.org
Linux.org - Their main goal is to inform the public about every company, project and group that uses the Linux operating system and to report on the ... more info

... more info	LinuxSecurity.com
LinuxSecurity.com was first launched in 1996 by a handful of Open Source enthusiasts and security experts who recognized a void in the availability ... more info

... more info	LinuxSecurity.com
A good portal site to all things related to linux security.

... more info	Mac mini Take Apart Guide
The Mac mini is a small, low cost Mac that offers a lot of features in a small package. It's a nice entry level machine for new and old Mac users. ... more info

... more info	Mac Open Firmware Password Removal
Open Firmware is hardware independent firmware (computer software that loads the operating system). Open Firmware is present on PPC (PowerPC) Macs. ... more info

... more info	Mac OS X Forensics
Mac OS X Forensics is a website by Ryan R. Kubasiak that offers helpful information about forensic investigation of the Mac OS X operating system. It ... more info

... more info	Mac OS X Hints
The Mac OS X Hints site gives handy tips and tricks for all things Apple. Quoted from the MacOSXHints website I should first say that OS X public ... more info

... more info	Mac Speed Zone
Mac Speed Zone - Mac OS X News and Information Page. How fast do you want to go ? Quoted from the MacSpeedZone page a list of links relating to OS ... more info

... more info	MacBook Air Take Apart Guide
Apple's new MacBook Air is a small light-weight laptop for users on the go. It packs lots of features into a small package. In fact it's just 0.76 ... more info

... more info	MacCompanion review of MacLockPick II
MacLockPick II (2.1) – Extract all incriminating info on any computer (Linux, Mac, Windows) or iPhone Reviewed by Robert L Pritchett ... more info

... more info	MacFixIt
MacFitIt - Updated daily by an expert staff, the site provides the latest workarounds and solutions to technical roadblocks and frustrating barriers. ... more info

... more info	MacFixIt Forums
The MacFixIt Forums are a collection or message boards where readers can post questions and comments and read the replies.

... more info	MacForensicsLab Model: 4.0 Manufacturer: SubRosaSoft.com Inc Price: $1,495.00 Weight: 1lbs
MacForensicsLab™ is the most powerful and cost-effective forensic tool on the market specifically designed to meet the demands of modern law ... more info

... more info	MacForensicsLab 3.0 released
MacForensicsLab 3.0 released Redesigned Mac forensic suite features improved performance, enhanced user interface, and support for Snow Leopard. ... more info

	MacForensicsLab Field Agent Model: Windows, Mac OS X, Linux Manufacturer: SubRosaSoft.com Inc Price: $39.95 Weight: 0lbs
MacForensicsLab Field Agent is a tri-platform tool designed specifically to help combat Crimes Against Children. It offers investigators a powerful ... more info

... more info	MacForensicsLab Field Agent 1.0 Release
SubRosaSoft.com Inc. releases free tool for investigating crimes against children Newark, CA September 17th 2009 - SubRosaSoft.com Inc. is proud to ... more info

... more info	MacForensicsLab for Linux
Click here to visit a page on this site about MacForensicsLab for Linux. The software is a complete forensics suite that is fully cross platform and ... more info

... more info	MacForensicsLab for Mac OS X
Click here to visit a page on this site about MacForensicsLab for Mac OS X. The software is a complete forensics suite that is fully cross platform ... more info

... more info	MacForensicsLab for Windows
Click here to visit a page on this site about MacForensicsLab for Microsoft Windows. The software is a complete forensics suite that is fully cross ... more info

... more info	MacForensicsLab for Windows
SubRosaSoft.com Inc. announces the release of the Windows version of MacForensicsLab version 2.5 The powerful forensics tool now runs natively on ... more info

Add:	MacForensicsLab Social Agent Model: 1.0 Manufacturer: SubRosaSoft.com Inc Price: $79.95 Weight: 0lbs
Social Agent™ is designed to get evidence from chats, private messages, and blog activity on Facebook (and other) social networking websites. Social ... more info

Add:	MacForensicsLab v4.0 Model: Manufacturer: MacForensicsLab Inc Price: $495.00 Weight: 1lbs
SubRosaSoft.com Inc. is pleased to announce the immediate availability of version 4.0 of MacForensicsLab for Mac OS X. Maintenance contract customers ... more info

... more info	MacForensicsLab Version History
MacForensicsLab version 4.0 Redesigned main window interface. Button panel replaced by the Action menu and context sensitive menus. User can now ... more info

Add:	MacForensicsLab Web Agent Model: Windows, Mac OS X, Linux Price: $39.95 Weight: 0lbs
MacForensicsLab Web Agent is a tri-platform website crawler designed to hunt child pornography, with a built-in skin tone analyzer to quickly and ... more info

... more info	MacForensicsLab Write Controller Model: Manufacturer: SubRosaSoft.com Inc Price: $149.00 Weight: 0lbs
MacForensicsLab Write Controller is a software write-blocker. Write Controller prevents the Mac from automatically mounting volumes and maintains the ... more info

... more info	MacInTouch
MacInTouch is an independent journal about Macintosh computing,

... more info	MacLockPick
MacLockPick adheres to commonly held forensic principals and does not negate the ability to transfer systems/storage media back to the lab for more ... more info

... more info	MacLockPick 2.1 released
SubRosaSoft.com Inc. releases MacLockPick 2.1 New plugins and full Linux support added NEWARK, CA March 25th 2009 - SubRosaSoft.com Inc. announces ... more info

... more info	MacLockPick 3.0 Model: Forensics Triage Tool Manufacturer: SubRosaSoft.com Inc Price: $499.00 Weight: 1lbs
For more information on the free upgrade to version 3.0 please click here. The need for timely identification, interpretation and meaningful analysis ... more info

... more info	MacMinute.com
MacMinute.com - up to the minute news and MacForensicsLab's favorite mac news website Some personal bias is involved here (but no payment, its just a ... more info

... more info	MacOSXApps
MacOSXApps provides live news on new software releases for Mac OS X.

... more info	MacOSXForensics.com reviews MacLockPick II
MacOSXForensics.com's review of MacLockPick II can be found at http://www.macosxforensics.com/Resources/maclockpickii/maclockpickii.html MacLockPick ... more info

... more info	MacSlash
MacSlash - a daily dose of Macintosh news and discussion. A collection of blogs on mac news.

... more info	MacSurfer.com
www.MacSurfer.com is a news aggregator site for Mac OS X news sites. A handy site to find links to all things happening in the mac world.

... more info	MacUpdate.com
MacUpdate appears to be an aggregator site for updates to mac software. Quoted from the MacUpdate site. About MacUpdate - #1 on Google when ... more info

... more info	Maintain the Validity of Evidence
Triage tools are a powerful addition to any forensic investigators toolbox. One important aspect of a triage tool is that it minimize the chances of ... more info

... more info	Malware On Mac OS X - Viruses, Trojans, and Worms
A white paper on the history and future of malware and how it can affect the Apple Mac OS X platform. This document is also available in academic ... more info

... more info	Microsoft Security Central
Microsoft Security Central contains information on the latest security updates for all Microsoft products.

... more info	Modification of Suspect Systems
One concern some have with live forensics is the risk of modifying data on the suspect machine and there-by making the suspect evidence inadmissible ... more info

... more info	Nanoforensic
Nanoforensic is established in 2008 in Istanbul -Turkey. Nanoforensic is the distributor and reseller of many manufacturers in the field of computer ... more info

... more info	National Forensic Science Technology Center
The National Forensic Science Technology Center is a not-for-profit corporation funded by a Cooperative Agreement with the National Institute of ... more info

... more info	National Institute Of Justice
National Institute Of Justice - NIJ is the research, development, and evaluation agency of the U.S. Department of Justice and is dedicated to ... more info

... more info	National Institute Of Standards and Technology (NIST)
National Institute Of Standards and Technology (NIST) - The Computer Forensics Tools Verification project provides a measure of assurance that the ... more info

... more info	National Security Agency (NSA)
The National Security Agency/Central Security Service is America’s cryptologic organization. It coordinates, directs, and performs highly specialized ... more info

... more info	Network Artifacts
In these increasingly connected times, most computers are connected to some sort of network. The information about current network connections can ... more info

... more info	Officer.com
Officer.com provides today's law enforcement officer with up to date news, information, and resources to help them do their job.

... more info	Often Overlooked but Beneficial Artifacts
Any information that allows an investigator to paint a better picture of a suspects activities can be beneficial to an investigation. The clipboard ... more info

... more info	Open Source Digital Forensics
The Open Source Digital Forensics site is a reference for the use of open source software in digital investigations (a.k.a. digital forensics, ... more info

... more info	Order of Volatility
When collecting data for a computer forensic investigation you want to collect the most volatile data first as it will be lost the quickest. The ... more info

... more info	OS X Factor
OS X Factor - News, Information and Resources for Mac OS X users. Quoted from the OS X Factor website OS X Factor began life as Mac OS X Centric ... more info

... more info	OS X FAQ
OS X FAQ - Technical News and Support for Mac OS X Quoted from the OS X FAQ website The OSXFAQ home page contains the most recent news and ... more info

... more info	OS X Zone
OS X Zone - a live news feed for all things Mac

... more info	Packet Storm
.:[ packet storm ]:. - Information and computer security full disclosure web site.

... more info	Putting an iPod into Diagnostic Mode
The iPod has become the most popular MP3 player on the market. Because iPods can also be used as a mass storage device (with the exception of the ... more info

... more info	Quick Links - for bulletin boards
This page is a full list of the links contained in this section. You can learn more about each of the pages with or without visiting them by looking ... more info

... more info	Quick Links - for Forensics
This page is a full list of the links contained in this section. You can learn more about each of the pages with or without visiting them by looking ... more info

... more info	Quick Links - for Linux
This page is a full list of the links contained in this section. You can learn more about each of the pages with or without visiting them by looking ... more info

... more info	Quick Links - for Mac
This page is a full list of the links contained in this section. You can learn more about each of the pages with or without visiting them by looking ... more info

... more info	Quick Links - for Security Sites
This page is a full list of the links contained in this section. You can learn more about each of the pages with or without visiting them by looking ... more info

... more info	Quick Links - for Windows
This page is a full list of the links contained in this section. You can learn more about each of the pages with or without visiting them by looking ... more info

... more info	Recently Accessed Items in Mac OS X
Showing applications, documents, and severs a user most recently accessed can help direct an investigator to files of interest or help show intent. ... more info

... more info	Recently Opened QuickTime Files
QuickTime is the default movie player in Mac OS X. Because of it's ability to play a wide range of video and audio media, QuickTime Player is a ... more info

... more info	Recognizing Potential Evidence
The following was taken from the United States Secret Service's Best Practices For Seizing Electronic Evidence. We highly recommend you read the ... more info

... more info	Recovering Email from Mac OS X Mail
Since the release of Mac OS X, Mail.app has been the default email application. Mail stored emails in .mbox files up until the release of Mac OS X ... more info

... more info	Reddy's Forensic Page
Reddy's Forensic Page is run by a retired forensic scientist with Police Laboratory, New York City Police Department. He spent 36 years in the ... more info

... more info	Regional Computer Forensics Laboratory
Regional Computer Forensics Laboratory - The RCFL is a one-stop, full service forensics laboratory and training center devoted entirely to the ... more info

... more info	Removing a Mac Hard Drive
With the smaller and more compact design of computers these days, it's becoming increasingly difficult to take them apart to get access to the hard ... more info

... more info	Resetting the Admin Password in Mac OS X
The easiest way to bypass the administrator password is to remove the drive and attach it to another machine or a forensic station, then use ... more info

... more info	Royal Canadian Mounted Police Technical Security Branch
Royal Canadian Mounted Police Technical Security Branch - The Technical Security Branch (TSB) is part of the RCMP's Technical Operations and are ... more info

... more info	Scientific Working Group on Digital Evidence (SWGDE)
The Scientific Working Group on Digital Evidence (SWGDE) brings together organizations actively engaged in the field of digital and multimedia ... more info

... more info	Scripted Incident Response
Keeping track of what has been done is an important part of the first responders job. By scripting the procedures required an investigator can make ... more info

... more info	Searching MacLockPick Logs
MacLockPick extracts a wide range of valuable data from suspect machines. The information is presented in an easy to view format for the investigator ... more info

... more info	SecureMac.com
SecureMac was historically one of the best sites for information on mac security topics. It has slowed down it's updates in the past 2 years but ... more info

... more info	SecuriTeam
SecuriTeam™ is a group within Beyond Security® dedicated to bringing you the latest news and utilities in computer security.

... more info	Security Focus
Security Focus - a good source of security information on the Internet. Quoted from the Security Focus "about" page SecurityFocus is the most ... more info

... more info	Security Pro VIP
Security Pro VIP - Your guide to security for Windows systems and networks. Security administrators and other IT administrators who subscribe to ... more info

... more info	Security-Enhanced Linux
Security-Enhanced Linux - As part of its Information Assurance mission, the National Security Agency has long been involved with the computer ... more info

... more info	SecurityTracker
SecurityTracker is a service that helps you to keep track of the latest security vulnerabilities. They monitor a wide variety of Internet sources for ... more info

... more info	SHI (Software House International Inc.)
Phone 888.764.8888 http://shidirect.com

... more info	SiteLink.net
SiteLink.net is another news aggregator for the mac world.

... more info	Sleepimage in Mac OS X
The sleepimage is a file that Mac OS X uses to store the contents of the active RAM when a machine is put to sleep. This information is stored to ... more info

... more info	SleuthKit
The Sleuth Kit (TSK) is a collection of UNIX-based command line tools that allow you to investigate a computer. The current focus of the tools is the ... more info

... more info	Starting Points For A Mac OS X Investigation
When processing an investigation of a suspect's Mac OS X hard drive using MacForensicsLab there are several places that you may want to start your ... more info

... more info	Stop Drug Crimes
Drug trafficking has reached epidemic levels in some countries. These criminals are also more commonly using digital means to organize their criminal ... more info

... more info	Stuffit Expander
In earlier days - the Mac OS stored compressed files using a program called 'Stuffit', you may have seen these files around with a suffix of .sit or ... more info

... more info	SubRosaSoft.com Inc. announces MacForensicsLab 1.0
SubRosaSoft.com Inc. Ships MacForensicsLab 1.0 -- The first comprehensive Macintosh-based forensics and analysis software provides a single solution ... more info

... more info	SubRosaSoft.com Inc. announces MacForensicsLab 2.0
SubRosaSoft.com Inc. Announces MacForensicsLab 2.0 New version of the Mac OS X forensics software adds many new features Union City, CA -- January ... more info

... more info	SubRosaSoft.com Inc. announces MacForensicsLab 2.5
SubRosaSoft.com Inc. announces MacForensicsLab version 2.5 Improved UI and performance, increased search capabilities, and beta versions for Windows ... more info

... more info	SubRosaSoft.com Inc. announces MacForensicsLab 2.5 for Windows
SubRosaSoft.com Inc. announces the release of the Windows version of MacForensicsLab version 2.5 The powerful forensics tool now runs natively on ... more info

... more info	SubRosaSoft.com Inc. announces MacForensicsLab 2.5.2
SubRosaSoft.com Inc. announces Leopard support for MacForensicsLab 2.5.2 Computer forensic software for Mac OS X released with Leopard support - ... more info

... more info	SubRosaSoft.com Inc. announces MacForensicsLab 3.0
Redesigned Mac forensic suite features improved performance, enhanced user interface, and support for Snow Leopard. Newark, Calif. April 15th 2010 - ... more info

... more info	SubRosaSoft.com Inc. announces MacLockPick 1.0
SubRosaSoft.com Inc. announces MacLockPick 1.0 April 27, 2007 - SubRosaSoft.com Inc. today announced the immediate availability of MacLockPick, a new ... more info

... more info	SubRosaSoft.com Inc. announces MacLockPick 1.1.1
SubRosaSoft.com Inc. announces MacLockPick™ 1.1 and free Macworld passes Live forensics tool for extracting passwords, Internet history, and system ... more info

... more info	SubRosaSoft.com Inc. announces MacLockPick 2.0
SubRosaSoft.com Inc. announces MacLockPick 2.0 New cross platform version of award winning forensics triage tool NEWARK, CA -- Following their 2007 ... more info

... more info	SubRosaSoft.com Inc. announces version 1.5 of MacForensicsLab
SubRosaSoft.com Inc. announces version 1.5 of MacForensicsLab --New version of the Mac OS X forensics software features enhancements in report ... more info

... more info	SubRosaSoft.com Inc. announces version 1.6 of MacForensicsLab
SubRosaSoft.com Inc. announces version 1.6 of MacForensicsLab --Our newest Universal Binary version of Mac OS X forensics software features ... more info

... more info	SubRosaSoft.com Inc. offering free MacLockPick training CD
SubRosaSoft.com Inc. Announces Free MacLockPick Training CD Free training tutorial to learn about MacLockPick and forensic triage Newark, CA -- ... more info

... more info	SubRosaSoft.com Inc. releases free forensics podcast
SubRosaSoft.com Inc. posts Forensics on Mac OS X podcast We are excited to offer a free video of the presentation "Forensics on Mac OS X - Learning ... more info

... more info	SubRosaSoft.com Inc. releases MacForensicsLab Write Controller
SubRosaSoft.com Inc. is proud to announce the release of MacForensicsLab Write Controller 1.0, a software write-blocking application. Write ... more info

... more info	Swapping iChat Encryption Certificates in Mac OS X
iChat, the default AIM client on Mac OS X, allows Apple .Mac users to encrypt chat if both users are using .Mac accounts. The encryption certificate ... more info

... more info	Take it Apart
This site is dedicated to taking electronic equipment apart and rebuilding it. Herein, is an excellent reference for taking apart a MacBookPro.

... more info	Target Child Pornography
Child pornography is a serious crime plaguing our society and one of the most commonly investigated crimes for many agencies. Through the use of ... more info

... more info	TCT - The Coroners Toolkit
The Coroners Toolkit - a collection of programs by Dan Farmer and Wietse Venema for a post-mortem analysis of a UNIX system after break-in. The ... more info

... more info	The Computer Crime Research Center
The Computer Crime Research Center was created in 2001 to conduct research in legal criminal and criminological problems of cybercrime with the ... more info

... more info	The Computer Forensics Tool Testing (CFTT) Project
The Computer Forensics Tool Testing (CFTT) project provides a measure of assurance that the tools used in computer forensics investigations produce ... more info

... more info	The Electronic Discovery Reference Model
EDRM develops guidelines, sets standards and delivers resources to help e-discovery consumers and providers improve quality and reduce costs ... more info

... more info	The Focus of Computer Forensic Triage
Computer forensic triage is usually defined as the process by which projects or activities are prioritized to determine which should be attempted ... more info

... more info	The Honeynet Project
The Honeynet Project is a non-profit (501c3) volunteer, research organization dedicated to improving the security of the Internet at no cost to the ... more info

... more info	The National Center for Forensic Science
The National Center for Forensic Science provides research, education, training, tools and technology to meet the current and future needs of the ... more info

... more info	The National Museum of Crime & Punishment
The National Museum of Crime & Punishment, located in Washington, D.C.. The museum displays excellent depictions of historically famous crime scenes ... more info

... more info	The Triage Phase
The triage phase of the investigation is the foundation on which the other phases after it will be built. All potential evidence must be considered ... more info

... more info	The Virtual Global Taskforce
The Virtual Global Taskforce (VGT) is made up of police forces from around the world working together to fight online child abuse.

... more info	Time Considerations
Making considerations for the time each process will take within an investigation is important. The time cost of every activity in an examination ... more info

... more info	Timing is Critical
Timing is critical throughout an investigation and even more so at the beginning of an investigation. During the early stages of the investigation it ... more info

... more info	Triage is Proven in the Field
The benefits of field triage have been proven. It has been shown that quick and effective analysis of suspect evidence can be critical to a case. The ... more info

... more info	Triage Provides Direction for Investigations
Triage at the scene helps to provide time sensitive investigative and interview leads. It also helps to provide helpful direction for later ... more info

... more info	TUCOFS
TUCOFS - The Ultimate Collection of Forensic Software is a general list of Windows and UNIX forensics tools.

... more info	Turning On Software Write Blocking
When creating a forensically sound image of a suspect drive, care must be taken to insure that the suspect evidence is not compromised. This is ... more info

... more info	Unfreezing A FireWire Bus That Has Hung
On occasion FireWire buses can hang and stop responding. Should you run into this issue, here's are the suggested steps to resolve it. If you have a ... more info

... more info	USB Device History
USB has become one of the main standards to connecting all types of devices to computers these days. With the dropping prices of personal flash ... more info

... more info	Using FileDefense to Stop Malware
FileDefense changes the way your OS operates by adding a layer of security at the layer that we feel is the most important - the file access layer. ... more info

... more info	Verification of System Information
Being able to confirm that there have been no change made to a suspects system or evidence between the time of seizure and the lab investigation can ... more info

... more info	VersionTracker.com
This is the most comprehensive list of software for Mac OS X software. Updated fulltime, all the time. Highly recommended. Click here to visit this ... more info

... more info	View Web Cache Data on Mac OS X
Web caches store copies of documents the user has accessed on the internet in order to reduce server access time when visiting that site again. The ... more info

... more info	Viewing Recently Accessed Windows Files
The Windows Registry stores a wealth of information that can be helpful to a forensic investigator during an examination. Knowing which documents ... more info

... more info	Viruslist.com
Viruslist.com - Permanently replenishing information about new viruses. Mechanisms of breeding and operation, detailed analysis of algorithms of ... more info

... more info	What is Live Forensics?
Live forensics considers the value of the data that may be lost by powering down a system and collect it while the system is still running. The other ... more info

... more info	Why Won't My Acquired Disk Image Mount on The Desktop
Does your acquired disk image refuse to mount on the desktop? If you have selected the option to turn off Disk Arbitration when MacForensicsLab ... more info

... more info	WindowsITPro Security
WindowsITPro Security is the leading independent, impartial source of practical, technical information to help IT professionals better understand and ... more info

... more info	WindowsSecurity.com
WindowsSecurity.com contains network security articles for Windows Server 2003, 2008, & Vista