Cyberspace of Shujun LI >> Digital and Multimedia Forensics



This web page is a collection of resources for digital and multimedia forensics research. It covers not only research-oriented resources, but also those focusing on standards, best practices of law enforcement agencies and forensic professionals, legislation, accreditation, education and relevant media coverage.

General Resources

Web Sites

Digital Forensic Database @ Dartmouth College Forensics Wiki Forensics Focus Computer Forensics, Cybercrime and Steganography Resources @ Computer Forensics World Forensic 4cast Computer Forensics, Cybercrime and Steganography Resources Brian Carrier's Digital Investigation / Forensics and Evidence Research Kulesh Shanmugasundaram's Forensics Links Dave Dittrich's Forensics Links GCK's Cybercrime and Cyberforensics-related URLs Crime Scene Investigator Network Get Safe Online Crimestoppers (The Game of Fraud) Surrey Police Online Services Witness Confident (International Stop Cyberbullying Youth Summit) Crime Reduction Partnership News CIFAS - The UK's fraud prevention service (National Fraud Database, Internal Fraud Database) FraudAvengers™ National Trading Standards eCrime Team (NTSeCT) Consumer Fraud Forum emotion icon Forensic Multimedia Analysis Blog Windows Incident Response Blog The Digital Standard An Eye on Forensics A Fistful of Dongles The Apple Examiner Michael Spreitzenbarth's (mobile) forensic blog Muhammad Nuh Al-Azhar's Forensic Cop emotion icon Centre for Cyber Victim Counselling (CCVC)

Books and Reports

Standards and Best Practice Guides


US: Federal Evidence Review (Federal Rules of Evidence; Key Evidence Cases)

Journals, Magazines and Conferences

Forensics Tools, Exchange Formats and Datasets

General: Computer Forensics Tool Testing (CFTT) (Mobile Devices) National Software Reference Library (NSRL) National Repository for Digital Forensic Intelligence (NRDFI)
Data: Computer Forensic Reference Data Sets (CFReDS) Digital Forensics Tool Testing Images The disktype File System Sampler EDRM (Electronic Discovery Reference Model) Enron PST Data Set (EDRM Enron Email Data Set v2) emotion icon SEARCH: The Online Resource for Justice and Public Safety Decision Makers emotion icon Dresden Image Database (for source device identification) Columbia Uncompressed Image Splicing Detection Evaluation Dataset Columbia Image Splicing Detection Evaluation Dataset CASIA Tampered Image Detection Evaluation Database Image Manipulation Dataset @ University of Erlangen-Nuremberg DBForgery 1.0 @ IPLab, University of Catania, Italy Dataset of "Image Tamper Detection Based on Demosaicing Artifacts" @ Polytechnic Institute of NYU Dataset of "Digital Single Lens Reflex Camera Identification From Traces of Sensor Dust" @ Polytechnic Institute of NYU MICC Copy-Move Datasets (MICC-F2000, MICC-F600, MICC-F220, MICC-F8multi) BOSSBase

Commercial Software

Guidance Software: EnCase® Forensic (EnCase Forensic Academic Program) EnCase® Portable
Computer Forensics: AccessData Forensic Toolkit® (FTK®) X-Ways Forensics X-Ways Investigator Belkasoft Evidence Center Forensic Explorer Virtual Forensic Computing (VFC) Recover My Files Helix3 Pro Blade™ Passware Kit Forensic emotion icon Microsoft COFEE (Computer Online Forensic Evidence Extractor) Windows Forensic Environment (WinFE/Windows FE)
Multimedia Forensics: Digital Assembly (Adroit Photo Forensics 2013, SmartCarver for DC3 (DoD) Steg_Carver, Adroit Photo Recovery) Belkasoft Forgery Detection Plugin Recover My Photos Amped FIVE Amped Authenticate izitru Amped VideoScanner IMIX IMPRESS ZiuZ Forensic Microsoft PhotoDNA Adobe Audition
Anti-Forensics & Privacy Protection: WhiteCanyon Software Webroot® SecureAnywhere™ CyberScrub Windows & Internet Cleaner Pro Steganos Privacy Suite Winclear emotion icon Consumer Warning: Robin Hood Software and Evidence Eliminator

Open-Source Software and Freeware

Forensic Control's list of Free computer forensic tools

Computer Forensics: SANS SIFT Kit/Workstation: Investigative Forensic Toolkit CAINE (Computer Aided INvestigative Environment) Live CD DEFT Linux - Computer Forensics live CD Kali Linux (formerly known as BackTrack) Knoppix STD (Security Tools Distribution) FCCU GNU/Linux Forensic Boot CD @ Helix3 SMART Linux PlainSight (R)ecovery (I)s (P)ossible Linux rescue system Penguin Sleuth Kit SNARL J.A.F.A.T. - Archive of Forensics Analysis Tools Live Forensic Toolkit (LFT) @ Masterkey Linux emotion icon ALT Linux Rescue The Sleuth Kit (TSK) Grml Live Linux Matriux Pentoo emotion icon Open Source Digital Forensics AFFLIB (Advanced Forensics Format Library) (aimage – the Advanced Disk Imager, bulk_extractor, tcpflow — A TCP Flow Recorder; fiwalk, dfxml_tool) Digital Forensics Framework (DFF) Categorizer for Pictures (Ontario Provincial Police Electronic Crime Section) Foremost (file recovrey tool) Maltego Community Version NFI Defraser Forensic Acquisition Utilities LibForensics Live View FTimes PyFlag (Forensic and Log Analysis GUI) guymager PyDetective theharvester Registry Decoder Windows File Analyzer Free tools from DiskInternals Research (Linux Reader) Forensics Tools @ woanware emotion icon EnCase Forensic Imager Free Oxygen Forensic® Suite (Standard) Belkasoft Acquisition Tool (BelkaImager) Belkasoft RAM Capturer
Memory Forensics: The Volatility Framework: Volatile memory artifact extraction utility framework VOLIX (Volatility Interface & Extensions) volatility-ng volatilitux LiME - Linux Memory Extractor emotion icon Mandiant Redline® Mandiant Memoryze™ Memoryze™ for the Mac
Tools for Accessing Files and System Info: TestDisk DiskInternals Linux Reader Paragon ExtFS for Windows® Ext2Read analyzeMFT (a Python tool to deconstruct the Windows NTFS $MFT file) RegRipper python-registry Windows shellbag forensics PsLoggedOn GrokEVT Rifiuti (A Recycle Bin Forensic Analysis Tool) emotion icon Webscavator (a visualisation suite for the analysis of internet history) Pasco (An Internet Explorer activity forensic analysis tool) Galleta (An Internet Explorer Cookie Forensic Analysis Tool) libmsiecf (Library and tools to access the Microsoft Internet Explorer Cache File files) emotion icon file (Guesses file type based on magic header and footer values) libewf (a library for support of the Expert Witness Compression Format) INDXParse libesedb (Library and tools to access the Extensible Storage Engine Database File) liblnk (Library and tools to access the Windows Shortcut File) eCryptfs Parser emotion icon libnk2 (Library and tooling to support the Microsoft Outlook Nickfile) libpff (library and tools to analyze Microsoft Outlook Personal Folder Files) UnDBX (Tool to extract, recover and undelete e-mail messages from Outlook Express .dbx files) emotion icon Apache Tika (a content analysis toolkit) Apache PDFBox (a Java PDF Library) peepdf (PDF Analysis Tool)
Forensic Hashing Tools: ssdeep md5deep and hashdeep DeepToad (a library and a tool to clusterize similar files using fuzzy hashing) MD5Summer Quick Hash GUI emotion icon pHash: The open source perceptual hash library phasher: A naive perceptual hasher for php
Network Forensics: Spider @ Cornell Wireshark Netcat tcpdump (a powerful command-line packet analyzer) & libpcap (a portable C/C++ library for network traffic capture) NetSleuth NetworkMiner pytbull (a python based flexible IDS/IPS testing framework) WebJob tcpflow ssldump emotion icon Social Snapshots: Digital Forensics for Online Social Networks
Mobile/Small Device Forensics: Santoku Linux NowSecure Forensics Suite (Community Edition) NowSecure App Testing Suite (Community Edition) Burner Phone Forensic Resources viaForensics AFLogical (Open source focrensic application to extract data from Android devices) TULP2G - forensic framework for extracting and decoding data SIMfill TULP2G (a .NET based forensic software framework for extracting and decoding data stored in electronic devices) rapi tools (A collection of tools to do many things to a windows CE device via Activesync/RAPI) emotion icon RFIDIOt (an open source python library for exploring RFID devices)
Anti-Forensics & Privacy Protection: Eraser Darik's Boot And Nuke Evidence Eliminator Eliminator (E3) ParetoLogic Privacy Controls Timestomp Slacker emotion icon Detect and Eliminate Computer Acquired Forensics (DECAF)


Governmental Agencies


INTERPOL International Association of Chiefs of Police (IACP) Virtual Forum against Cybercrime (VFAC) International Centre of Missing & Exploited Children (ICMEC)


Europe: EUROPOL (European Cybercrime Centre (EC3) @ Europol, Europol Platform for Experts (EPE), European Cybercrime Training and Education Group (E.C.T.E.G)) European Police College (CEPOL) CERT-EU (Computer Emergency Response Team for the EU institutions, bodies and agencies) Council of Europe - Cybercrime Convention Committee (T-CY) Missing Children Europe (European Federation for Missing and Sexually Exploited Children) (EFC (European Financial Coalition against Commercial Sexual Exploitation of Children Online))
Other Regions: Inter-American Cooperation Portal on Cyber-Crime United Nations Asia and Far East Institute for the Prevention of Crime and the Treatment of Offenders (UNAFEI)


Law Enforcement: Home Office (Police.UK, Border Force Action Fraud Identity and Passport Service Forensic Science Regulator National Police Chiefs’ Council (NPCC) (National Police Coordination Centre (NPoCC)) Independent Police Complaints Commission (IPCC) Police Federation of England and Wales Police Superintendent Association England and Wales emotion icon National Crime Agency (NCA) (Child Exploitation and Online Protection (CEOP) Command, CEOP's Thinkuknow, Missing Kids UK; NCCU - National Cyber Crime Unit, ECC - Economic Crime Command, OCC - Organised Crime Command) Serious Fraud Office (SFO) National Counter Terrorism Security Office Metropolitan Police Service (MET) (PCeU - Police Central e-crime Unit, Counter Terrorism Command) City of London Police (NFIB - National Fraud Intelligence Bureau) Surrey Police Police Scotland Police Service of Northern Ireland (PSNI) (CTSA - Counter Terrorism Security Advisers) Northern Ireland Organised Crime Task Force (OCTF) British Transport Police (BTP) Civil Nuclear Police Authority (CNPA) (CNC - Civil Nuclear Constabulary) Port of Liverpool Police Port of Dover Police emotion icon College of Policing National Policing Improvement Agency (NPIA) emotion icon N8 Policing Research Partnership (N8 PRP)
Justice: Ministry of Justice (HM Courts and Tribunals Service, Office of the Public Guardian, HM Prison Service, NOMS - National Offender Management Service; Information Commissioner's Office (ICO)) Attorney General's Office (AGO) (Crown Prosecution Service (CPS)) The Supreme Court
Intelligence, Defence & Security: Joint Intelligence Committee (JIC) Government Communications Headquarters (GCHQ) (National Technical Authority for Information Assurance (CESG), GovCertUK - Computer Emergency Response Team for UK Government) Ministry of Defence (British Amy, Royal Navy, Royal Air Force, Intelligence Corps; Dstl (Defence Science and Technology Laboratory), The Military Court Service, Defence Intelligence, DISC - Defence Intelligence and Security Centre; Ministry of Defence Police, Royal Military Police (RMP), Royal Navy Police, Royal Air Force Police (RAFP)) Defence Academy of the United Kingdom Security Service (MI5) (JTAC - Joint Terrorism Analysis Centre) Secret Intelligence Service (SIS, commonly known as MI6) National Cyber Security Centre (NCSC) (Cyber-Security Information Sharing Partnership (CISP)) Office of Cyber Security & Information Assurance (OCSIA)
Others: HM Revenue and Customs National Health Service (NHS) (NHS Protect Forensic Computing Unit)


National Institute of Standards and Technology (NIST): Organization of Scientific Area Committees (OSAC) for Forensic Science National Commission on Forensic Science Information Technology Laboratory (ITL) Digital & Multimedia Evidence Cloud Computing Forensic Science Video Analytics) Image Group Pattern and Impression Evidence NIST Biometric Image Software (NBIS)
Department of Justice (DoJ): Office of Justice Programs National Institute of Justice (NIJ) Bureau of Justice Assistance (BJA) Digital Forensic Certification Board (DFCB) National Commission on Forensic Science emotion icon US Department of Justice Computer Crime & Intellectual Property Section Internet Crimes Against Children (ICAC) Task Force
Department of Defense (DoD) Cyber Crime Center (DC3): National Centers of Digital Forensics Academic Excellence Program (CDFAE) emotion icon Defense Computer Forensics Laboratory (DCFL) Defense Cyber Investigations Training Academy (DCITA) Defense Cyber Crime Institute (DCCI)
National RCFL (Regional Computer Forensics Laboratory) Program: Chicago RCFL (CGRCFL) Greater Houston RCFL (GHRCFL) Heart of America RCFL (HARCFL) Intermountain West RCFL (IWRCFL) Kentucky RCFL (KRCFL) Miami Valley RCFL (MVRCFL) New Jersey RCFL (NJRCFL) New Mexico RCFL (NMRCFL) North Texas RCFL (NTRCFL) Northwest RCFL (NWRCFL) Orange County RCFL (OCRCFL) Philadelphia RCFL (PHRCFL) Rocky Mountain RCFL (RMRCFL) San Diego RCFL (SDRCFL) Silicon Valley RCFL (SVRCFL) Western New York RCFL (WNYRCFL)
Federal Bureau of Investigation (FBI): InfraGard (an information sharing and analysis effort)
Others: Department of Homeland Security Drug Enforcement Administration (DEA) Environmental Protection Agency (EPA) United States Secret Service (Forensic Services, Electronic Crimes Task Forces and Working Groups) U.S. Postal Inspection Service (USPIS) National White Collar Crime Center (NW3C) (Internet Crime Complaint Center (IC3)) American Society of Crime Lab Directors (ASCLD) (ASCLD Laboratory Accreditation Board (ASCLD/LAB)) Cyber Law Enforcement Organization High Tech Crime Consortium (HTCC) High Tech Crime Network (HTCN) U.S. Army Criminal Investigation Command  (CID) (Computer Crime Investigative Unit (CCIU))

Other Nations

Australia New Zealand Policing Advisory Agency (ANZPAA) Australian Criminal Intelligence Commission (ACIC) New Zealand Police E-crime Lab

Professional Bodies, Working Groups and Accreditors


International Federation for Information Processing (IFIP) (Working Group 11.9 on Digital Forensics) Association of Digital Forensics, Security and Law (ADFSL) Digital Forensic Research Workshop (DFRWS) (CDESF - Common Digital Evidence Storage Format Working Group) International Association for Pattern Recognition (IAPR) (Technical Committee on Computational Forensics) Cloud Security Alliance (CSA) (Incident Management and Forensics Working Group) IC4MF (International Consortium for Multi-media Forensics) emotion icon International Association for Identification (IAI) Society for the Policing of Cyberspace (POLCYB) Association of Certified Fraud Examiners (ACFE) International Association of Computer Investigative Specialists (IACIS) International Association of Financial Crimes Investigators (IAFCI) International Association of Forensic and Security Metrology (IAFSM) International Information Systems Forensics Association (IISFA) International association of Law and forensic Sciences (IALFS) ARMA International International Association of Security and Investigative Regulators (I.A.S.I.R.) International Council of E-Commerce Consultants (EC-Council) emotion icon International Organization on Computer Evidence (IOCE) International Forensic Strategic Alliance (IFSA) International Association of Forensic Sciences (IAFS) International Society of Forensic Computer Examiners (ISFCE)


European Network of Forensic Science Institutes (ENFSI) (DIWG - Digital Imaging Working Group, DIWG old website; FSAAWG - Expert Working Group Forensic Speech and Audio Analysis) European Association of Forensic Sciences (EAFS) ICT COST Action IC1106: Integrating Biometrics and Forensics for the Digital Age


BCS, The Chartered Institute for IT (Cybercrime Forensics Specialist Group) The Chartered Society of Forensic Sciences (The Society or CSFS) Association of Forensic Science Providers (AFSP) First Forensics Forum (F3) Computer Forensic Alliance Digital Policy Alliance (EURIM) (Cybersecurity & E-Crime Working Group) Internet Crime Forum Internet Watch Foundation (IWF) Information Assurance Advisory Council (IAAC) (Guide to Digital Investigations and Forensics) National Business Crime Solution (NBCS) Business Crime Forum


Scientific Working Groups (SWGs): Scientific Working Group on Digital Evidence (SWGDE) Scientific Working Group on Imaging Technology (SWGIT) Facial Identification Scientific Working Group (FISWG) emotion icon NIST Cloud Computing Forensic Science Working Group (NCC-FSWG)
Other Organizations: American Academy of Forensic Sciences (AAFS) (Digital & Multimedia Sciences Section) American College of Forensic Examiners International (ACFEI) Section of Science & Technology, American Bar Association (ABA) Consortium of Digital Forensic Specialists (CDFS) High Technology Crime Investigation Association (HTCIA) National Cyber-Forensics & Training Alliance (NCFTA) Digital Forensics Association (DFA) Association of Certified E-Discovery Specialists (ACEDS) Women in e-Discovery (WiE) Professional Investigators and Security Association (PISA) Law Enforcement & Emergency Services Video Association (LEVA) International, Inc. emotion icon Electronic Discovery Institute (EDI) Electronic Discovery Reference Model (EDRM)

Other Countries

Senior Managers of Australian and New Zealand Forensic Laboratories (SMANZFL) Australian & New Zealand Forensic Science Society (ANZFSS) Asian Forensic Sciences Network (AFSN) Academia Iberoamericana de Criminalística y Estudios Forenses (AICEF) emotion icon 资讯保安及法证公会 = Information Security and Forensics Society (ISFS) @ Hong Kong Regional Computer Forensics Group (RCFG @ Virginia, US) Regional Computer Crimes Education and Enforcement Group (RCCEEG @ St.Louis, Missouri, US)

Research Centers and Groups

Netherlands Forensic Institute The Forensic Institute (FIRN - Forensic Institute Research Network) Cranfield Forensic Institute (Centre for Forensic Computing) Centre for Forensic Science @ University of Strathclyde Institute of Criminal Justice Studies @ University of Portsmouth Centre for Computer Security, Audit, Forensics and Education @ University of Greenwich Digital Security & Forensics Applied Research Group @ Coventry University Centre for Law-Enforcement Audio Research (CLEAR) emotion icon UCD Center for Cyber Security and Cyber Crime Investigation (CCI) UCD Digital Forensics Investigation Research Laboratory (DigitalFIRE) emotion icon National Forensic Science Technology Center (NFSTC) Federal Law Enforcement Training Center (FLETC) (Financial Fraud Institute) Computer Crime Research Center (CCRC) Purdue University Cyber Forensics Lab Computer Forensics Research Group (CERIAS) @ Purdue University Economic Crime Institute @ Utica College (Computer Forensics Research and Development Center (CFRDC) @ Utica College) Digital Forensics and Cyber Security Center @ University of Rhode Island Centre for Cybersecurity and Cybercrime Investigation @ University College Dublin (Cloud Forensics Research) National Center for Forensic Science National Center for Forensic Science @ University of Central Florida Indiana Forensic Institute (IFI, a.k.a. Institute for Forensic Imaging) UAB (University of Alabama at Birmingham) Forensics Research Laboratory Norwich University Center for Advanced Computing and Digital Forensics Testimon Forensic Laboratory @Gjøvik University College emotion icon Australian Academy of Forensic Sciences


Multinational: Microsoft Digital Crimes Unit
UK: Forensic Telecommunications Services Ltd. (FTS) 7Safe CCL-Forensics Recx Ltd Disklabs (,,,,,,,,, Data Recovery Services Ltd CY4OR F-Response IntaForensics Ltd Future Digital Systems Technology Consultants Limited Forensic Control (Free computer forensic tools) Digital Detective Group Ltd 4N6 Investigation Bright Forensics PhoneBase emotion icon Facewatch Littoralis (DISC - Database and Intranet for Safer Communities) Sira Defence & Security Ltd
US: Guidance Software, Inc. (Tableau) AccessData Group, LLC (AccessData Academic Programs) Magnet Forensics Digital Intelligence, Inc. Paraben Corporation Belkasoft Cellebrite Katana Forensics, Inc. X1 Discovery NowSecure™ Paterva/ Maltego Perlustro L.P. Basis Technology Corporation BEK TEK LLC e-fense Kyrus Technology BlackBag Technologies, Inc. Fernico, Inc. DIGITS LLC MacForensicsLab Inc. Sumuri LLC Intella (Vound Inc.) Oxygen Forensics, Inc ADF Solutions, Inc. XENSIX The Cyan Group ForensicSoft, Inc. DriveSavers Data Recovery Passware, Inc. CRU Acquisition Group, LLC Tracker Products, LLC emotion icon Digital Assembly
Other Countries: X-Ways Software Technology AG PassMark® Software Pty Ltd GetData Pty Ltd MSAB Amped Software NETRESEC IMIX Vision Support Systems BlueBear LES emotion icon Elcomsoft Co. Ltd. Decision Group (定興科技股份有限公司) 鑒真數位 (iForensics)

Education Providers

College of Policing (formerly by NPIA): MSc/PGD/PGC in Cybercrime Forensics (jointly with Canterbury Christ Church University) First Responder e-learning course Core Skills in Data Recovery and Analysis Core Skills in Mobile Phone Forensics Applied NT Forensics GNU/Linux Forensics Advanced Internet Forensic Traces Course Covert Internet Investigations High Tech Crime First Responder E-Learning Programme High Tech Crime Scene Searching Researching, Identifying and Tracing the Electronic Suspect Field Search Course Child Protection System High Tech Crime Managers Workshop Core Skills in Communications Data
Other Training Programmes/Courses: BSc (Hons) Computer Forensics @ University of Glamorgan BSc (Hons) Computer Forensic Investigation @ University of Derby BSc (Hons) Computer Forensics @ Northumbria University BSc (Hons) Forensic Computing @ Birmingham City University BSc (Hons) Forensic Computing @ University of Portsmouth Digital Forensics and Cyber Security Degrees and Courses @ Staffordshire University BSc (Hons) Forensic Computing @ De Montfort University BSc (Hons) Computer Security and Forensics @ University of Greenwich emotion icon MSc/PgDip/PgCert Forensic Computing @ Cranfield University MSc Computer Forensics @ University of Glamorgan MSc Computer Forensic Investigation @ University of Derby MSc Forensic Information Technology @ University of Portsmouth MSc/PgDip Computer Forensics and E-Discovery @ University of Glasgow MSc Computer Security and Forensics @ University of Bedfordshire + 7Safe MSc Digital Forensics and Cybercrime Analysis @ Staffordshire University MSc/PG Dip/PG Cert Forensic Computing @ De Montfort University MSc Computer Forensics @ University of Greenwich MSc Computer Forensics and Systems Security @ University of Greenwich MSc Computer Forensics and Security Management @ University of Greenwich MSc Computer Forensics & the Law @ University of Greenwich MSc Forensic Computing @ Coventry University Postgraduate Certificate in Forensic CCTV Analysis @ Liverpool John Moores University Cybercrime Forensics Training Programme @ NPIA emotion icon Computer Forensics at Champlain College (US) (Computer & Digital Forensics Major, Computer Forensics & Digital Investigations BS Degree) Digital Forensics Examiner Course Zayed University, United Arab Emirates (Graduate Certificate in High Technology Crime Investigation) Digital Forensic Science @ Defiance College emotion icon SANS Computer Forensics Training, Incident Response


Researchers: Brian Carrier ( Simson L. Garfinkel Jesse Kornblum Jonathan Zdziarski (iOS Forensic Research) Keyun Ruan

Only one revision exists, which was created (or modified) by hooklee at Sunday, October 30, 2016 8:38:11 PM.
This page was locked and can only be edited by administrators.

HomeIndexRecent ChangesPreference

Valid XHTML 1.0 Transitional


Germany (CET)