The report notes that computer crime, in general, results from situations in which offenders capitalize on perceived opportunities to invade computer systems to achieve criminal ends or use computers as instruments of crime, confident that law enforcement officials do not have the means or knowledge to prevent or detect such criminal acts. This report presents up-to-date information on computer crime commission and investigation to help the reader understand how offenders use technology to commit their crimes (i.e., the most popular and effective methods); what enforcers must know to effectively detect/investigate these offenses; and in which areas offenders are still exceeding the skills of law enforcement. The tools being used by offenders are logically grouped and categorized by function (e.g., scanning tools, wardialing programs, and password crackers). The investigative tools described address the investigative needs, such as evidence source identification, evidence preservation, evidence extraction, and evidence analysis. These tools are grouped into the general categories of evidence collection and preservation tools, evidence extraction tools, evidence examination tools, evidence organization tools, network forensic tools, attack analysis tools, multipurpose forensic tools and toolkits, and trusted time stamping. These tools are further separated by function into subcategories. The body of this report presents general descriptions of the investigative tools, accompanied by directions on where more specific information on the tools can be found.