Spring 2013: Syllabus for CIS-4385
Windows Forensics Introduction
Unix/Linux Forensics Introduction
2008-08-11: Plastic Keys to Physical Locks: Researchers Crack Medeco High-Security Locks With Plastic Keys
2008-08-22: An Email about an intrusion at Redhat's Fedora: Infrastructure report, 2008-08-22 UTC 1200
2009-02-10: Data breach at FAA: FAA reports 45,000 data records pilfered from server
2009-04-01: Spam Back to 94% of All E-Mail
* 2009-05-15: Backup woes at Avsim: Hackers 'destroy' flight sim site
* 2009-07-23: Adobe Flash woes: New attacks exploit vuln in (fully-patched) Adobe Flash
* 2009-10-16: Big-Box Breach: The Inside Story of Wal-Mart's Hacker Attack
2009-10-22: FBI and SOCA plot cybercrime smackdown: White hats get proactive on e-crime
* 2010-01-20: Fearing Hackers Who Leave No Trace
2010-01-20: More Researchers Going On The Offensive To Kill Botnets
2010-02-04: Identifying almost identical files using context triggered piecewise hashing
2010-02-04: Using Every Part of the Buffalo in Windows Memory Analysis
2010-02-04: Using Hashing to Improve Volatile Memory Forensic Analysis
* 2010-02-05: Hacking for Fun and Profit in China's Underworld
* 2010-02-05: US oil industry hit by cyberattacks: Was China involved?
2010-02-06: FATKit: A Framework for the Extraction and Analysis of Digital Forensic Data from Volatile System Memory.
* 2010-02-19: Modern banker malware undermines two-factor authentication
* 2010-02-19: Broad New Hacking Attack Detected.
* 2010-02-19: The Kneber botnet - FAQ.
2010-02-19: The creation of a rogue CA certificate via an MD5 collision story: MD5 considered harmful today: Creating a rogue CA certificate.
2010-02-19: Why the Windows Registry sucks... technically
* 2010-02-23: Keyloggers: Churchill High grade scheme may involve half-dozen students; apparently, from other stories on this incident, the students may have picked this up from Youtube, which hosted videos on install keyloggers, including ones showing how to create trojans to install keyloggers (search Youtube for "Ardamax", for instance.)
* 2010-03-08: A classic: No Stone Unturned
* 2010-03-16: What we know (and learned) from the Waledac takedown
2010-04-01: Another classic on the Linux ELF format: A Whirlwind Tutorial on Creating Really Teensy ELF Executables for Linux.
2010-04-08: Older work on analyzing a binary
* 2011-01-04: Original Supreme Court materials on the Frye and Daubert standards.
2011-01-11: Security status of various hashes
2011-01-18: More odd stuff in the Windows registry: Stay Classy, Microsoft
2011-01-18: Electronic warfare: targeted malware: Israeli Test on Worm Called Crucial in Iran Nuclear Delay
2011-01-25: More printer vulnerabilities: Giving Hackers a Printed Invitation
2011-01-25: Improvements in Windows logging in 2008R2 and some versions of Windows 7:
2011-01-25: USB device claims that it is a keyboard, issues commands: Researchers turn USB cable into attack tool
2011-02-01: DDos arrests: Police arrest five men over Wikileaks-related 'Anonymous' denial of service attacks
2011-02-01: Infected PC Compromises Pentagon Credit Union
2011-02-01: Thumb Drive Attack in 2008 Compromised Classified U.S. Networks
2011-02-16: Foreign hackers attack Canadian government
2011-02-22: Man pockets $8m running computer fraud ring: Zombies dialed premium phone numbers
2011-02-24: New Financial Trojan Keeps Online Banking Sessions Open after Users 'Logout'
2011-02-24: A Good Decade for Cybercrime
2011-03-03: A Look Inside the Bustling Cybercrime Marketplace
2011-03-03: Anonymous speaks: the inside story of the HBGary hack
2011-03-03: Black ops: how HBGary wrote backdoors for the government
2011-03-29: New cybervirus found in Japan / Stuxnet designed to attack off-line servers via USB memory sticks
2011-04-08: Data Recovery in Linux (with TestDisk)
2011-06-06: How a cheap graphics card could crack your password in under a second
2011-08-02: Anatomy of a Unix breach
2011-09-12: Rent-a-Bot Networks Tied to TDSS Botnet
2011-11-04: Chaos Computer Club analyzes government malware
2011-11-14: Et tu, Boeing? FACT CHECK: SCADA Systems Are Online Now
2011-11-14: Underground call-centre for identity theft uncovered by security researchers
2011-11-14: The Dark Side Of Biometrics: 9 Million Israelis' Hacked Info Hits The Web
2011-11-14: The Underground Economy of Fake Antivirus Software (PDF)
2011-11-14: The Perfect Scam
2011-11-14: Who killed the fake-antivirus business?
2011-11-14: Russian police take a bite out of online crime
2011-11-28: Japan's continuing cybersecurity problems: Upper House confirms falling victim to cyber-attacks
2011-11-28: Japan's continuing cybersecurity problems: Only 45% of lawmakers changed passwords after cyber-attack
2011-11-30: Carrier IQ saga: Carrier IQ Tries to Silence Security Research Exposing Its Rootkit, gets Pinned Down by the EFF
2011-11-30: Carrier IQ saga: The Rootkit Of All Evil — CIQ
2011-11-30: Carrier IQ saga: Carrier IQ Tries to Censor Research With Baseless Legal Threat
2011-11-30: Carrier IQ saga: Smartphone Invader Tracks Your Every Move
2011-11-30: Carrier IQ saga: CarrierIQ
2011-11-30: Carrier IQ saga: Proof Published that Carrier IQ is Recording Key Presses and Location Data
2011-11-30: Carrier IQ saga: The Storm Is Not Over Yet — Lets Talk About #CIQ
2012-01-03: Carrier IP saga: Some Facts about Carrier IQ
2012-01-05: Govt working on defensive cyberweapon / Virus can trace, disable sources of cyber-attacks
2012-02-15: Ron is Wrong, Whit is Right
2012-03-15: Researchers Seek Help in Solving DuQu Mystery Language
2012-03-29: Organised Crime in the Digital Age Executive Summary
2012-03-29: NSA Chief: China Behind RSA Attacks
2012-04-02: Hunting Malware with Volatility
2012-04-02: CSI: Internet HQ — Series 1
2012-04-02: CSI: Internet HQ — Series 2
2012-04-02: W32.Duqu The precursor to the next Stuxnet
2012-04-19: OpenSSL flaw
2013-01-16: "Red October" Diplomatic Cyber Attacks Investigation
2013-02-18: FROST: Forensic Recovery Of Scrambled Telephones
2013-02-18: U.S. said to be target of massive cyber-espionage campaign
2013-02-20: APT1: Exposing One of China's Cyber Espionage Units
2013-02-25: Code certificate laissez-faire leads to banking Trojans
2013-02-25: Digging Into the Sandbox-Escape Technique of the Recent PDF Exploit
2013-02-27: Bizarre old-school spyware attacks governments, sports Mark of the Beast
2013-02-27: The MiniDuke Mystery: PDF 0-day Government Spy Assembler 0x29A Micro Backdoor
2013-02-27: Miniduke
2013-03-04: As Hacking Against U.S. Rises, Experts Try to Pin Down Motive
2013-03-04: Where Apps Meet Work, Secret Data Is at Risk
2013-03-06: Malware linked to Chinese hackers aims at Japanese government
2013-03-22: How whitehats stopped the DDoS attack that knocked Spamhaus offline
2013-04-08: How a banner ad for H&R Block appeared on apple.com - without Apple's OK
2013-04-22: Japanese Police Ask ISPS to Start Blocking TOR
I also highly recommend reading comp.risks (you can read it in rdf format at http://catless.ncl.ac.uk/rdigest.rdf, or via email — instructions are at http://www.csl.sri.com/users/risko/risksinfo.html) or adding its RSS feed at http://catless.ncl.ac.uk/risksatom.xml to your feed browser.