cleanup8

Author: joachimmetz

docs/anti_forensic_techniques.md

@@ -239,7 +239,7 @@ Code Breakers III, São Paulo, Brazil, Setember 2006.
 
 ## Externals Links
 
-* [Anti-Forensics: The Next Step in Digital Forensics Tool Testing](https://www.digitrace.de/veroeffentlichung-2/fachliteratur/84-anti-forensics-the-next-step-in-digital-forensics-tool-testing),
+* [Anti-Forensics: The Next Step in Digital Forensics Tool Testing](https://www.researchgate.net/publication/261038911_Anti-Forensics_The_Next_Step_in_Digital_Forensics_Tool_Testing),
   in: IT Security Incident Management and IT Forensics (IMF): 2013
   Seventh International Conference on, Date 12-14 March 2013, IEEE, S.
   83 – 97

docs/apple_mail.md

@@ -9,7 +9,3 @@ system](operating_system.md). The latest version is 1.2 and was released in
 
 The [Apple Mail Header Format](apple_mail_header_format.md) is known for some
 versions of the program.
-
-## External Links
-
-* [Official website](https://www.apple.com/macos/ventura/)

docs/bibliography.md

@@ -101,7 +101,7 @@ by Christian Johansson, Masters Thesis, Blekinge Tekniska Hogskola, June 2003
 
 # Theory
 
-[A Hypothesis-Based Approach to Digital Forensic Investigations](https://www.cerias.purdue.edu/tools_and_resources/bibtex_archive/archive/2006-06.pdf),
+[A Hypothesis-Based Approach to Digital Forensic Investigations](https://www.cerias.purdue.edu/assets/pdf/bibtex_archive/2006-06.pdf),
 by Brian D. Carrier, Ph.D. Dissertation Purdue University, May 2006
 
 # Other Papers

docs/blogs.md

@@ -45,12 +45,11 @@ like: blogs, fora, tweets, tools and challenges (and test images).
   by Matt Edmondson
 - [Digital Forensics with a Focus on EnCase](https://secureartisan.wordpress.com/),
   by Paul Bobby
+- [Digital Forensics Notes](https://digfor.blogspot.com/)
 - [Dlog](https://dan3lmi.blogspot.com/),
   by Daniela Elmi
 - [eForensics Magazine blog](https://eforensicsmag.com/category/news/)
 - [Elcomsoft Blog](https://blog.elcomsoft.com)
-- [Elvidence Computer Forensics Blog](https://www.elvidence.com.au/blog),
-  see also [Digital Forensics Notes](https://digfor.blogspot.com/)
 - [FireEye Blogs](https://www.trellix.com/en-us/about/newsroom/stories.html)
 - [Forense nella Nebbia](https://forensenellanebbia.blogspot.com/),
   by Gabriele Zambelli

docs/cell_phone_forensics.md

@@ -101,5 +101,5 @@ Training
 * [SANS: FOR585: Smartphone Forensic Analysis In-Depth](https://www.sans.org/cyber-security-courses/advanced-smartphone-mobile-device-forensics/)
 * [Teel Technologies Smartphone training](http://www.teeltech.com/mobile-device-forensics-training/)
 * [Mobile-Forensics.com (Research Forum for Mobile Device Forensics)](http://www.mobile-forensics.com/)
-* [Paraben-Forensics.com (Paraben's Handheld Forensic Training Classes)](https://paraben.com/dfir-training-3/)
+* [Paraben-Forensics.com (Paraben's Handheld Forensic Training Classes)](https://paraben.com/digital-investigation-training-courses/)
 * [Micro Systemation Training (Mobile Forensics Training)](https://www.msab.com/)

docs/cellebrite_ufed.md

@@ -23,4 +23,4 @@ videos stored on the phone), and time and date stamps.
 
 ## External Links
 
-- [Official website](https://www.cellebrite.com/UFED-Standard-Kit.html)
+- [Product website](https://cellebrite.com/en/ufed/)

docs/cloud_forensics.md

@@ -5,13 +5,12 @@ tags:
 ---
 Cloud Forensics, for a lack of better term, is considered the intersection
 between [cloud computing](https://en.wikipedia.org/wiki/Cloud_computing) and
-network forensic analysis.
-[1](https://resources.infosecinstitute.com/topic/overview-cloud-forensics/)
+network forensic analysis. [1](https://resources.infosecinstitute.com/topics/digital-forensics/overview-cloud-forensics/)
 
 ## External Links
 
 * [Wikipedia: Cloud computing](https://en.wikipedia.org/wiki/Cloud_computing)
-* [Cloud Forensics: An Overview](https://resources.infosecinstitute.com/topic/overview-cloud-forensics/),
+* [Cloud Forensics: An Overview](https://resources.infosecinstitute.com/topics/digital-forensics/overview-cloud-forensics/),
   by Dejan Lukan, January 2, 2014
 
 ### Technologies

docs/cloud_forensics_research.md

@@ -213,7 +213,6 @@ location="Monterey, CA",
 ` number = {2},`
 ` year = {2010},`
 ` pages = {2--12},`
-` url="`[`https://www.crowell.com/documents/E-Discovery-and-Cloud-Computing-Control-of-ESI-in-the-Cloud.pdf`](https://www.crowell.com/documents/E-Discovery-and-Cloud-Computing-Control-of-ESI-in-the-Cloud.pdf)`"`
 
 } </bibtex>
 

docs/conferences.md

@@ -25,8 +25,7 @@ BSides Security (various locations)
 CanSecWest
 <https://www.secwest.net/>
 
-Computer Technology Investigators Network (CTIN) Digital Forensics Conference
-<https://ctin.org/>
+[Computer Technology Investigators Network (CTIN)](https://ctin.org/) Digital Forensics Conference
 
 Conference on Digital Forensics, Security and Law
 <https://www.digitalforensics-conference.org/>

docs/dcfldd.md

@@ -47,12 +47,9 @@ This tool is not suitable for imaging faulty drives:
 
 - dcfldd is based on an extremely old version of [dd](dd.md):
   it's known that dcfldd will misalign the data in the image after a
-  faulty sector is encountered on the source drive ([see the NIST
-  report](https://www.cyberfetch.org/groups/community/test-results-digital-data-acquisition-tool-dcfldd-134-1)),
+  faulty sector is encountered on the source drive ([see the NIST report](https://www.dhs.gov/sites/default/files/publications/DCFLDD%201%203%204-1%20Test%20Report_updated.pdf)),
   and this kind of bug (wrong offset calculation when seeking over a bad
-  block) was fixed for [dd](dd.md) in 2003 ([see the fix in the
-  mailing
-  list](https://lists.gnu.org/archive/html/bug-coreutils/2003-10/msg00071.html));
+  block) was fixed for [dd](dd.md) in 2003 ([see the fix in the mailing list](https://lists.gnu.org/archive/html/bug-coreutils/2003-10/msg00071.html));
 - similarly, dcfldd can enter an infinite loop when a faulty sector is
   encountered on the source drive, thus writing to the image over and
   over again until there is no free space left.

docs/email_research.md

@@ -130,5 +130,5 @@ products.
   by the [libewf project](libewf.md), March 2006
 - [Expert Witness Compression Format (EWF) version 2](https://github.com/libyal/libewf/blob/main/documentation/Expert%20Witness%20Compression%20Format%202%20(EWF2).asciidoc),
   by the [libewf project](libewf.md), July 2012
-- [Validation of forensic images for assurance of digital evidence integrity](https://researchrepository.murdoch.edu.au/id/eprint/24962/1/whole.pdf),
+- [Validation of forensic images for assurance of digital evidence integrity](https://researchportal.murdoch.edu.au/esploro/outputs/graduate/Validation-of-forensic-images-for-assurance/991005544234707891),
   by James Michael McCutcheon, November, 2014

docs/encase_image_file_format.md

@@ -59,7 +59,6 @@ There are multiple families of executable files:
   by [Microsoft](microsoft.md)
 * [Internet Archive: Microsoft Symbol and Type Information](http://web.archive.org/web/20070915060650/http://www.x86.org/ftp/manuals/tools/sym.pdf),
   by [Microsoft](microsoft.md)
-* [Microsoft Symbol and Type Information](https://pierrelib.pagesperso-orange.fr/exec_formats/MS_Symbol_Type_v1.0.pdf)
 * [Stream Descriptions](https://code.google.com/archive/p/pdbparse/wikis/StreamDescriptions.wiki),
   [pdbparse project](https://github.com/moyix/pdbparse/)
 * [libmsdebug](https://sourceforge.net/p/mingw-w64/code/HEAD/tree/experimental/tools/libmsdebug/),

docs/executable.md

@@ -51,6 +51,3 @@ you parse them.
 - [Belkasoft Evidence Center](https://belkasoft.com/) allows for carving
   Facebook data such as chats, wall posts and photos from Live RAM
   dumps, hibernation and pagefiles.
-- [WebPreserver](https://webpreserver.com/facebook-forensics/) captures
-  Facebook wall posts and about information as well as metadata in a
-  legally authenticated manner.

docs/facebook_forensics.md

@@ -69,8 +69,6 @@ victims can be easier if they stand out from the crowd.
 
 * [Expanding the Expanded Incident Lifecycle](http://www.itsmsolutions.com/newsletters/DITYvol5iss7.htm),
   by Janet Kuhn, February 18, 2009
-* [Incident lifecycle](https://www.enisa.europa.eu/activities/cert/support/incident-management/browsable/workflows/incident-lifecycle),
-  by [ENISA](enisa.md)
 
 ### Intrusion Analysis
 

docs/incident_response.md

@@ -274,7 +274,7 @@ Mac OS.
 
 ### iCloud
 
-* [iCloud: iCloud security and privacy overview](https://support.apple.com/en-us/HT202303)
+* [iCloud: iCloud security and privacy overview](https://support.apple.com/en-us/102651)
 
 ### ColorSync
 

docs/mac_os_x.md

@@ -6,7 +6,7 @@ There are a number of mailing lists of interest to Digital Forensics
 Practitioners. Below is a listing of some more well known lists. It is
 not all-inclusive.
 
-- [American Academy of Forensic Science, Digital and Multimedia Sciences Section](https://www.aafs.org/digital-multimedia-sciences) -
+- [American Academy of Forensic Science, Digital and Multimedia Sciences Section](https://www.aafs.org/membership/digital-multimedia-sciences) -
   Subscription requires moderator approval. The archive is only
   available to list members. This list supports the Digital and
   Multimedia Sciences section in the AAFS. Subscribe by sending an email

docs/mailing_lists.md

@@ -64,7 +64,7 @@ property set streams. Here are some tools for processing them:
   implementation in Java.
 - [SquirrelGripper Perl script](https://cheeky4n6monkey.blogspot.com/2012/05/perl-script-plays-matchmaker-with.html)
   Extract fields into SQLite Database.
-- [FOCA - Eleven Paths](https://www.elevenpaths.com/labstools/foca/index.html)
+- [FOCA - Eleven Paths](https://cybersecuritycloud.telefonicatech.com/en/innovation-labs/innovation-technologies/foca)
   Scan and group metadata information.
 
 [TIFF](tiff.md)

docs/metadata.md

@@ -2,20 +2,14 @@
 tags:
   - No Category
 ---
-## See Also
+## External links
 
-Very basic visualization with no discrimination between packet types:
-<https://research.swtch.com/tcpviz>
+* [Visualizing TCP congestion avoidance algorithm](http://marc.herbert.free.fr/TCP/congestion/),
+  by Marc Herbert, October 25, 2002
+* [Visualizing TCP](https://research.swtch.com/tcpviz),
+  by Russ Cox, December 13, 2010
 
-Manual for Cisco commercial product with broad range of visualizations:
-<https://www.cisco.com/en/US/docs/net_mgmt/application_analysis_solution/1.0/tutorials_and_examples/tut_ace.pdf>
+## Tools
 
-Examination of congestion control strategy with xplot visualization:
-<http://marc.herbert.free.fr/TCP/congestion/>
-
-Very cool video visualization of TCP flows:
-<https://github.com/aristus/packet-flight/tree/master/packet_flight/js>
-(facebook example: <https://vimeo.com/17248120>)
-
-Software project that visualizes TCP flows:
-<http://research.protocollabs.com/captcp/>
+* [Captcp](http://research.protocollabs.com/captcp/)
+* [packet-flight](https://github.com/aristus/packet-flight/tree/master)

docs/network_data_visualizations.md

@@ -145,8 +145,6 @@ TxF uses the [Common Log File System (clfs)](common_log_file_system_(clfs).md)
 * [Wikipedia: NTFS Reparse point](https://en.wikipedia.org/wiki/NTFS_reparse_point)
 * [MSDN: Transactional NTFS](https://learn.microsoft.com/en-us/windows/win32/fileio/transactional-ntfs-portal)
 * [Wikipedia: Transactional NTFS](https://en.wikipedia.org/wiki/Transactional_NTFS)
-* [Linux-ntfs Documentation](https://sourceforge.net/directory/file-systems/)
-  Detailed documentation of the NTFS format by the Linux-NTFS driver creators.
 * [Default cluster size for NTFS, FAT, and exFAT](https://support.microsoft.com/en-us/topic/default-cluster-size-for-ntfs-fat-and-exfat-9772e6f1-e31a-00d7-e18f-73169155af95)
 * [Distributed Link Tracking and Object Identifiers](https://learn.microsoft.com/en-us/windows/win32/fileio/distributed-link-tracking-and-object-identifiers)
 * [New Technologies File System (NTFS)](https://github.com/libyal/libfsntfs/blob/main/documentation/New%20Technologies%20File%20System%20(NTFS).asciidoc),

docs/new_technology_file_system_(ntfs).md

@@ -11,7 +11,7 @@ tags:
 
 * [National Computer Forensic Institute](national_computer_forensic_institute.md)
 * [Computer Crime and Intellectual Property Section of the Department of Justice](https://www.justice.gov/criminal-ccips)
-* [Computer Technology Investigators Network](https://www.ctin.org/)
+* [Computer Technology Investigators Network](https://ctin.org/)
 * [National Institute of Justice](https://www.ojp.gov/about/offices/national-institute-justice-nij)
 * [National Center for Forensic Science](https://ncfs.ucf.edu/)
 * [National Institute of Standards and Technology, Computer Forensic Tool Testing](https://www.nist.gov/itl/ssd/software-quality-group/computer-forensics-tool-testing-program-cftt)

docs/organizations.md

@@ -63,4 +63,4 @@ has been acquired.
 
 ## External Links
 
-* [Paraben](https://paraben.com/smartphone-forensic-tools/)
+* [Product website](https://paraben.com/e3-mobile-smartphone-forensics/)

docs/paraben_cell_seizure.md

@@ -40,3 +40,7 @@ Paraben's Device Seizure also supports the following types of GPS
 Devices with more manufacturers to follow:
 
 - Garmin
+
+## External links
+
+* [Product website](https://paraben.com/e3-mobile-smartphone-forensics/)

docs/paraben_device_seizure.md

@@ -27,4 +27,4 @@ evidence.
 
 ## External Links
 
-* [Paraben](https://paraben.com/wireless-device-protection/)
+* [Product website](https://paraben.com/stronghold-faraday-protection/)

docs/paraben_stronghold_bag.md

@@ -233,7 +233,7 @@ The EnablePrefetcher Registry value can be used to disable prefetch.
   by Jared Atkinson, September 21, 2013
 * [Windows Prefetch (.PF) files](https://www.swiftforensics.com/2013/10/windows-prefetch-pf-files.html?m=1),
   by Yogesh Khatri, October 21, 2013
-* [Windows Systems and Artifacts in Digital Forensics: Part III: Prefetch Files](https://resources.infosecinstitute.com/topic/windows-systems-artifacts-digital-forensics-part-iii-prefetch-files/),
+* [Windows Systems and Artifacts in Digital Forensics: Part III: Prefetch Files](https://resources.infosecinstitute.com/topics/digital-forensics/windows-systems-artifacts-digital-forensics-part-iii-prefetch-files/),
   by Ivan Dimov, November 21, 2013
 * [Prefetch 101 - a Windows 8 Prefetch file walkthrough](https://i.imgur.com/riuljsK.jpg),
   by Jared Atkinson, 2014

docs/prefetch.md

@@ -36,8 +36,8 @@ will be overwritten with the contents of the new message.
 - [pySIM](https://github.com/osmocom/pysim), a "SIM card
   management tool, capable of creating, editing, deleting, backup and
   restore operations on your SIM Phonebook and SMS records."
-- [adafruit industries](https://www.adafruit.com/category/27) has a
-  low-cost SIM reader kit that you can get from their website.
+- [Adafruit Industries](https://www.adafruit.com/) has a low-cost SIM reader
+  kit that you can get from their website.
 
 ## External Links
 

docs/sms.md

@@ -75,7 +75,7 @@ drive, with the following features:
 `volume=5,`
 `issue=3,`
 `year=2011,`
-`url={`[`https://researchrepository.murdoch.edu.au/id/eprint/3714/1/solid_state_drives.pdf`](https://researchrepository.murdoch.edu.au/id/eprint/3714/1/solid_state_drives.pdf)`}`
+`url={`[`https://researchportal.murdoch.edu.au/esploro/outputs/journalArticle/Solid-State-Drives-The-Beginning-of/991005543502107891`](https://researchportal.murdoch.edu.au/esploro/outputs/journalArticle/Solid-State-Drives-The-Beginning-of/991005543502107891)`}`
 
 } </bibtex> <bibtex> @inproceedings{Billard:2010:MSU:1774088.1774426,
 

docs/solid_state_drive_(ssd)_forensics.md

@@ -16,7 +16,6 @@ encoded data on magnetic tape.
 
 ## Links
 
-* [Microsoft Tape format reader](https://sourceforge.net/directory/backup/)
 * [MTF Format specification](http://laytongraphics.com/mtf/MTF_100a.PDF)
 * [Linux MTF tape parsing tool](http://www.laytongraphics.com/mtf/mtf-0.2.1.tgz)
 * [Java Parser for MTF Tape format](https://sourceforge.net/projects/jmtf/)

docs/tape.md

@@ -23,4 +23,5 @@ and is the author of [Hash](hash_(tool).md) (**ha**cker
 
 ### External Links
 
-- [CSO Online interview with The Grugq](https://www.csoonline.com/article/2121184/where-is-hacking-now--a-chat-with-grugq.html)
+* [Where Is Hacking Now? A Chat with Grugq](https://www.csoonline.com/article/519514/network-security-where-is-hacking-now-a-chat-with-grugq.html),
+  March 12, 2007

docs/the_grugq.md

@@ -32,11 +32,11 @@ In Windows 2003 and later:
   by [Microsoft](microsoft.md)
 * [Application Compatibility Database](https://learn.microsoft.com/en-us/windows/win32/devnotes/application-compatibility-database),
   by [Microsoft](microsoft.md)
-* [Secrets of the Application Compatilibity Database (SDB) – Part 1](https://www.alex-ionescu.com/?p=39),
+* [Secrets of the Application Compatilibity Database (SDB) – Part 1](https://www.alex-ionescu.com/secrets-of-the-application-compatilibity-database-sdb-part-1/),
   by Alex Ionescu, May 20, 2007
-* [Secrets of the Application Compatilibity Database (SDB) – Part 2](https://www.alex-ionescu.com/?p=40),
+* [Secrets of the Application Compatilibity Database (SDB) – Part 2](https://www.alex-ionescu.com/secrets-of-the-application-compatilibity-database-sdb-part-2/),
   by Alex Ionescu, May 21, 2007
-* [Secrets of the Application Compatilibity Database (SDB) – Part 3](https://www.alex-ionescu.com/?p=41),
+* [Secrets of the Application Compatilibity Database (SDB) – Part 3](https://www.alex-ionescu.com/secrets-of-the-application-compatilibity-database-sdb-part-3/),
   by Alex Ionescu, May 26, 2007
 * Leveraging the Application Compatibility Cache in Forensic Investigations
   by Andrew Davis, May 4, 2012

docs/windows_application_compatibility.md

@@ -9,5 +9,5 @@ ZFS is a combined file system and logical volume manager designed by
 ## External Links
 
 * [Wikipedia: ZFS](https://en.wikipedia.org/wiki/ZFS)
-* [ZFS Forensics - Recovering Files From a Destroyed Zpool](https://tritondatacenter.com/blog/zfs-forensics-recovering-files-from-a-destroyed-zpool)
+* [ZFS Forensics - Recovering Files From a Destroyed Zpool](https://www.tritondatacenter.com/blog/zfs-forensics-recovering-files-from-a-destroyed-zpool),
   by M. Bruning, August 12, 2013