Welcome To digitalforensics.ch

Bruce Nikkel's Computer Forensics Homepage

A little about me:

I head the IT investigation and forensics team at a global financial institution based in Switzerland. I have a PhD in the field of network forensics and have specialized in computer security since 1996. My research interests are in various areas of digital forensics and information security.

Any feedback or comments on this site or its content are welcome. Email me at nikkel@digitalforensics.ch

My Public Papers and Presentations

Corporate IT Forensics in the New Decade
Presented at the InfoSecurity Summit in Hong Kong, March 2010
Presented at an intellectual property workshop in Zurich, April 2010
Slides are here: PDF


Forensic analysis of GPT disks and GUID partition tables
Digital Investigation, The International Journal of Digital Forensics and Incident Response, Vol 6, No 1-2 (Sept 2009)
The original version published by Elsevier can be found here: doi:10.1016/j.diin.2009.07.001
My current version can be found here: PDF


Practical Computer Forensics using Open Source Tools
Presented to /ch/open, the Swiss Open Systems User Group
Technopark, Zurich, June 12, 2008
(Intended for Unix/Linux experts learning forensics)
Slides are here: PDF


An introduction to investigating IPv6 networks
Digital Investigation, The International Journal of Digital Forensics and Incident Response, Vol 4, No 2 (July 2007)
The original version published by Elsevier can be found here: doi:10.1016/j.diin.2007.06.001
(DI Journal's top downloaded paper in 2007!)
My current version can be found here: PDF


A portable network forensic evidence collector
Digital Investigation, The International Journal of Digital Forensics and Incident Response, Vol 3, No 3 (Oct 2006)
The original version published by Elsevier can be found here: doi:10.1016/j.diin.2006.08.012
My current version can be found here: PDF


Improving evidence acquisition from live network sources
Digital Investigation, The International Journal of Digital Forensics and Incident Response, Vol 3, No 2 (May 2006)
The original version published by Elsevier can be found here: doi:10.1016/j.diin.2006.05.002
My current version can be found here: PDF


The Role of Digital Forensics within a Corporate Organization
Presented to a banking security group in Vienna, May 2006
A condensed version of these slides was presented to the Gartner IT Security Summit in London, Sept 2006
Slides are here: PDF


Digital Forensics using Linux and Open Source Tools
Seminar given at Cranfield University on Sept 26, 2005
(Intended for forensics experts learning Unix/Linux)
Slides are here: PDF
(White) (2/page) (4/page) (6/page)


Generalizing sources of live network evidence
Digital Investigation, The International Journal of Digital Forensics and Incident Response, Vol 2, No 3 (September 2005)
The original version published by Elsevier can be found here: doi:10.1016/j.diin.2005.08.001
My current version can be found here: PDF


Forensic acquisition and analysis of magnetic tapes
Digital Investigation, The International Journal of Digital Forensics and Incident Response, Vol 2, No 1 (February 2005)
The original version published by Elsevier can be found here: doi:10.1016/j.diin.2005.01.007
My current version can be found here: PDF (includes several technical corrections)


Domain Name Forensics: A Systematic Approach to Investigating an Internet Presence
Digital Investigation, The International Journal of Digital Forensics and Incident Response, Vol 1, No 4 (November 2004)
The original version published by Elsevier can be found here: doi:10.1016/j.diin.2004.10.001
My current version can be found here: PDF

Some useful links

News and Forums

An amazing source of documentation and forensic resources www.e-evidence.info
A slashdot style forensic site www.forensicfocus.com
A good source for tech news www.slashdot.org
Good places to find opensource tools www.sourceforge.org www.freshmeat.net (Many troubleshooting or conversion tools can be used for investigative purposes)


Journals and Newsletters

IJDE, the International Journal of Digital Evidence
Digital Investigation, The International Journal of Digital Forensics and Incident Response
The Sleuth Kit Informer
IEEE Transactions on Information Forensics and Security


Some tools that I use extensively...

The popular feature-rich commercial tool: Encase
A good Linux boot CD with many tools, designed with forensics in mind: Helix
A great opensource forensics toolkit based on TCT: Sleuthkit
A powerful trio of tools for network analysis: tcpdump ssldump tcpflow

Disclaimer: This is a personal site and it is not affiliated with my employer.