Removed dead references (#199)

docs/aff4.md

@@ -1,8 +1,8 @@
 ---
 tags:
-  -  Articles that need to be expanded
-  -  Disk Image
-  -  File Formats
+  - Articles that need to be expanded
+  - Disk Image
+  - File Formats
 ---
 # Advanced Forensic Framework 4 (AFF4)
 
@@ -16,27 +16,18 @@ description of how to use the sample implementation, library and tools.
 Traditional forensic file formats have a number of limitations which
 have been exposed over the years:
 
-- Proprietary formats like EWF are difficult to implement and explain.
+* Proprietary formats like EWF are difficult to implement and explain.
   EWF is a fairly complex file format. Most of the details are reverse
   engineered. Recovery from damaged EWF files is difficult as detailed
   knowledge of the file format is required.
-
-<!-- -->
-
-- Simple file formats like dd are very large since they are
+* Simple file formats like dd are very large since they are
   uncompressed. They also dont store metadata, signatures or have
   cryptographic support.
-
-<!-- -->
-
-- Traditional file formats are designed to store a single stream. Often
+* Traditional file formats are designed to store a single stream. Often
   in an investigation, however, multiple source of data need to be
   acquired (sometimes simultaneously) and stored in the same evidence
   volumes.
-
-<!-- -->
-
-- Traditional file formats just deal with data - there is no attempt to
+* Traditional file formats just deal with data - there is no attempt to
   build a universal evidence management system integrated within the
   file specification.
 
@@ -78,17 +69,17 @@ object of the form:
 
 For example:
 
-` `
-`  ******** Object urn:aff4:f3eba626-505a-4730-8216-1987853bc4d2 ***********`
-`    aff4:stored = urn:aff4:4bdbf8bc-d8a5-40cb-9af0-fd7e4d0e2c9e`
-`    aff4:type = image`
-`    aff4:interface = stream`
-`    aff4:timestamp = 0x49E9DEC3`
-`    aff4:chunk_size = 32k`
-`    aff4:compression = 8`
-`    aff4:chunks_in_segment = 2048`
-`    aff4:size = 10485760`
-`  `
+```
+  ******** Object urn:aff4:f3eba626-505a-4730-8216-1987853bc4d2 ***********
+    aff4:stored = urn:aff4:4bdbf8bc-d8a5-40cb-9af0-fd7e4d0e2c9e
+    aff4:type = image
+    aff4:interface = stream
+    aff4:timestamp = 0x49E9DEC3
+    aff4:chunk_size = 32k
+    aff4:compression = 8
+    aff4:chunks_in_segment = 2048
+    aff4:size = 10485760
+```
 
 This shows that the object named (the Subject) has all these attributes
 and their values. We call these *relations* or *facts*. The entire AFF4
@@ -124,7 +115,7 @@ regular directory on the filesystem. This is really useful if we want to
 image to a FAT filesystem since each segment is really small and we will
 not exceed the file size limitations. Its also possible to root the
 directory on a http url (i.e. the directory starts with
-<http://somehost/url/>). This allows us to use the image directly from
+`http://somehost/url/`). This allows us to use the image directly from
 the web - no need to download the whole thing.
 
 Directory objects use FileLikeObjects (see below) to actually store the
@@ -142,8 +133,8 @@ ZipFile volume uses a FileLikeObject to actually store the zip file.
 This means that its possible to write a ZipFile volume directly onto a
 HTTP server and use the image directly from the server as well.
 
-Example: <http://www.pyflag.net/images/test.zip> is an example of a
-small (about 1mb) AFF4 image.
+Example: `http://www.pyflag.net/images/test.zip` is an example of a
+small (about 1 MB) AFF4 image.
 
 Directory and ZipFile volumes can be easily converted from one to the
 other (i.e. unzip the ZipFile into a directory to create a Directory
@@ -166,7 +157,7 @@ some of the specific implementations of streams.
 The FileBacked object is a stream which stores data in an actual file on
 the filesystem. The location of the file is determined from the file's
 URN. Since a URN is a superset of URLs, URLs are also valid URNs. This
-means that something like <file:///somedirectory/filename> is a valid
+means that something like `file:///somedirectory/filename` is a valid
 location for a FileBackedObject.
 
 ### HTTPObject
@@ -320,4 +311,4 @@ We do this by setting attributes on the map objects:
 
 ### Tools
 
-- <https://github.com/Velocidex/c-aff4>
+* <https://github.com/Velocidex/c-aff4>

docs/bitcurator.md

@@ -1,20 +1,13 @@
 ---
 tags:
-  -  Disk Imaging
-  -  Tools
-  -  Open Source Software
-  -  Live CD
-  -  Deprecated
+  - Tools
 ---
-BitCurator is a suite of open source digital forensics and data analysis
-tools to help collecting institutions (libraries, archives, and museums)
-process born-digital materials. BitCurator supports positive digital
-preservation outcomes using software (see our Software page) and
-practices adopted from the digital forensics community.
-[1](http://wiki.bitcurator.net/index.php?title=Main_Page)
+
+BitCurator is a Ubuntu-based Linux distribution designed to assist collections
+professionals with media imaging, forensic analysis, and reporting tasks when
+working with digital collections.
 
 ## External Links
 
-- [Project site](http://www.bitcurator.net/bitcurator/)
-- [Wiki](http://wiki.bitcurator.net/index.php?title=Main_Page)
-- [Source](https://github.com/BitCurator/bitcurator-distro-main)
+* [Official website](https://bitcurator.github.io)
+* [GitHub organization](https://github.com/BitCurator/)

docs/bitlocker_disk_encryption.md

@@ -1,9 +1,7 @@
 ---
 tags:
-  -  Encryption
-  -  Disk Encryption
-  -  Windows
-  -  Anti-Forensics
+  - Disk Encryption
+  - Windows
 ---
 **BitLocker Disk Encryption** (BDE) is [Full Volume
 Encryption](full_volume_encryption.md) solution by
@@ -27,12 +25,12 @@ also stored in the metadata. Each copy of the VMK is encrypted using
 another key, also know as key-protector key. Some of the key-protectors
 are:
 
-- TPM (Trusted Platform Module)
-- Smart card
-- recovery password
-- start-up key
-- clear key; this key-protector provides no protection
-- user password
+* TPM (Trusted Platform Module)
+* Smart card
+* recovery password
+* start-up key
+* clear key; this key-protector provides no protection
+* user password
 
 BitLocker has support for partial encrypted volumes.
 
@@ -63,8 +61,8 @@ A hexdump of the start of the volume should look similar to:
 
 These volumes can also be identified by a GUID:
 
-- for BitLocker: 4967d63b-2e29-4ad8-8399-f6a339e3d00
-- for BitLocker ToGo: 4967d63b-2e29-4ad8-8399-f6a339e3d01
+* for BitLocker: 4967d63b-2e29-4ad8-8399-f6a339e3d00
+* for BitLocker ToGo: 4967d63b-2e29-4ad8-8399-f6a339e3d01
 
 Which in a hexdump of the start of the volume should look similar to:
 
@@ -102,31 +100,30 @@ opened on Windows 10 systems and later.
 
 ## See Also
 
-- [BitLocker: How to image](bitlocker_how_to_image.md)
+* [BitLocker: How to image](bitlocker_how_to_image.md)
 
 ## External Links
 
-- [Wikipedia entry on BitLocker](https://en.wikipedia.org/wiki/BitLocker_Drive_Encryption)
-- Accessing Bitlocker volumes from Linux,
+* [Wikipedia entry on BitLocker](https://en.wikipedia.org/wiki/BitLocker_Drive_Encryption)
+* Accessing Bitlocker volumes from Linux,
   by Nitin Kumar and Vipin Kumar, 2008
-- [Implementing BitLocker for Forensic Analysis](https://www.sciencedirect.com/science/article/abs/pii/S1742287609000024),
+* [Implementing BitLocker for Forensic Analysis](https://www.sciencedirect.com/science/article/abs/pii/S1742287609000024),
   *Digital Investigation*, by Jesse D. Kornblum, 2009
-- [BitLocker Drive Encryption (BDE) format specification](https://github.com/libyal/libbde/blob/main/documentation/BitLocker%20Drive%20Encryption%20(BDE)%20format.asciidoc),
+* [BitLocker Drive Encryption (BDE) format specification](https://github.com/libyal/libbde/blob/main/documentation/BitLocker%20Drive%20Encryption%20(BDE)%20format.asciidoc),
   by the [libbde project](libbde.md), March 2011
-- [Microsoft's Step by Step Guide](http://technet2.microsoft.com/WindowsVista/en/library/c61f2a12-8ae6-4957-b031-97b4d762cf311033.mspx?mfr=true)
-- [Microsoft Technical Overview](https://learn.microsoft.com/en-us/)
-- [An Introduction to Security in Windows 7](https://learn.microsoft.com/en-us/previous-versions/technet-magazine/dd630640(v=msdn.10))
-- [Microsoft Description of the Encryption Algorithm](https://www.microsoft.com/en-us/download/details.aspx?id=13866)
-- [What's New in BitLocker](https://learn.microsoft.com/en-us/previous-versions/orphan-topics/ws.11/hh831412(v=ws.11))
+* [Microsoft Technical Overview](https://learn.microsoft.com/en-us/)
+* [An Introduction to Security in Windows 7](https://learn.microsoft.com/en-us/previous-versions/technet-magazine/dd630640(v=msdn.10))
+* [Microsoft Description of the Encryption Algorithm](https://www.microsoft.com/en-us/download/details.aspx?id=13866)
+* [What's New in BitLocker](https://learn.microsoft.com/en-us/previous-versions/orphan-topics/ws.11/hh831412(v=ws.11))
   in Windows 8
-- [Windows 10 Version 1511 gets new XTS-AES BitLocker encryption algorithm](https://www.onmsft.com/news/windows-10-version-1511-gets-new-xts-aes-bitlocker-encryption-algorithm/)
-- [What's new in BitLocker](https://learn.microsoft.com/en-us/windows/whats-new/whats-new-windows-10-version-1507-and-1511)
+* [Windows 10 Version 1511 gets new XTS-AES BitLocker encryption algorithm](https://www.onmsft.com/news/windows-10-version-1511-gets-new-xts-aes-bitlocker-encryption-algorithm/)
+* [What's new in BitLocker](https://learn.microsoft.com/en-us/windows/whats-new/whats-new-windows-10-version-1507-and-1511)
   Windows 10
 
 ## Tools
 
-- [dislocker](https://www.hsc.fr/securite-internet/)
-- [libbde](libbde.md)
-- [M3 Bitlocker Loader for Mac](https://www.m3datarecovery.com/mac-bitlocker/)
-- [M3 Bitlocker Recovery](https://www.m3datarecovery.com/bitlocker-recovery/bitlocker-data-recovery.html)
-- [Manage-bde.exe](http://technet.microsoft.com/en-us/library/dd875513(v=ws.10>).aspx)
+* [dislocker](https://www.hsc.fr/securite-internet/)
+* [libbde](libbde.md)
+* [M3 Bitlocker Loader for Mac](https://www.m3datarecovery.com/mac-bitlocker/)
+* [M3 Bitlocker Recovery](https://www.m3datarecovery.com/bitlocker-recovery/bitlocker-data-recovery.html)
+* [Manage-bde.exe](http://technet.microsoft.com/en-us/library/dd875513(v=ws.10>).aspx)

docs/data_mining.md

@@ -1,23 +1,20 @@
 ---
 tags:
-  -  Tools
-  -  Articles that need to be expanded
+  - Articles that need to be expanded
+  - Tools
 ---
 Right now this is just a list of resources that will be useful for
 people doing forensic data mining and machine learning.
 
 ## Open Source Software
 
-- [Weka](https://www.cs.waikato.ac.nz/ml/weka/) data mining toolkit -
+* [Weka](https://www.cs.waikato.ac.nz/ml/weka/) data mining toolkit -
   java, has programmatic and GUI interface.
-- Ping He has created an [Open Source C4.5 implementation in
-  C](https://code.google.com/archive/p/fc45)
-- [Machine Learning Open Source Software](http://mloss.org) - a page
+* Ping He has created an [Open Source C4.5 implementation in C](https://code.google.com/archive/p/fc45)
+* [Machine Learning Open Source Software](https://mloss.org) - a page
   hosting many open source machine learning tools and libraries.
-- [Apache Mahout](https://mahout.apache.org//): goal is to "build
+* [Apache Mahout](https://mahout.apache.org//): goal is to "build
   scalable, Apache licensed machine learning libraries" (java). also
-  includes a focus on using [hadoop](http://hadoop.apache.org/core/).
-- The [Journal of Machine Learning](https://jmlr.csail.mit.edu/)
-  maintains an [archive of non-trivial machine learning algorithms,
-  toolboxes, and languages](https://jmlr.csail.mit.edu/mloss/).
-
+  includes a focus on using [hadoop](http://hadoop.apache.org/).
+* The [Journal of Machine Learning](https://jmlr.csail.mit.edu/)
+  maintains an [archive of non-trivial machine learning algorithms, toolboxes, and languages](https://jmlr.csail.mit.edu/mloss/).

docs/document_metadata_extraction.md

@@ -16,7 +16,7 @@ documents. Besides, can extract plain texts (combining all texts from
 all XLS/XLSX/ODS pages and PPT/PPTX/ODP slides) and embedded objects.
 The tool can visualize pictures embedded in a document.
 
-[catdoc](http://www.45.free.net/~vitus/software/catdoc/)
+[catdoc](https://github.com/petewarden/catdoc)
 
 [laola](http://user.cs.tu-berlin.de/~schwartz/pmh/index.html)
 

docs/fat.md

@@ -658,7 +658,6 @@ object.
 * <http://support.microsoft.com/kb/q154997/#XSLTH3126121123120121120120>
 * <http://www.dewassoc.com/kbase/hard_drives/boot_sector.htm>
 * <http://home.teleport.com/~brainy/fat32.htm>
-* <http://web.ukonline.co.uk/cook/fat32.htm>
 * <https://www.ntfs.com/index.html/fat-systems.htm>
 * <http://support.microsoft.com/kb/q140418>
 

docs/file_carving_smartcarving.md

@@ -8,7 +8,7 @@ fragmented files first proposed by A.  Pal, T. Sencar and N. Memon in DFRWS
 2008.
 
 The term **smart carving** was already proposed in 2006 in
-[Analysis of 2006 DFRWS forensic carving challenge - A smart carving approach](http://sandbox.dfrws.org/2006/mora/dfrws2006.pdf).
+[Analysis of 2006 DFRWS forensic carving challenge - A smart carving approach](https://github.com/libyal/documentation/blob/main/dfrws2006_carving_challenge.pdf).
 
 SmartCarving utilizes a combination of structure based validation along
 with validation of each file's unique content. Results for the
@@ -40,12 +40,12 @@ be done in parallel for many files.
 There are currently two commercial applications available that utilize
 SmartCarving, both produced by Digital Assembly:
 
-- [Adroit Photo Forensics](adroit_photo_forensics.md)
-- Adroit Photo Recovery
+* [Adroit Photo Forensics](adroit_photo_forensics.md)
+* Adroit Photo Recovery
 
 Further there is one open-source solution under development:
 
-- [Multimedia File Carver](https://github.com/rpoisel/mmc) -
+* [Multimedia File Carver](https://github.com/rpoisel/mmc) -
   Implementation that focuses on the recovery of fragmented movies and
   images (JPEG)
 

docs/forensic_corpora.md

@@ -132,7 +132,6 @@ The Storage Networking Industry Association has a set of network file
 system traces that can be downloaded from:
 
 - <http://iotta.snia.org/traces>
-- <http://tesla.hpl.hp.com/public_software/>
 
 ## Other
 

docs/forensic_live_cd_issues.md

@@ -152,18 +152,16 @@ searching for available block devices (*/dev/?d?* instead of
 
 ### Incorrect write blocking approach
 
-Some forensic Linux Live CD distributions rely on
-hdparm and blockdev programs
-to mount file systems in read-only mode (by setting the underlying block
-device to read-only mode). Unfortunately, setting a block device to
-read-only mode does not guarantee that [no write commands will be passed
-to the drive](http://oss.sgi.com/archives/xfs/2009-07/msg00213.html).
-There were several other bugs related to writing on a read-only block
-device in the past (like [Ext3/4 orphan inodes
-deletion](https://lkml.org/lkml/2007/2/6/1)). At present (Linux 3.14.2),
-kernel code still disregards read-only mode set on block devices in many
-places (it should be noted that setting a block device to read-only mode
-will efficiently write-protect the drive from programs running in
+Some forensic Linux Live CD distributions rely on hdparm and blockdev programs
+to mount file systems in read-only mode (by setting the underlying block device
+to read-only mode). Unfortunately, setting a block device to read-only mode does
+not guarantee that no write commands will be passed to the drive.
+
+There were several other bugs related to writing on a read-only block device in
+the past (like [Ext3/4 orphan inodes deletion](https://lkml.org/lkml/2007/2/6/1)).
+At present (Linux 3.14.2), kernel code still disregards read-only mode set on
+block devices in many places (it should be noted that setting a block device to
+read-only mode will efficiently write-protect the drive from programs running in
 userspace, while kernel and its modules still can write anything to the
 block device, regardless of the read-only mode).
 
@@ -189,6 +187,6 @@ almost the same, except it doesn't write block anything by default).
 
 ## External links
 
-- [Linux for computer forensic investigators: problems of booting trusted operating system](http://www.computer-forensics-lab.org/pdf/Linux_for_computer_forensic_investigators_2.pdf)
-- [Linux for computer forensic investigators: «pitfalls» of mounting file systems](http://www.computer-forensics-lab.org/pdf/Linux_for_computer_forensic_investigators.pdf)
-- [Testing the forensic soundness of forensic examination environments on bootable media](http://www.dfrws.org/2014/proceedings/DFRWS2014-3.pdf)
+* [Linux for computer forensic investigators: problems of booting trusted operating system](http://www.computer-forensics-lab.org/pdf/Linux_for_computer_forensic_investigators_2.pdf)
+* [Linux for computer forensic investigators: «pitfalls» of mounting file systems](http://www.computer-forensics-lab.org/pdf/Linux_for_computer_forensic_investigators.pdf)
+* [Testing the forensic soundness of forensic examination environments on bootable media](http://www.dfrws.org/2014/proceedings/DFRWS2014-3.pdf)

docs/full_disk_encryption.md

@@ -1,8 +1,6 @@
 ---
 tags:
-  - Anti-Forensics
   - Disk Encryption
-  - Encryption
 ---
 **Full Disk Encryption** or **Whole Disk Encryption** is a phrase that
 was coined by Seagate to describe their encrypting
@@ -32,8 +30,7 @@ provides no software to utilize encrypted drive features (such as key
 management). There is a proprietary Windows-only API, but it is not
 available to the public.
 
-- [FIPS
-  140-2](https://www.seagate.com/de/de/)
+- [FIPS 140-2](https://www.seagate.com/de/de/)
   (Federal Information Processing Standard 140-2 certification issued by
   NIST)
 
@@ -218,7 +215,7 @@ Supports hidden volumes within TrueCrypt volumes (plausible deniability).
 
 <!-- -->
 
-[VeraCrypt](http://veracrypt.codeplex.com/)
+[VeraCrypt](https://www.veracrypt.fr/)
 Fork of [TrueCrypt](truecrypt.md) project. Support for for
 [Linux](linux.md), [Windows](windows.md), and
 [MacOS](mac_os_x.md).