The OpenFISMA project is an open source application designed to reduce the complexity and automate the regulatory requirements of the Federal Information Security Management Act (FISMA) and the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF). While many security managers are eager to demonstrate their best practices for incident response, patch management, and configuration management, they are overwhelmed with the reporting and documentation requirements of FISMA. You can download our released software right away or peruse the current documentation.

OpenFISMA is built on the Zend Framework which is an open source, object oriented, web application framework with a flexible architecture. ZF is often referred to as a ‘component library’ because it has many loosely coupled components that you can use more or less independently. However, Zend Framework also provides a core model-view-controller (MVC) implementation that you can use to provide basic ‘best practices’ structure to web applications.

http://templora.com/content/14

Topics covered include:
SQL Injection
XSS Attacks
CSRF Attacks
PHP variable insertion
Input Validation

Advanced Data Carving

Advanced Data Carving: New Directions in Data Carving Techniques

Using VMWare in Digital Forensic Investigations

RAID Rebuilding

Unfortunately, these slides don’t include Dan’s narration, but they’re detailed enough that you can get a good understanding of each topic on your own.  Any remaining questions are a simple task for Google.

This article also mentions:
The Fundamental Computer Investigation Guide for Windows
The Malware Removal Starter Kit

Thanks for all your support!

-Scott (scott@freeitsecuritytraining.com)

They have a nice collection of security videos including:
IronPort (Anti-Spam)
Sophos (Anti-Virus)
AccessData (Forensics)
Nessus, Nmap, Netcat, Metasploit, Cain & Abel (Vulnerability Assessment / Penetration Testing)
GIAC Systems and Network Auditor (GSNA)

*Update*

CramSession also offers a free CISSP exam study guide courtesy of PrepLogic.

You have two options to receive it:

1) Download the study guide directly
or
2) Sign up for a free CramSession account (or use BugMeNot to avoid the compulsory registration) and download the CISSP training after clicking ‘not interested’ to all their sponsor sites.

[Papers]
Lateral SQL Injection: A New Class of Vulnerability in Oracle
Security Implications of Windows Access Tokens
802.11 Attacks

[Videos]
Packet sniffing with Ettercap (arp spoofing basics)
Anonymous Voice Vlan Hack
How to Make Files Undetected by AVs
Howto using aircrack-ptw WEP cracking tool
Advanced Mysql Injection in Joomla