Welcome To digitalforensics.ch

Bruce Nikkel's Computer Forensics Homepage

A little about me:

I am a professor at the Bern University of Applied Sciences in Switzerland, specializing in digital forensics and cybercrime. I also work as a security advisor at a global financial institution. I have a PhD in network forensics and have specialized in computer security since 1996. My research interests are in various areas of digital forensics, information security, and understanding cyber-criminal activity.

Any feedback or comments on this site or its content are welcome. Email me at nikkel@digitalforensics.ch


Masters in Digital Forensics & Cyber Investigation at Bern University of Applied Sciences
Interested students can find more info and register here: bfh.ch/mas-dfci
If you are interested in teaching a module or collaborating, please contact me at the university: bruce.nikkel@bfh.ch


My Public Work

Forensic Artifacts in Modern Linux Systems (presented at various Arina Events)
February, 2023, Digital Investigation Conference (DIC), Zurich
March, 2019, Digital Investigation Conference (DIC), Vienna
Sept, 2018, Lunch and Learn workshop, Zurich and Bern
The latest slides can be found here: PDF


History and Evolution of Ransomware
Presented at the Workshop on Ransomware Attacks, November 2021
Organized by the Swiss Support Center for Cybersecurity (SSCC) and the Swiss Security Network (SSN)
The slides can be found here: PDF


My latest book: Practical Linux Forensics: A Guide for Digital Investigators
The publisher's book page: Practical Linux Forensics
Release date: October 2021
ISBN-13: 9781718501966




A Four Part Series on the History of Hacking
Written in 2020 for the HISTEC Journal from the Enter Computer Museum in Solothurn, Switzerland
Part 1: Phone Phreaking PDF
Part 2: Dial-up Modems PDF
Part 3: The Computer Virus PDF
Part 4: Internet Attacks PDF
The German published versions and other articles I've written for HISTEC Journal can be found here
Physical copies can be purchased at the museum here


Fintech Forensics: Criminal Investigation and Digital Evidence in Financial Technologies
Forensic Science International: Digital Investigation
The original version published by Elsevier can be found here: doi:10.1016/j.fsidi.2020.200908
My current version can be found here: PDF


Data Deletion: Challenges and Risks of Recovery (Herausforderungen der Datenlöschung)
digma: Zeitschrift für Datenrecht und Informationssicherheit, ISSN: 1424-9944
19. Jahrgang, Heft 4, Dezember 2019
The German translated version published by Schulthess Juristische Medien AG can be found here: digma
The original English version can be found here: PDF


Registration Data Access Protocol (RDAP) for Digital Forensic Investigators
Digital Investigation, The International Journal of Digital Forensics and Incident Response, Volume 22, September 2017
The original version published by Elsevier can be found here: doi:10.1016/j.diin.2017.07.002
My current version can be found here: PDF


sfsimage: a tool for managing squashfs forensic evidence containers
This script uses the squashfs read-only compressed filesystem as a digital forensic evidence container. Squashfs forensic evidence containers are described in my book: Practical Forensic Imaging


My book: Practical Forensic Imaging: Securing Digital Evidence with Linux Tools
The publisher's book page: No Starch Press
September 2016
ISBN: 978-1-59327-793-2



NVM Express Drives and Digital Forensics
Digital Investigation, The International Journal of Digital Forensics and Incident Response, Vol 16, No 1 (March 2016)
The original version published by Elsevier can be found here: doi:10.1016/j.diin.2016.01.001
My current version can be found here: PDF


Fostering incident response and digital forensics research
Digital Investigation, The International Journal of Digital Forensics and Incident Response, Vol 11, No 4 (December 2014)
The original version published by Elsevier can be found here: doi:10.1016/j.diin.2014.09.004
My current version can be found here: PDF


Corporate IT Forensics in the New Decade
Presented at the InfoSecurity Summit in Hong Kong, March 2010
Presented at an intellectual property workshop in Zurich, April 2010
Slides are here: PDF


Forensic analysis of GPT disks and GUID partition tables
Digital Investigation, The International Journal of Digital Forensics and Incident Response, Vol 6, No 1-2 (Sept 2009)
The original version published by Elsevier can be found here: doi:10.1016/j.diin.2009.07.001
My current version can be found here: PDF


Practical Computer Forensics using Open Source Tools
Presented to /ch/open, the Swiss Open Systems User Group
Technopark, Zurich, June 12, 2008
(Intended for Unix/Linux experts learning forensics)
Slides are here: PDF


An introduction to investigating IPv6 networks
Digital Investigation, The International Journal of Digital Forensics and Incident Response, Vol 4, No 2 (July 2007)
The original version published by Elsevier can be found here: doi:10.1016/j.diin.2007.06.001
(DI Journal's top downloaded paper in 2007!)
My current version can be found here: PDF


A portable network forensic evidence collector
Digital Investigation, The International Journal of Digital Forensics and Incident Response, Vol 3, No 3 (Oct 2006)
The original version published by Elsevier can be found here: doi:10.1016/j.diin.2006.08.012
My current version can be found here: PDF


Improving evidence acquisition from live network sources
Digital Investigation, The International Journal of Digital Forensics and Incident Response, Vol 3, No 2 (May 2006)
The original version published by Elsevier can be found here: doi:10.1016/j.diin.2006.05.002
My current version can be found here: PDF


The Role of Digital Forensics within a Corporate Organization
Presented to a banking security group in Vienna, May 2006
A condensed version of these slides was presented to the Gartner IT Security Summit in London, Sept 2006
Slides are here: PDF


Digital Forensics using Linux and Open Source Tools
Seminar given at Cranfield University on Sept 26, 2005
(Intended for forensics experts learning Unix/Linux)
Slides are here: PDF
(White) (2/page) (4/page) (6/page)


Generalizing sources of live network evidence
Digital Investigation, The International Journal of Digital Forensics and Incident Response, Vol 2, No 3 (September 2005)
The original version published by Elsevier can be found here: doi:10.1016/j.diin.2005.08.001
My current version can be found here: PDF


Forensic acquisition and analysis of magnetic tapes
Digital Investigation, The International Journal of Digital Forensics and Incident Response, Vol 2, No 1 (February 2005)
The original version published by Elsevier can be found here: doi:10.1016/j.diin.2005.01.007
My current version can be found here: PDF (includes several technical corrections)


Domain Name Forensics: A Systematic Approach to Investigating an Internet Presence
Digital Investigation, The International Journal of Digital Forensics and Incident Response, Vol 1, No 4 (November 2004)
The original version published by Elsevier can be found here: doi:10.1016/j.diin.2004.10.001
My current version can be found here: PDF

Disclaimer: This is a personal site and it is not affiliated with my employers.