Welcome To digitalforensics.ch
Bruce Nikkel's Computer Forensics Homepage
A little about me:
I head the IT investigation and forensics team at a global financial institution based in Switzerland. I have a PhD in the field of network forensics and have specialized in computer security since 1996. My research interests are in various areas of digital forensics and information security.
Any feedback or comments on this site or its content are welcome. Email me at nikkel@digitalforensics.ch
My Public Papers and Presentations
Corporate IT Forensics in the New Decade
Presented at the InfoSecurity Summit in Hong Kong, March 2010
Presented at an intellectual property workshop in Zurich, April 2010
Slides are here:
PDF
Forensic analysis of GPT disks and GUID partition tables
Digital Investigation, The International Journal of Digital Forensics
and Incident Response, Vol 6, No 1-2 (Sept 2009)
The original version published by Elsevier can be found here:
doi:10.1016/j.diin.2009.07.001
My current version can be found here:
PDF
Practical Computer Forensics using Open Source Tools
Presented to /ch/open, the Swiss Open Systems User Group
Technopark, Zurich, June 12, 2008
(Intended for Unix/Linux experts learning forensics)
Slides are here:
PDF
An introduction to investigating IPv6 networks
Digital Investigation, The International Journal of Digital Forensics
and Incident Response, Vol 4, No 2 (July 2007)
The original version published by Elsevier can be found here:
doi:10.1016/j.diin.2007.06.001
(DI Journal's top downloaded paper in 2007!)
My current version can be found here:
PDF
A portable network forensic evidence collector
Digital Investigation, The International Journal of Digital Forensics
and Incident Response, Vol 3, No 3 (Oct 2006)
The original version published by Elsevier can be found here:
doi:10.1016/j.diin.2006.08.012
My current version can be found here:
PDF
Improving evidence acquisition from live network sources
Digital Investigation, The International Journal of Digital Forensics
and Incident Response, Vol 3, No 2 (May 2006)
The original version published by Elsevier can be found here:
doi:10.1016/j.diin.2006.05.002
My current version can be found here:
PDF
The Role of Digital Forensics within a Corporate Organization
Presented to a banking security group in Vienna, May 2006
A condensed version of these slides was presented to the Gartner IT Security
Summit in London, Sept 2006
Slides are here:
PDF
Digital Forensics using Linux and Open Source Tools
Seminar given at Cranfield University on Sept 26, 2005
(Intended for forensics experts learning Unix/Linux)
Slides are here:
PDF
(White)
(2/page)
(4/page)
(6/page)
Generalizing sources of live network evidence
Digital Investigation, The International Journal of Digital Forensics
and Incident Response, Vol 2, No 3 (September 2005)
The original version published by Elsevier can be found here:
doi:10.1016/j.diin.2005.08.001
My current version can be found here:
PDF
Forensic acquisition and analysis of magnetic tapes
Digital Investigation, The International Journal of Digital Forensics
and Incident Response, Vol 2, No 1 (February 2005)
The original version published by Elsevier can be found here:
doi:10.1016/j.diin.2005.01.007
My current version can be found here:
PDF (includes several technical corrections)
Domain Name Forensics: A Systematic Approach to Investigating an
Internet Presence
Digital Investigation, The International Journal of Digital Forensics
and Incident Response, Vol 1, No 4 (November 2004)
The original version published by Elsevier can be found here:
doi:10.1016/j.diin.2004.10.001
My current version can be found here:
PDF
Some useful links
News and Forums
An amazing source of documentation and forensic resources
www.e-evidence.info
A slashdot style forensic site
www.forensicfocus.com
A good source for tech news
www.slashdot.org
Good places to find opensource tools
www.sourceforge.org
www.freshmeat.net
(Many troubleshooting or conversion tools can be used for investigative
purposes)
Journals and Newsletters
IJDE, the International Journal of
Digital Evidence
Digital
Investigation, The International Journal of Digital Forensics and
Incident
Response
The Sleuth Kit
Informer
IEEE
Transactions on Information Forensics and Security
Some tools that I use extensively...
The popular feature-rich commercial tool: Encase
A good Linux boot CD with many tools, designed with forensics in mind:
Helix
A great opensource forensics toolkit based on TCT:
Sleuthkit
A powerful trio of tools for network analysis:
tcpdump
ssldump
tcpflow