http://www.infiniteskills.com/training/learning-computer-forensics.html
https://www.youtube.com/watch?v=nxpu7ZeK2fM
https://www.youtube.com/results?search_query=linux+forensics
https://www.youtube.com/watch?v=r9Ctji9djxI
https://www.youtube.com/user/robtlee73/videos
http://www.e-fense.com/helix3pro.php
https://www.youtube.com/watch?v=zYYCv21I-1I&feature=youtu.be
https://www.youtube.com/watch?v=BVo0TTEa9Dc
取证工具:
https://github.com/volatilityfoundation/volatility
https://www.mandiant.com/resources/download/redline
http://cert.at/downloads/software/densityscout_en.html
http://rjhansen.github.io/nsrllookup/
https://github.com/dkovar/anal
https://www.e-fense.com/store/index.php?_a=viewProd&productId=14
http://www.volatilityfoundation.org/#!24/c12wa
https://github.com/sleuthkit/sleuthkit/tree/develop/man
文档:
http://www.freebuf.com/articles/system/26763.html
http://drops.wooyun.org/papers/2854
http://www.forensicswiki.org/wiki/Tools%3aMemory_Imaging#Linux
http://technet.microsoft.com/en-us/sysinternals/bb897441.aspx
http://betanews.com/2013/10/28/check-unsigned-files-at-virustotal-with-sysinternals-sigcheck/
http://staff.washington.edu/dittrich/misc/forensics/
要购买的书籍:
http://www.amazon.com/s/ref=sr_pg_2?rh=n%3A283155%2Cn%3A5%2Ck%3AForensics&page=2&keywords=Forensics&ie=UTF8&qid=1412253572
the art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory
http://www.itpub.net/thread-1713816-1-1.html
windows forensic analysis toolkit fourth edition advanced analysis techniques for windows 8 pdf