Removed dead references (#195)

docs/analyzing_program_execution.md

@@ -78,7 +78,7 @@ will vary per product.
 
 ### Windows
 
-- [HowTo: Determine Program Execution](http://windowsir.blogspot.com/2013/07/howto-determine-program-execution.html),
+- [HowTo: Determine Program Execution](https://windowsir.blogspot.com/2013/07/howto-determine-program-execution.html),
   by [Harlan Carvey](harlan_carvey.md), July 06, 2013
 - [It Is All About Program Execution](http://journeyintoir.blogspot.com/2014/01/it-is-all-about-program-execution.html),
   by Corey Harrell, January 14, 2014

docs/dco_and_hpa.md

@@ -1,6 +1,6 @@
 ---
 tags:
-  - No Category
+  - Articles that need to be expanded
 ---
 Device Configuration Overlay (DCO) and Host Protected Area (HPA).
 
@@ -63,30 +63,25 @@ above)
 
 ## Other Tools
 
-- [TAFT (The ATA Forensics Tool)](https://vidstromlabs.com/freetools/taft/)
+* [TAFT (The ATA Forensics Tool)](https://vidstromlabs.com/freetools/taft/),
   claims the ability to look at and change the HPA and DCO settings.
-- [SAFE-Block](https://www.softpedia.com/get/Security/Security-Related/SAFE-Block.shtml),
+* [SAFE-Block](https://www.softpedia.com/get/Security/Security-Related/SAFE-Block.shtml),
   claims the ability to temporarily remove the HPA and remove the DCO
   and later return it to its original state.
-- [HDD Capacity Restore](http://hddguru.com/software/2007.07.20-HDD-Capacity-Restore-Tool/),
+* [HDD Capacity Restore](https://hddguru.com/software/2007.07.20-HDD-Capacity-Restore-Tool/),
   a reportedly Free utility that removed the DCO (to give you more
   storage for your hard drive!)
-- Tableau TD1 can remove the HPA and DCO.
-- [Blancco-Pro 4.5](http://www.mp3cdsoftware.com/blancco---pro-download-292.htm)
-  reportedly removes the HPA and DCO to completely obliterate all of
-  that pesky information which might get in the way.
+* Tableau TD1 can remove the HPA and DCO.
 
 ## External Links
 
-- [Methods of discovery and exploitation of Host Protected Areas on IDE storage devices that conform to ATAPI-4](http://www.sciencedirect.com/science?_ob=ArticleURL&_udi=B7CW4-4HR72JM-2&_user=3326500&_rdoc=1&_fmt=&_orig=search&_sort=d&view=c&_acct=C000060280&_version=1&_urlVersion=0&_userid=3326500&md5=030e6e2928779b385c76658736d11b98),
+* [Methods of discovery and exploitation of Host Protected Areas on IDE storage devices that conform to ATAPI-4](https://www.sciencedirect.com/science/article/abs/pii/S1742287605000939),
   Mark Bedford, Digital Investigation, Volume 2, Issue 4, December 2005,
   Pages 268-275
-- [Hidden Disk Areas: HPA and DCO](https://www.utica.edu/academic/institutes/ecii/publications/articles/EFE36584-D13F-2962-67BEB146864A2671.pdf),
+* [Hidden Disk Areas: HPA and DCO](https://www.utica.edu/academic/institutes/ecii/publications/articles/EFE36584-D13F-2962-67BEB146864A2671.pdf),
   Mayank R. Gupta, Michael D. Hoeschele, Marcus K. Rogers, International
   Journal of Digital Evidence, Fall 2006, Volume 5, Issue 1
-- [REMOVING HOST PROTECTED AREAS (HPA) IN LINUX](http://www.sleuthkit.org/informer/sleuthkit-informer-20.txt),
+* [Removing host protected areas (HPA) in Linux](https://www.sleuthkit.org/informer/sleuthkit-informer-20.txt),
   Brian Carrier, Sleuth Kit Informer \#20
-- [Wikipedia article on Device Configuration Overlay](https://en.wikipedia.org/wiki/Device_configuration_overlay)
-- [Wikipedia article on Host Proteced Area](https://en.wikipedia.org/wiki/Host_protected_area)
-- [Hiding Data in Hard-Drive’s Service Areas](http://www.recover.co.il/SA-cover/SA-cover.pdf),
-  by Ariel Berkman, February 14, 2013
+* [Wikipedia: Device Configuration Overlay](https://en.wikipedia.org/wiki/Device_configuration_overlay)
+* [Wikipedia: Host Proteced Area](https://en.wikipedia.org/wiki/Host_protected_area)

docs/document_metadata_extraction.md

@@ -8,8 +8,6 @@ Here are tools that will extract metadata from document files.
 
 [antiword](http://www.winfield.demon.nl/)
 
-<!-- -->
-
 [Belkasoft](belkasoft.md) Evidence Center
 
 Extracts metadata from various [Microsoft](microsoft.md) Office
@@ -18,33 +16,21 @@ documents. Besides, can extract plain texts (combining all texts from
 all XLS/XLSX/ODS pages and PPT/PPTX/ODP slides) and embedded objects.
 The tool can visualize pictures embedded in a document.
 
-<!-- -->
-
 [catdoc](http://www.45.free.net/~vitus/software/catdoc/)
 
-<!-- -->
-
 [laola](http://user.cs.tu-berlin.de/~schwartz/pmh/index.html)
 
-<!-- -->
-
 [word2x](https://word2x.sourceforge.net/)
 
-<!-- -->
-
 [wvWare](https://wvware.sourceforge.net/)
 
 Extracts metadata from various [Microsoft Word](microsoft_office.md) (doc)
 files. Can also convert doc files to other formats such as HTML or plain text.
 
-<!-- -->
-
 [Outside In](http://www.oracle.com/technology/products/content-management/oit/oit_all.html)
 
 Originally developed by Stellant, supports hundreds of file types.
 
-<!-- -->
-
 [FI Tools](https://www.fid3.com/)
 
 More than 100 file types.
@@ -57,8 +43,6 @@ Extracts metadata from [PDF](pdf.md) files. Besides, can extract
 texts and embedded objects. For pictures, embedded into a PDF document,
 the tool can visualize them all right in its user interface.
 
-<!-- -->
-
 [pdfinfo](pdfinfo.md) (part of the [xpdf](xpdf.md)
 package) displays some metadata of [PDF](pdf.md) files.
 
@@ -75,73 +59,53 @@ Photos with GPS coordinates can be shown on Google Maps and Google
 Earth. Evidence Center can analyze existing Thumbs.db files and Thumbs
 Cache as well as carve deleted thumbnails.
 
-<!-- -->
-
 [Exiftool](exiftool.md)
 
 Free, cross-platform tool to extract metadata from many different file
 formats. Also supports writing
 
-<!-- -->
-
 [jhead](jhead.md)
 <https://www.sentex.ca/~mwandel/jhead/>
 
 Displays or modifies [Exif](exif.md) data in
 [JPEG](jpeg.md) files.
 
-<!-- -->
-
 [vinetto](vinetto.md)
 <https://vinetto.sourceforge.net/>
 
 Examines [Thumbs.db](thumbs.db.md) files.
 
-<!-- -->
-
 [libexif](libexif.md)
 <https://sourceforge.net/projects/libexif> EXIF tag Parsing Library
 
-<!-- -->
-
 [Adroit Photo Forensics](adroit_photo_forensics.md)
 
 Displays meta data and uses date and camera meta-data for grouping,
 timelines etc.
 
-<!-- -->
-
 [exiftags](https://johnst.org/sw/exiftags/)
 
 open source utility to parse and edit [exif](exif.md) data in
 [JPEG](jpeg.md) images. Found in many Debian based
 distributions.
 
-<!-- -->
-
 [exifprobe](https://www.virtual-cafe.com/~dhh/tools.d/exifprobe.d/exifprobe.html)
 
 Open source utility that reads [exif](exif.md) data in
 [JPEG](jpeg.md) and some "RAW" image formats. Found in many
 Debian based distributions.
 
-<!-- -->
-
 [Exiv2](https://exiv2.org/)
 
 Open source C++ library and command line tool for reading and writing
 metadata in various image formats. Found in almost every GNU/Linux
 distribution
 
-<!-- -->
-
 [pngtools](http://www.stillhq.com/pngtools/)
 
 Open source suite of commands (pnginfo, pngchunks, pngchunksdesc) that reads
 metadata found in PNG files. Found in many Debian based distributions.
 
-<!-- -->
-
 [pngmeta](https://sourceforge.net/projects/pmt/files/)
 
 Open source command line tool that extracts metadata from PNG images. Found in
@@ -157,35 +121,23 @@ programs fail, but they generally provide less detailed information.
 and converts documents in Microsoft Outlook, Web Access email, tablets
 and smartphones, as well as desktop-based documents."
 
-<!-- -->
-
 [Metadata Extraction Tool](https://meta-extractor.sourceforge.net/)
 "Developed by the National Library of New Zealand to programmatically
 extract preservation metadata from a range of file formats like PDF
 documents, image files, sound files Microsoft office documents, and many
 others."
 
-<!-- -->
-
 [Metadata Assistant](http://www.thepaynegroup.com/products/metadata/)
 
-<!-- -->
-
 [hachoir-metadata](hachoir.md)
 Extraction tool, part of **[Hachoir](hachoir.md)** project
 
-<!-- -->
-
 [file](file.md)
 The UNIX **file** program can extract some metadata
 
-<!-- -->
-
 [GNU libextractor](https://www.gnunet.org/en/)
 The libextractor library is a plugable system for extracting metadata
 
-<!-- -->
-
 [Directory Lister Pro](https://www.krksoft.com/)
 Directory Lister Pro is a Windows tool which creates listings of files
 from selected directories on hard disks, CD-ROMs, DVD-ROMs, floppies,
@@ -205,8 +157,6 @@ completely customize the visual look of the output. Filter on file name,
 date, size or attributes can be applied so it is possible to limit the
 files listed.
 
-<!-- -->
-
 [Apache Tika](https://tika.apache.org/)
 Apache Tika extracts metadata from a wide range of file formats and
 normalizes metadata keys to Dublin Core when possible. In recent

docs/email_headers.md

@@ -46,7 +46,7 @@ Mail servers can add lines onto email headers, usually in the form of
 
 ## Message Id Field
 
-. According to the current guidelines for email
+According to the current guidelines for email
 [1](http://www.faqs.org/rfcs/rfc2822.html), every message should have a
 Message-ID field. These id fields can be used to determine if a message
 has been forged. It is harder, but sometimes possible, to show that a
@@ -56,51 +56,52 @@ pages for those programs](list_of_mua_header_formats.md).
 
 ## Signature Fields
 
-. Some email programs allow users to sign messages. This gives the
-recipient some assurance that the sender given in the message really
-sent the message. Obviously these headers can be used by an examiner for
-the same purpose.
+Some email programs allow users to sign messages. This gives the recipient some
+assurance that the sender given in the message really sent the message.
+Obviously these headers can be used by an examiner for the same purpose.
 
 ## Sample Header
 
 This is an (incomplete) excerpt from an email header:
 
-`Received: from lists.securityfocus.com (lists.securityfocus.com [205.206.231.19])`
-`        by outgoing2.securityfocus.com (Postfix) with QMQP`
-`        id 7E9971460C9; Mon,  9 Jan 2006 08:01:36 -0700 (MST)`
-`Mailing-List: contact [email protected]; run by ezmlm`
-`Precedence: bulk`
-`List-Id: <forensics.list-id.securityfocus.com>`
-`List-Post: <`[`mailto:[email protected]`](mailto:[email protected])`>`
-`List-Help: <`[`mailto:[email protected]`](mailto:[email protected])`>`
-`List-Unsubscribe: <`[`mailto:[email protected]`](mailto:[email protected])`>`
-`List-Subscribe: <`[`mailto:[email protected]`](mailto:[email protected])`>`
-`Delivered-To: mailing list [email protected]`
-`Delivered-To: moderator for [email protected]`
-`Received: (qmail 20564 invoked from network); 5 Jan 2006 16:11:57 -0000`
-`From: YJesus <[email protected]>`
-`To: [email protected]`
-`Subject: New Tool : Unhide`
-`User-Agent: KMail/1.9`
-`MIME-Version: 1.0`
-`Content-Disposition: inline`
-`Date: Thu, 5 Jan 2006 16:41:30 +0100`
-`Content-Type: text/plain;`
-`  charset="iso-8859-1"`
-`Content-Transfer-Encoding: quoted-printable`
-`Message-Id: <[email protected]>`
-`X-HE-Spam-Level: /`
-`X-HE-Spam-Score: 0.0`
-`X-HE-Virus-Scanned: yes`
-`Status: RO`
-`Content-Length: 586`
-`Lines: 26`
+```
+Received: from lists.securityfocus.com (lists.securityfocus.com [205.206.231.19])
+        by outgoing2.securityfocus.com (Postfix) with QMQP
+        id 7E9971460C9; Mon,  9 Jan 2006 08:01:36 -0700 (MST)
+Mailing-List: contact [email protected]; run by ezmlm
+Precedence: bulk
+List-Id: <forensics.list-id.securityfocus.com>
+List-Post: <mailto:[email protected]>
+List-Help: <mailto:[email protected]>
+List-Unsubscribe: <mailto:[email protected]>
+List-Subscribe: <mailto:[email protected]>
+Delivered-To: mailing list [email protected]
+Delivered-To: moderator for [email protected]
+Received: (qmail 20564 invoked from network); 5 Jan 2006 16:11:57 -0000
+From: YJesus <[email protected]>
+To: [email protected]
+Subject: New Tool : Unhide
+User-Agent: KMail/1.9
+MIME-Version: 1.0
+Content-Disposition: inline
+Date: Thu, 5 Jan 2006 16:41:30 +0100
+Content-Type: text/plain;
+  charset="iso-8859-1"
+Content-Transfer-Encoding: quoted-printable
+Message-Id: <[email protected]>
+X-HE-Spam-Level: /
+X-HE-Spam-Score: 0.0
+X-HE-Virus-Scanned: yes
+Status: RO
+Content-Length: 586
+Lines: 26
+```
 
 ## External Links
 
-- [Wikipedia: E-mail](http://en.wikipedia.org/wiki/E-mail)
+* [Wikipedia: E-mail](https://en.wikipedia.org/wiki/E-mail)
 
 ### Tools
 
-- [MailXaminer product page](https://www.mailxaminer.com/product/)
-- [Wikipedia: MailXaminer](https://en.wikipedia.org/wiki/MailXaminer)
+* [MailXaminer product page](https://www.mailxaminer.com/product/)
+* [Wikipedia: MailXaminer](https://en.wikipedia.org/wiki/MailXaminer)

docs/exif.md

@@ -1,10 +1,10 @@
 ---
 tags:
   - Articles that need to be expanded
+  - File Formats
 ---
 The **Exchangeable image file format** (Exif) is an image [file format](file_formats.md)
-which adds lots of [metadata](metadata.md) to existing image formats, mainly
-[JPEG](jpeg.md).
+which adds [metadata](metadata.md) to existing image formats, such as [JPEG](jpeg.md).
 
 To read the Date/Time tag do:
 
@@ -21,6 +21,5 @@ For tools that extract Exif meta data look here -
 
 ## External Links
 
-* [exif.org](http://exif.org/)
 * [Exif 2.2 specification](https://www.loc.gov/preservation/digital/formats/fdd/fdd000146.shtml)
 * [Wikipedia: Exif](https://en.wikipedia.org/wiki/Exif)

docs/harlan_carvey.md

@@ -7,7 +7,7 @@ alt="HarlanCarvey.jpg" /> [Harlan Carvey](harlan_carvey.md) is a
 computer forensics author, researcher and practitioner. He has written
 several books and tools focusing on [Windows](windows.md)
 systems and [incident response](incident_response.md). His
-[Windows Incident Response Blog](http://windowsir.blogspot.com) Harlan
+[Windows Incident Response Blog](https://windowsir.blogspot.com) Harlan
 Carvey's interest in computer and information security began while he
 was an officer in the U.S. military, and a student at the Naval
 Postgraduate School, earning his MSEE. After leaving military service,
@@ -39,12 +39,12 @@ Security Bulletin, on the SecurityFocus website, and in the Hakin9
 magazine. Finally, Harlan has written a number of open source programs
 (including RegRipper), which have been made available online and via
 CDs/DVDs in his books. His [Windows Incident
-Response](http://windowsir.blogspot.com/) blog is updated on a regular
+Response](https://windowsir.blogspot.com/) blog is updated on a regular
 basis.
 
 ## Website
 
-- [Harlan's Windows Incident Response Blog](http://windowsir.blogspot.com)
+- [Harlan's Windows Incident Response Blog](https://windowsir.blogspot.com)
 
 ## Tools