Go Get it on the Web Links

This page lists the latest Go Get it on the Web links from the IR3E book.

Chapter One

• NIST Special Publication 800-61: nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf (updated Feb 19, 2015)
• Title 18 of the U.S. Code, § 1030: www.law.cornell.edu/uscode/text/18/1030
• U.S. Department of Justice “Prosecuting Computer Crimes” manual: www.justice.gov/criminal/cybercrime/docs/ccmanual.pdf
• MSDN DLL Search Order Documentation: msdn.microsoft.com/en-us/library/ms682586(VS.85).aspx
• Mandiant DLL Search Order Hijacking Blog: www.fireeye.com/blog/threat-research/2010/08/dll-search-order-hijacking-revisited.html (updated March 20, 2016)

Chapter Two

• OpenIOC Home Page: openioc.org
• MITRE CybOx Home Page: cyboxproject.github.io (updated March 20, 2016)
• YARA Home Page: plusvic.github.io/yara
• Mandiant IOC Editor: www.fireeye.com/services/freeware/ioc-editor.html (updated March 20, 2016)
• YARA Articles and Tools: www.deependresearch.org/2013/02/yara-resources.html
• Request Tracker for Incident Response Home Page: bestpractical.com/rtir

Chapter Three

• SANS InfoSec Policy Templates: sans.org/security-resources/policies
• ISO InfoSec Standards Guidelines (27002:2013): www.iso.org/iso/home/store/catalogue_ics/catalogue_detail_ics.htm?csnumber=54533
• Free E-Mail S/MIME Certificate: No current recommendation. (updated March 25, 2019)
• Commercial S/MIME Certificate: www.globalsign.com/en/secure-email (updated March 20, 2016)
• SANS Institute Home Page: www.sans.org
• Free Whole Disk Encryption: TrueCrypt is no longer recommended. For Windows, use BitLocker. For other platforms, consult your provider. (updated Match 25, 2019)
• Encrypted Portable Media: https://www.apricorn.com/flash-keys
• Commercial Whole Disk Encryption: www.mcafee.com/us/products/complete-data-protection.aspx
• BackTrack Live CD: www.backtrack-linux.org
• Caine Live CD: www.caine-live.net
• Helix Live CD: www.e-fense.com
• Password Hash Dumper: foofus.net/goons/fizzgig/fgdump
• Password Hash Rainbow Tables: www.freerainbowtables.com
• Password Hash Rainbow Table Cracker: sourceforge.net/projects/rcracki
• Centralized Logging Agents (Snare): www.intersectalliance.com/our-product/snare-agent
• NIST Computer Security Resource Center: csrc.nist.gov
• ISO InfoSec Standards: iso27001security.com
• DNS Blackhole with FreeBSD: www.pintumbler.org/Code/dnsbl
• DNS Blackhole with Windows: cyber-defense.sans.org/blog/2010/08/31/windows-dns-server-blackhole-blacklist

Chapter Four

• No links

Chapter Five

• Practical Malware Analysis Labs: practicalmalwareanalysis.com/labs
• Domain Name RFC: https://tools.ietf.org/html/rfc1035
• Snort IDS: manual.snort.org
• FBI Infragard: www.infragard.org
• Financial Industry Security Collaboration: www.fsisac.com
• U.S. Defense Industrial Base Security Collaboration: dibnet.dod.mil

Chapter Six

• No links

Chapter Seven

• RFC Guidelines for Evidence Collection: www.ietf.org/rfc/rfc3227.txt
• Free Live Response Tool: www.fireeye.com/services/freeware/redline.html (updated March 20, 2016)
• Free Open Ports Tool: www.softpedia.com/get/Network-Tools/Network-Information/DiamondCS-OpenPorts.shtml
• Microsoft Autoruns Tool: technet.microsoft.com/en-us/sysinternals/bb963902.aspx
• Loaded Windows Drivers List: www.nirsoft.net/utils/driverview.html
• Open Files List: www.nirsoft.net/utils/opened_files_view.html
• Microsoft Process List: technet.microsoft.com/en-us/sysinternals/bb896682.aspx
• Microsoft Log Parser: www.microsoft.com/en-us/download/details.aspx?id=24659

• Windows Checksum Tools: code.kliu.org/misc/hashutils

• AccessData Downloads: accessdata.com/product-download?/support/product-downloads (updated Feb 19, 2015)
• Windows Memory Imaging Tool: sourceforge.net/projects/mdd
• Windows Memory Imaging Tool: www.fireeye.com/services/freeware/memoryze.html (updated March 20, 2016)
• Windows Memory Imaging Tool: www.moonsols.com/windows-memory-toolkit
• Microsoft User Mode Process Dumper: www.microsoft.com/en-us/download/details.aspx?id=4060
• Microsoft Process Dumper: technet.microsoft.com/en-us/sysinternals/dd996900.aspx
• Windows Process Dumper: ntsecurity.nu/toolbox/pmdump
• Linux Live Response Tool Downloads: sourceforge.net/projects/linres
• Apple OS X Live Data Collection Resources: www.appleexaminer.com

• Apple OS X Live Collection Ideas: www.appleexaminer.com/MacsAndOS/Analysis/InitialDataGathering/InitialDataGathering.html

• Linux Memory Imager: github.com/504ensicsLabs/LiME (updated Feb 19, 2015)
• Linux Memory Imager Downloads: N/A (updated Feb 19, 2015)
• OS X Memory Imager: www.fireeye.com/services/freeware/memoryze-for-the-mac.html (updated March 20, 2016)
• OS X Memory Imager: cybermarshal.com/index.php/cyber-marshal-utilities/mac-memory-reader (link dead, no further information, Feb 19, 2015)
• Linux Process Dumping and Analysis Tools: www.gnu.org/software/gdb

Chapter Eight

• NIST Computer Forensic Tool Testing: www.cftt.nist.gov (updated March 20, 2016)
• Hardware Write Blockers: www.guidancesoftware.com/products/Pages/tableau/overview.aspx
• Hardware Write Blockers: www.cru-inc.com/products/wiebetech
• Open Source Media Imaging Tool: sourceforge.net/projects/dcfldd
• Open Source Media Imaging Tool: sourceforge.net/projects/dc3dd
• Free Closed Source Media Imaging Tool (FTK): www.accessdata.com
• Commercial Closed Source Media Imaging Tool (EnCase): www.guidancesoftware.com/encase-forensic  (updated March 20, 2016)

Chapter Nine

• Snort IDS: www.snort.org
• Suricata IDS: oisf.net (updated March 20, 2016)
• Sourcefire IDS: www.sourcefire.com
• RSA NetWitness IDS: www.emc.com/security/rsa-netwitness.htm
• Snort IDS Documentation: manual.snort.org
• Network Flow Data Solution: qosient.com/argus
• Open Source NetFlow Tools: code.google.com/p/flow-tools
• Packet Capture Hardware Considerations: conferences.sigcomm.org/imc/2010/papers/p206.pdf
• 10Gb Packet Capture Hardware: www.net.t-labs.tu-berlin.de/papers/SWF-PCCH10GEE-07.pdf
• Open Source Linux-based IDS/NSM/Log Management: https://github.com/Security-Onion-Solutions/security-onion (updated March 25, 2019)
• Security Onion Documentation: github.com/Security-Onion-Solutions/security-onion/wiki/IntroductionToSecurityOnion (updated March 20, 2016)
• Open Source Packet Capture and Analysis Tool: www.wireshark.org
• Open Source SQL Injection Tool: sqlmap.org
• Open Source Packet Capture Utilities: wiki.wireshark.org/Tools
• Closed Source Packet Capture and Analysis Tool: www.emc.com/security/rsa-netwitness.htm#!freeware

Chapter Ten

• DHCP Specification: tools.ietf.org/html/rfc2131
• Windows DHCP Log File Documentation: technet.microsoft.com/en-us/library/dd183591(v=ws.10).aspx
• Windows DHCP Log File Documentation: technet.microsoft.com/en-us/library/dd759178.aspx
• Open Source DHCP Server: www.isc.org/downloads/dhcp
• DNS Concepts RFC: tools.ietf.org/html/rfc1034
• DNS Specification RFC: tools.ietf.org/html/rfc1035
• DNS Packet Capture and Logging Tool: www.dns-oarc.net/tools/dnscap
• Windows Enterprise Management Tool (Landesk): www.landesk.com/products/management-suite
• Landesk Registry Documentation: community.landesk.com/support/docs/DOC-7062
• Open Source Windows Registry Parsing and Analysis Tool: github.com/keydet89 (updated March 20, 2016)
• Open Source Python Landesk Registry Parsing Tool: github.com/jprosco/registry-tools
• Open Source Python Windows Registry Library: github.com/williballenthin/python-registry
• Windows Enterprise Management Tool (SEP): www.symantec.com/products/threat-protection/endpoint-management/client-management-suite (updated March 20, 2016)
• SEP Documentation: support.symantec.com/en_US/article.DOC4729.html (updated March 20, 2016)
• SEP Documentation: www.symantec.com/products/threat-protection/endpoint-family/endpoint-protection (updated March 20, 2016)
• SEP Documentation: support.symantec.com/en_US/article.TECH100099.html (updated March 20, 2016)
• SEP Quarantine Extract Tool: www.symantec.com/connect/sites/default/files/11xQextract.zip
• SEP Quarantine Extract Tool: www.symantec.com/connect/sites/default/files/12.1Qextract.zip
• VBN Decoder: jamaaldev.blogspot.com/2013/06/symantec-quarantined-vbn-file-decoder.html
• Commercial Anti-Virus Tool (McAfee): www.mcafee.com/us/products/virusscan-enterprise.aspx

• McAfee Documentation: kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/22000/PD22941/en_US/vse_880_product_guide_en-us.pdf

• McAfee Threat Center: www.mcafee.com/us/threat-center.aspx
• Commercial Anti-Virus Tool (Trend Micro): www.trendmicro.com/us/enterprise/product-security/officescan/index.html
• Trend Micro Documentation: trendedge.trendmicro.com/pr/tm/te/document/OfficeScan_10_Report_Mappings_091130.pdf

• Trend Micro Documentation: docs.trendmicro.com/all/ent/officescan/v10.6/en-us/osce_10.6_olhsrv/ohelp/scan/scanactvmec.htm

• HTTP Specification RFC: www.ietf.org/rfc/rfc2616.txt
• X-Forwarded-For Information: support.f5.com/kb/en-us/solutions/public/4000/800/sol4816.html
• Open Source Web Server(Apache HTTPD): httpd.apache.org
• Apache HTTPD Documentation: httpd.apache.org/docs/2.4/logs.html
• Closed Source Web Server (Microsoft IIS): www.iis.net
• IIS Express Information: www.iis.net/learn/extensions/introduction-to-iis-express/iis-express-overview
• IIS Logging Information: blogs.iis.net/deanc/iis7-8-logging-the-real-client-ip-in-the-iis-hit-logs

• IIS Logging Information: www.iis.net/learn/extensions/advanced-logging-module/advanced-logging-for-iis-custom-logging

• IIS Logging Information: technet.microsoft.com/en-us/library/cc754702(v=ws.10).aspx
• Closed Source Database (Microsoft SQL Server): http://www.microsoft.com/en-us/server-cloud/products/sql-server-editions/sql-server-express.aspx
• Closed Source Database (Oracle): www.oracle.com/technetwork/database/enterprise-edition/downloads/index.html
• Open Source Database (MySQL): dev.mysql.com/downloads/mysql
• Microsoft SQL Server Database Forensics Whitepaper: www.blackhat.com/presentations/bh-usa-07/Fowler/Presentation/bh-usa-07-fowler.pdf
• Database Security Papers: www.davidlitchfield.com/security.htm
• Database Forensic Analysis Paper: airccse.org/journal/cseij/papers/2312cseij03.pdf
• Microsoft SQL Server File Locations: technet.microsoft.com/en-us/library/ms143547.aspx
• Microsoft SQL Server Error Log Location: support.microsoft.com/kb/966659

• Microsoft SQL Server Auditing: blogs.msdn.microsoft.com/sreekarm/2009/01/05/auditing-select-statements-in-sql-server-2008

• MySQL Server Log Documentation: dev.mysql.com/doc/refman/5.6/en/server-logs.html
• MySQL Server Query Log Documentation: dev.mysql.com/doc/refman/5.6/en/query-log.html
• MySQL Server Database Dump Information: dev.mysql.com/doc/refman/5.6/en/mysqldump.html
• Oracle Auditing Documentation: docs.oracle.com/cd/E11882_01/server.112/e10575/tdpsg_auditing.htm#TDPSG50000 (updated June 14, 2015)
• Oracle Security Guide: docs.oracle.com/database/121/DBSEG/toc.htm (updated Feb 19, 2015)
• Oracle Getting Started Guide: docs.oracle.com/database/121/NTDBI/startrdb.htm#NTDBI006 (updated Feb 19, 2015)

Chapter Eleven

• Open Source File Carving Tool (foremost): foremost.sourceforge.net

Chapter Twelve

• Advanced Format Drives and MFT Resident Data: traceevidence.blogspot.com/2013/03/a-quick-look-at-mft-resident-data-on.html
• Advanced Format Drives and MFT Resident Data: blogs.msdn.microsoft.com/ntdebugging/2011/06/28/ntfs-and-4k-disks
• Open Source Timestamp Manipulation Tool: github.com/jschicht/SetMace (updated Feb 19, 2015)
• Open Source Forensics Tool (Sleuthkit): www.sleuthkit.org/sleuthkit
• Open Source MFT Parser: github.com/jschicht/Mft2Csv (updated Feb 19, 2015)
• Open Source MFT Parser: github.com/dkovar/analyzeMFT
• Open Source Timeline Analysis Tool (Plaso): github.com/log2timeline/plaso/wiki
• NTFS INDX Buffer Analysis Blog Article: www.fireeye.com/blog/threat-research/2012/09/striking-gold-incident-response-ntfs-indx-buffers-part-1.html
• Open Source NTFS INDX Buffer Parser: github.com/williballenthin/INDXParse
• NTFS USN Record Structure Documentation: msdn.microsoft.com/en-us/library/aa365722.aspx
• Microsoft Fsutil Documentation: technet.microsoft.com/en-us/library/cc788042(v=ws.10).aspx
• Open Source NTFS LogFile and UsnJrnl Parser: github.com/jschicht/LogFileParser
• Closed Source NTFS Journal Parser: tzworks.net/prototype_page.php?proto_id=5
• Open Source NTFS UsnJrnl Parser: code.google.com/p/parser-usnjrnl
• Open Source NTFS Volume Shadow Shapshot (VSS) Tool: github.com/libyal/libvshadow (updated Feb 19, 2015)
• Free Closed Source Volume Shadow Tool: www.shadowexplorer.com
• Open Source Volume Shadow Toolkit: dfstream.blogspot.com/p/vsc-toolset.html
• Microsoft Filesystem Redirector Documentation: msdn.microsoft.com/en-us/library/windows/desktop/aa384187(v=vs.85).aspx
• Prefetch File Format Documentation: www.forensicswiki.org/wiki/Windows_Prefetch_File_Format
• Free Closed Source Prefetch Analysis Tool: www.nirsoft.net/utils/win_prefetch_view.html
• Closed Source Prefetch Analysis Tool: www.tzworks.net/prototype_page.php?proto_id=1
• Free Closed Souce Prefetch Analysis Tool: redwolfcomputerforensics.com/index.php?option=com_content&task=view&id=42&Itemid=55 (link dead, no further information, Feb 19, 2015)
• Windows Event Log Event Information: www.myeventlog.com
• Windows Event Log Event Information: www.eventid.net
• Windows Event 540 Documentation: msdn.microsoft.com/en-us/library/aa380129
• Windows Event Log Fix Tool: murphey.org/fixevt.html
• Windows At Command Documentation: technet.microsoft.com/en-us/library/bb490866.aspx
• Windows Schtasks Command Documentation: technet.microsoft.com/en-us/library/bb490996.aspx
• Windows .JOB File Format Documentation: msdn.microsoft.com/en-us/library/cc248285.aspx
• Open Source Python .JOB File Parser: gleeda.blogspot.com/2012/09/job-file-parser.html
• Windows Registry Value Type Documentation: msdn.microsoft.com/en-us/library/windows/desktop/ms724884(v=vs.85).aspx
• Windows HKEY_CLASSES_ROOT Documentation: msdn.microsoft.com/library/windows/desktop/ms724475.aspx
• Windows Registry Timestamp Manipulation Tool: code.google.com/p/mft2csv/wiki/SetRegTime
• Windows Registry WOW64 Information: msdn.microsoft.com/en-us/library/windows/desktop/aa384253(v=vs.85).aspx
• Windows Registry Reflection Documentation: msdn.microsoft.com/en-us/library/windows/desktop/aa384235(v=vs.85).aspx
• Windows Audit Policy Locations in the Registry: support.microsoft.com/kb/246120
• Windows Well-Known Security Identifiers: support.microsoft.com/kb/243330
• Shim Cache (aka AppCompatCache) Parser Whitepaper: dl.mandiant.com/EE/library/Whitepaper_ShimCacheParser.pdf
• Open Source Shim Cache Parser: github.com/mandiant/ShimCacheParser
• Windows Registry Services Key Information: support.microsoft.com/kb/103000
• Windows Sc Command Documentation: technet.microsoft.com/en-us/library/cc754599.aspx
• Windows Shell Extension Handlers Documentation: msdn.microsoft.com/en-us/library/windows/desktop/cc144110(v=vs.85).aspx
• Windows Shellbag Whitepaper: www.dfrws.org/2009/proceedings/p69-zhu.pdf
• Windows 7 Shellbags Blog Article: digital-forensics.sans.org/blog/2011/07/05/shellbags
• Open Source Windows Shellbag Parser: github.com/williballenthin/shellbags
• Closed Source Windows Shellbag Parser: www.tzworks.net/prototype_page.php?proto_id=14
• Free Closed Source Windows Userassist Viewer: www.nirsoft.net/utils/userassist_view.html
• Free Closed Source Windows Userassist Tool: blog.didierstevens.com/2012/07/19/userassist-windows-2000-thru-windows-8
• Free Closed Source Windows MUI Tool: www.nirsoft.net/utils/muicache_view.html
• Closed Source Windows Link File Parsing Tool: tzworks.net/prototype_page.php?proto_id=11
• Open Source Windows Link File Parsing Tool: code.google.com/p/simple-file-parser
• Open Source Windows Jump File Parsing Tool: www.woanware.co.uk/forensics/jumplister.html
• Closed Source Windows Jump File Parsing Tool: tzworks.net/prototype_page.php?proto_id=20
• Windows Process to User Memory Analysis Blog Article: moyix.blogspot.com/2008/08/linking-processes-to-users.html
• Windows Memory Analysis Whitepaper: www.dfrws.org/2007/proceedings/p62-dolan-gavitt.pdf
• Windows Password Hash Tool: blog.gentilkiwi.com/mimikatz
• Free Closed Source Memory Imaging Tool (FTK Imager): accessdata.com/product-download?/support/product-downloads (updated Feb 19, 2015)
• Commercial Memory Imaging Tool (Moonsols): www.moonsols.com/resources
• Free Closed Source Memory Imaging Tool (Memoryze): www.fireeye.com/services/freeware/memoryze.html
• Free Closed Source Memory Analysis Tool (Redline): www.fireeye.com/services/freeware/redline.html

Chapter Thirteen

• Cross-platform Media and File Hex Editor: apps.tempel.org/iBored
• Open Source Repository for OS X: www.macports.org
• Log Management Solution: www.elastic.co/products/logstash
• Log Analysis Solution (Sawmill): www.sawmill.net
• Log Analysis Solution (Splunk): www.splunk.com
• Wi-Fi Geolocation Tool: github.com/hubert3/iSniff-GPS
• Wi-Fi Geolocation Engine: wigle.net

Chapter Fourteen

• Filesystem Hierarchy Standard: www.samba.org/~cyeoh
• Forensics Wiki: www.forensicswiki.org
• Forensic Focus: www.forensicfocus.com
• Commercial Forensic Suite (EnCase): www.guidancesoftware.com/encase-forensic
• Commercial Forensic Suite (FTK): accessdata.com/solutions/digital-forensics/forensic-toolkit-ftk?/solutions/digital-forensics/ftk (updated Feb 19, 2015)
• Commercial Browser Forensics Tool (NetAnalysis): www.digital-detective.net/digital-forensic-software/netanalysis
• Commercial Browser Forensics Tool (Internet Evidence Finder): www.magnetforensics.com/mfsoftware/internet-evidence-finder
• Free Closed Source Browser History Tool (Nirsoft): www.nirsoft.net/utils/browsing_history_view.html
• Free Closed Source Browser History Tool (Redline): www.fireeye.com/services/freeware/redline.html
• Open Source Internet Explorer Cache File Tool: github.com/libyal/libmsiecf (updated Feb 19, 2015)
• Open Source Internet Explorer ESE Database Tool: github.com/libyal/libesedb (updated Feb 19, 2015)
• MSIE ESE Database Blog Article: articles.forensicfocus.com/2013/12/10/forensic-analysis-of-the-ese-database-in-internet-explorer-10
• Free Closed Source IE Cache Tool (Nirsoft): www.nirsoft.net/utils/ie_cache_viewer.html
• Free Closed Source IE History Tool (Nirsoft): www.nirsoft.net/utils/iehv.html
• Free Closed Source IE Cookie Tool (Nirsoft): www.nirsoft.net/utils/iecookies.html
• Free Closed Source ESE Database Tool (Nirsoft): www.nirsoft.net/utils/ese_database_view.html
• Free Closed Source IE (old) Password Tool (Nirsoft): www.nirsoft.net/utils/pspv.html
• Free Closed Source IE (newer) Password Tool (Nirsoft): www.nirsoft.net/utils/internet_explorer_password.html
• Google Chrome Timestamp Blog Article: linuxsleuthing.blogspot.com/2011/06/decoding-google-chrome-timestamps-in.html
• Open Source SQLite Database Viewer (SQLite Browser): github.com/sqlitebrowser/sqlitebrowser (updated 27 Feb, 2015)
• Open Source SQLite Database Viewer (SQLite Manager): addons.mozilla.org/en-us/firefox/addon/sqlite-manager
• Open Source SQLite Database Viewer (SQLite): www.sqlite.org/download.html
• Open Source Scripting Language: www.perl.org
• Open Source Scripting Language: www.python.org
• Free Closed Source Chrome History Tool (Nirsoft): www.nirsoft.net/utils/chrome_history_view.html
• Free Closed Source Chrome Cache Tool (Nirsoft): www.nirsoft.net/utils/chrome_cache_view.html
• Open Source Chrome Forensics Tool: www.woanware.co.uk/forensics/chromeforensics.html
• Open Source Chrome History Tool: github.com/obsidianforensics/hindsight
• Firefox Cache Format Blog Article: articles.forensicfocus.com/2012/03/09/firefox-cache-format-and-extraction
• Firefox Cache Forensics Article: code.google.com/p/firefox-cache-forensics/wiki/FfFormat
• Free Closed Source Firefox History Tool (Nirsoft): www.nirsoft.net/utils/mozilla_history_view.html
• Free Closed Source Firefox Cookie Tool (Nirsoft): www.nirsoft.net/utils/mzcv.html
• Free Closed Source Firefox Cache Tool (Nirsoft): www.nirsoft.net/utils/mozilla_cache_viewer.html
• Free Closed Source Firefox Downloads Tool (Nirsoft): www.nirsoft.net/utils/firefox_downloads_view.html
• SMTP Header Analysis Article: www.arclab.com/en/kb/email/how-to-read-and-analyze-the-email-header-fields-spf-dkim.html
• SMTP Header Forensics: airccse.org/journal/nsa/1111nsa17.pdf (updated Feb 19, 2015)
• Google SMTP Header Analysis: toolbox.googleapps.com/apps/messageheader
• Commercial Email Forensics Tool (Aid4mail): www.aid4mail.com/email-forensics
• Commercial Email Forensics Tool (Emailchemy): www.weirdkid.com/products/emailchemy
• Web-Based Email Artifacts Blog Article: www.forensicfocus.com/email-evidence-now-you-see-it
• Web-Based Email Artifacts Blog Article: www.magnetforensics.com/computer-forensics/forensic-email-analysis-browser-artifacts-you-may-find (Updated June 14, 2015)
• Web-Based Email Artifacts Blog Article: www.magnetforensics.com/mobile-forensics/webmail-forensics-part-2-android-and-ios (Updated June 14, 2015)
• Web-Based Email Forensics Whitepaper: www.blackhat.com/presentations/bh-usa-03/bh-us-03-akin.pdf
• Web-Based Email Artifacts Blog Article: www.hecfblog.com/2013/09/daily-blog-95-webmail-artifacts-from.html
• Browser Artifacts Forensic Tool (Internet Evidence Finder): www.magnetforensics.com/software/internet-evidence-finder
• Browser Artifacts Forensic Tool (NetAnalysis): www.digital-detective.net/digital-forensic-software/netanalysis
• Browser Artifacts Forensic Tools (Internet Examiner): www.siquest.com
• Open Source Microsoft Email Storage Parser: github.com/libyal/libpff (updated Feb 19, 2015)
• Commercial File Searching Tool: www.powergrep.com
• Free Closed Source Email Conversion Tool: www.cosmicsoft.net/emlxconvert.html
• Open Source Email Client: www.mozilla.org/en-US/thunderbird
• Closed Source IM Client: www.skype.com
• Free Closed Source SQLite Tool: www.yunqa.de/delphi/products/sqlitespy/index
• Commercial Skype Anlysis Tool (SkypeAlyzer): www.sandersonforensics.com
• Commercial Skype Analysis Tool (Skype Analyzer): home.belkasoft.com/en/bsa/en/Skype_Analyzer.asp
• Free Closed Source Skype Log Tool (Nirsoft): www.nirsoft.net/utils/skype_log_view.html
• Free Closed Source Skype Log Tool (Skype-Parser): redwolfcomputerforensics.com/index.php?option=com_content&task=view&id=42&Itemid=55 (link dead, no further information, Feb 19, 2015)
• Skype IM Artifacts Forensic Tool (Internet Evidence Finder): www.magnetforensics.com
• AOL Instant Messenger: www.aim.com
• Free Closed Source Timestamp Decoder: www.digital-detective.net/digital-forensic-software/free-tools

Chapter Fifteen

• Virtualization Product (VMware): www.vmware.com/products/workstation
• Open Source MD5 Hash Tool (md5deep): md5deep.sourceforge.net
• Free Closed Source Hash Tool (DigetstIT): www.colonywest.us/digestit
• Free Closed Source Windows MD5 Tool (Winmd5): www.winmd5.com
• Free Hash Search Database (Fileadvisor): fileadvisor.bit9.com (dead as of March 20, 2016, no further information)
• Free Hash Search Database (Virustotal): www.virustotal.com
• Free Hash Search Database (Threatexpert): www.threatexpert.com
• Free Hash Database (NIST NSRL): www.nsrl.nist.gov
• Free Hash Search Database (SANS hosted NSRL): isc.sans.edu/tools/hashsearch.html (error, no further information, Feb 19, 2015)
• Open Source NSRL Database Query Service: rjhansen.github.io/nsrlsvr
• Open Source NSRL Database QueryClient: rjhansen.github.io/nsrllookup
• Free NSRL Database Query Server: www.kyrus-tech.com/nsrlookup-service-beta (error, no further information, Feb 19 ,2015)
• Free Closed Source Hex Editor(FileInsight): www.mcafee.com/us/downloads/free-tools/fileinsight.aspx
• Commercial Closed Source Hex Editor (010 Editor): www.sweetscape.com/010editor
• Microsoft PE and COFF Specification: msdn.microsoft.com/en-us/windows/hardware/gg463119.aspx
• Microsoft PE and COFF Specification: msdn.microsoft.com/library/windows/hardware/gg463125
• Open Source Unix-like Environment: www.cygwin.com
• Malware Analysis Toolkit: github.com/dzzie/MAP
• Microsoft Strings Utility: technet.microsoft.com/en-us/sysinternals/bb897439.aspx
• Microsoft Developer Network Website: msdn.microsoft.com
• Free Closed Source PEiD Download Page: www.softpedia.com/progDownload/PEiD-updated-Download-4102.html
• Free Closed Source PEiD Kanal Encryption Routine Plugin: www.softpedia.com/get/Programming/Other-Programming-Files/Kanal.shtml
• Other PEiD Plugins: www.softpedia.com/downloadTag/PEiD+plugin
• Free Closed Source PEView Download: wjradburn.com/software
• Free Closed Source Explorer Suite PE Viewer: www.ntcore.com/exsuite.php
• Free Closed Source Dependency Tool (Dependency Walker): www.dependencywalker.com
• Free Closed Source Debug Tool: www.ollydbg.de
• OllyDbg Plugins: www.openrce.org/downloads/browse/OllyDbg_Plugins
• Commercial Sandbox Appliance (previously Norman Sandbox): www.bluecoat.com/products/malware-analysis-appliance
• Publicly Available Malware Analysis Sandbox (previously GFI): www.threattracksecurity.com/resources/sandbox-malware-analysis.aspx (updated May 8, 2015)
• Microsoft Process Monitor Tool: technet.microsoft.com/en-us/sysinternals/bb896645.aspx
• Microsoft Process Explorer Tool: technet.microsoft.com/en-us/sysinternals/bb896653.aspx
• Microsoft Handle Tool: technet.microsoft.com/en-us/sysinternals/bb896655.aspx
• Open Source Packet Capture and Analysis Tool: www.wireshark.org

Chapter Sixteen

• Technical Writing Guide: www.eecs.qmul.ac.uk/~norman/papers/good_writing/Technical%20writing.pdf

Chapter Seventeen

• No links

Chapter Eighteen

• No links