Using File Hashes to Reduce Forensic Analysis Appeared in May, 2002 in SC Magazine OnLine. How to use file hashes to identify known files, thus reducing the number of files requiring analysis as much as 90%. Where to obtain the known hash sets and a critique of those available.
Data Integrity: How to Authenticate Your Electronic Records Written 5/2003, This article explains the uses of the MD5 algorithm and the Maresware Hash program to validate the integrity of source files. It describes a procedure using Hash and Hashcmp programs (based on the MD5 algorithm).
File Changes on Windows XP bootup. (Summer, 2002) Research project by MBA students under the direction of Dr. Larry Leibrock at University of Texas, Austin. "This research documents that approximately 0.6% of the operating system files are changed each time the Windows XP system is shut-down and restarted." (from the article summary)
Getting the Hard Facts, an opinion by James Holley in the April, 2001 Test Center column of SC Magazine OnLine. Holley evaluates various computer forensics analysis software, including Maresware. Go to the product reviews section for a direct link to his Maresware evaluation. [Incidentally, when we contacted Holley about the reported problem with the Ss program, he said he didn't find a problem; there was apparently an error in the article's editing. Contact Dan Mares with any questions about Ss.]
NT Alternate Data Streams By Dan Mares. This article discusses what Alternate Data Streams are, how they can be created, and how they might affect a forensic investigation. (BTW: most of the Maresware software which operates on files has the capability of working with Alternate Data Streams).
Database Record Extraction By Det. Billy Moylan (Dec.,1988). His experience of using Maresware Data Analysis software for sorting and extracting data from a large database exported to a DBASE format. (A quote from the article: "...and each time[I] have been impressed with the speed and accuracy of the results.")
What Time Is It? Article adapted from a series of previously published articles by Dan Mares. Discusses in detail the three time stamps which belong to files: these are generally referred to as MAC time (Modified, Access, Create). Examples especially relevant to computer forensic examiners.
Office_metadata A spreadsheet with some minimal information from a test of file date metadata within Microsoft Office (2007) documents.
Learn By Doing, by Elizabeth Genco. In April, 2002, Info Security Magazine. Ms. Genco discusses her experience of building a forensic workstation, and some of the software she tested and incorporated.
Digital Discovery Excerpt from Handbook of Computer Crime Investigation: Forensic Tools and Technology by Eoghan Casey. This chapter, written by Troy Larson, discusses how attorneys can use software to help them prepare for discovery of digital evidence. Or, as he says: "This chapter provides a sound methodology for efficiently complying with initial disclosure, and points out the most common pitfalls."
Companies to watch  By Illena Armstrong of SECURE Computing. In this cover story for SC Magazine Online (January, 2002) she discusses companies to watch as leaders in the digital security and computer forensics arena. Software solutions by Mares and Company, LLC are included.
NCTP and NWCCC (fall, 2000) .pdf article. This is a direct link to a pdf article from NWCCC discussing the introduction of their Advanced Data Recovery Course. Dan Mares collaborated on the design of the original course.