diff --git a/docs/aff4.md b/docs/aff4.md
index 8405ec79d..2f01ce2e8 100644
--- a/docs/aff4.md
+++ b/docs/aff4.md
@@ -1,8 +1,8 @@
 ---
 tags:
-  -  Articles that need to be expanded
-  -  Disk Image
-  -  File Formats
+  - Articles that need to be expanded
+  - Disk Image
+  - File Formats
 ---
 # Advanced Forensic Framework 4 (AFF4)
 
@@ -16,27 +16,18 @@ description of how to use the sample implementation, library and tools.
 Traditional forensic file formats have a number of limitations which
 have been exposed over the years:
 
-- Proprietary formats like EWF are difficult to implement and explain.
+* Proprietary formats like EWF are difficult to implement and explain.
   EWF is a fairly complex file format. Most of the details are reverse
   engineered. Recovery from damaged EWF files is difficult as detailed
   knowledge of the file format is required.
-
-<!-- -->
-
-- Simple file formats like dd are very large since they are
+* Simple file formats like dd are very large since they are
   uncompressed. They also dont store metadata, signatures or have
   cryptographic support.
-
-<!-- -->
-
-- Traditional file formats are designed to store a single stream. Often
+* Traditional file formats are designed to store a single stream. Often
   in an investigation, however, multiple source of data need to be
   acquired (sometimes simultaneously) and stored in the same evidence
   volumes.
-
-<!-- -->
-
-- Traditional file formats just deal with data - there is no attempt to
+* Traditional file formats just deal with data - there is no attempt to
   build a universal evidence management system integrated within the
   file specification.
 
@@ -78,17 +69,17 @@ object of the form:
 
 For example:
 
-` `
-`  ******** Object urn:aff4:f3eba626-505a-4730-8216-1987853bc4d2 ***********`
-`    aff4:stored = urn:aff4:4bdbf8bc-d8a5-40cb-9af0-fd7e4d0e2c9e`
-`    aff4:type = image`
-`    aff4:interface = stream`
-`    aff4:timestamp = 0x49E9DEC3`
-`    aff4:chunk_size = 32k`
-`    aff4:compression = 8`
-`    aff4:chunks_in_segment = 2048`
-`    aff4:size = 10485760`
-`  `
+```
+  ******** Object urn:aff4:f3eba626-505a-4730-8216-1987853bc4d2 ***********
+    aff4:stored = urn:aff4:4bdbf8bc-d8a5-40cb-9af0-fd7e4d0e2c9e
+    aff4:type = image
+    aff4:interface = stream
+    aff4:timestamp = 0x49E9DEC3
+    aff4:chunk_size = 32k
+    aff4:compression = 8
+    aff4:chunks_in_segment = 2048
+    aff4:size = 10485760
+```
 
 This shows that the object named (the Subject) has all these attributes
 and their values. We call these *relations* or *facts*. The entire AFF4
@@ -124,7 +115,7 @@ regular directory on the filesystem. This is really useful if we want to
 image to a FAT filesystem since each segment is really small and we will
 not exceed the file size limitations. Its also possible to root the
 directory on a http url (i.e. the directory starts with
-<http://somehost/url/>). This allows us to use the image directly from
+`http://somehost/url/`). This allows us to use the image directly from
 the web - no need to download the whole thing.
 
 Directory objects use FileLikeObjects (see below) to actually store the
@@ -142,8 +133,8 @@ ZipFile volume uses a FileLikeObject to actually store the zip file.
 This means that its possible to write a ZipFile volume directly onto a
 HTTP server and use the image directly from the server as well.
 
-Example: <http://www.pyflag.net/images/test.zip> is an example of a
-small (about 1mb) AFF4 image.
+Example: `http://www.pyflag.net/images/test.zip` is an example of a
+small (about 1 MB) AFF4 image.
 
 Directory and ZipFile volumes can be easily converted from one to the
 other (i.e. unzip the ZipFile into a directory to create a Directory
@@ -166,7 +157,7 @@ some of the specific implementations of streams.
 The FileBacked object is a stream which stores data in an actual file on
 the filesystem. The location of the file is determined from the file's
 URN. Since a URN is a superset of URLs, URLs are also valid URNs. This
-means that something like <file:///somedirectory/filename> is a valid
+means that something like `file:///somedirectory/filename` is a valid
 location for a FileBackedObject.
 
 ### HTTPObject
@@ -320,4 +311,4 @@ We do this by setting attributes on the map objects:
 
 ### Tools
 
-- <https://github.com/Velocidex/c-aff4>
+* <https://github.com/Velocidex/c-aff4>
diff --git a/docs/bitcurator.md b/docs/bitcurator.md
index 02a2af311..468f9c53b 100644
--- a/docs/bitcurator.md
+++ b/docs/bitcurator.md
@@ -1,20 +1,13 @@
 ---
 tags:
-  -  Disk Imaging
-  -  Tools
-  -  Open Source Software
-  -  Live CD
-  -  Deprecated
+  - Tools
 ---
-BitCurator is a suite of open source digital forensics and data analysis
-tools to help collecting institutions (libraries, archives, and museums)
-process born-digital materials. BitCurator supports positive digital
-preservation outcomes using software (see our Software page) and
-practices adopted from the digital forensics community.
-[1](http://wiki.bitcurator.net/index.php?title=Main_Page)
+
+BitCurator is a Ubuntu-based Linux distribution designed to assist collections
+professionals with media imaging, forensic analysis, and reporting tasks when
+working with digital collections.
 
 ## External Links
 
-- [Project site](http://www.bitcurator.net/bitcurator/)
-- [Wiki](http://wiki.bitcurator.net/index.php?title=Main_Page)
-- [Source](https://github.com/BitCurator/bitcurator-distro-main)
\ No newline at end of file
+* [Official website](https://bitcurator.github.io)
+* [GitHub organization](https://github.com/BitCurator/)
diff --git a/docs/bitlocker_disk_encryption.md b/docs/bitlocker_disk_encryption.md
index 6bd45439d..f2677cd43 100644
--- a/docs/bitlocker_disk_encryption.md
+++ b/docs/bitlocker_disk_encryption.md
@@ -1,9 +1,7 @@
 ---
 tags:
-  -  Encryption
-  -  Disk Encryption
-  -  Windows
-  -  Anti-Forensics
+  - Disk Encryption
+  - Windows
 ---
 **BitLocker Disk Encryption** (BDE) is [Full Volume
 Encryption](full_volume_encryption.md) solution by
@@ -27,12 +25,12 @@ also stored in the metadata. Each copy of the VMK is encrypted using
 another key, also know as key-protector key. Some of the key-protectors
 are:
 
-- TPM (Trusted Platform Module)
-- Smart card
-- recovery password
-- start-up key
-- clear key; this key-protector provides no protection
-- user password
+* TPM (Trusted Platform Module)
+* Smart card
+* recovery password
+* start-up key
+* clear key; this key-protector provides no protection
+* user password
 
 BitLocker has support for partial encrypted volumes.
 
@@ -63,8 +61,8 @@ A hexdump of the start of the volume should look similar to:
 
 These volumes can also be identified by a GUID:
 
-- for BitLocker: 4967d63b-2e29-4ad8-8399-f6a339e3d00
-- for BitLocker ToGo: 4967d63b-2e29-4ad8-8399-f6a339e3d01
+* for BitLocker: 4967d63b-2e29-4ad8-8399-f6a339e3d00
+* for BitLocker ToGo: 4967d63b-2e29-4ad8-8399-f6a339e3d01
 
 Which in a hexdump of the start of the volume should look similar to:
 
@@ -102,31 +100,30 @@ opened on Windows 10 systems and later.
 
 ## See Also
 
-- [BitLocker: How to image](bitlocker_how_to_image.md)
+* [BitLocker: How to image](bitlocker_how_to_image.md)
 
 ## External Links
 
-- [Wikipedia entry on BitLocker](https://en.wikipedia.org/wiki/BitLocker_Drive_Encryption)
-- Accessing Bitlocker volumes from Linux,
+* [Wikipedia entry on BitLocker](https://en.wikipedia.org/wiki/BitLocker_Drive_Encryption)
+* Accessing Bitlocker volumes from Linux,
   by Nitin Kumar and Vipin Kumar, 2008
-- [Implementing BitLocker for Forensic Analysis](https://www.sciencedirect.com/science/article/abs/pii/S1742287609000024),
+* [Implementing BitLocker for Forensic Analysis](https://www.sciencedirect.com/science/article/abs/pii/S1742287609000024),
   *Digital Investigation*, by Jesse D. Kornblum, 2009
-- [BitLocker Drive Encryption (BDE) format specification](https://github.com/libyal/libbde/blob/main/documentation/BitLocker%20Drive%20Encryption%20(BDE)%20format.asciidoc),
+* [BitLocker Drive Encryption (BDE) format specification](https://github.com/libyal/libbde/blob/main/documentation/BitLocker%20Drive%20Encryption%20(BDE)%20format.asciidoc),
   by the [libbde project](libbde.md), March 2011
-- [Microsoft's Step by Step Guide](http://technet2.microsoft.com/WindowsVista/en/library/c61f2a12-8ae6-4957-b031-97b4d762cf311033.mspx?mfr=true)
-- [Microsoft Technical Overview](https://learn.microsoft.com/en-us/)
-- [An Introduction to Security in Windows 7](https://learn.microsoft.com/en-us/previous-versions/technet-magazine/dd630640(v=msdn.10))
-- [Microsoft Description of the Encryption Algorithm](https://www.microsoft.com/en-us/download/details.aspx?id=13866)
-- [What's New in BitLocker](https://learn.microsoft.com/en-us/previous-versions/orphan-topics/ws.11/hh831412(v=ws.11))
+* [Microsoft Technical Overview](https://learn.microsoft.com/en-us/)
+* [An Introduction to Security in Windows 7](https://learn.microsoft.com/en-us/previous-versions/technet-magazine/dd630640(v=msdn.10))
+* [Microsoft Description of the Encryption Algorithm](https://www.microsoft.com/en-us/download/details.aspx?id=13866)
+* [What's New in BitLocker](https://learn.microsoft.com/en-us/previous-versions/orphan-topics/ws.11/hh831412(v=ws.11))
   in Windows 8
-- [Windows 10 Version 1511 gets new XTS-AES BitLocker encryption algorithm](https://www.onmsft.com/news/windows-10-version-1511-gets-new-xts-aes-bitlocker-encryption-algorithm/)
-- [What's new in BitLocker](https://learn.microsoft.com/en-us/windows/whats-new/whats-new-windows-10-version-1507-and-1511)
+* [Windows 10 Version 1511 gets new XTS-AES BitLocker encryption algorithm](https://www.onmsft.com/news/windows-10-version-1511-gets-new-xts-aes-bitlocker-encryption-algorithm/)
+* [What's new in BitLocker](https://learn.microsoft.com/en-us/windows/whats-new/whats-new-windows-10-version-1507-and-1511)
   Windows 10
 
 ## Tools
 
-- [dislocker](https://www.hsc.fr/securite-internet/)
-- [libbde](libbde.md)
-- [M3 Bitlocker Loader for Mac](https://www.m3datarecovery.com/mac-bitlocker/)
-- [M3 Bitlocker Recovery](https://www.m3datarecovery.com/bitlocker-recovery/bitlocker-data-recovery.html)
-- [Manage-bde.exe](http://technet.microsoft.com/en-us/library/dd875513(v=ws.10>).aspx)
+* [dislocker](https://www.hsc.fr/securite-internet/)
+* [libbde](libbde.md)
+* [M3 Bitlocker Loader for Mac](https://www.m3datarecovery.com/mac-bitlocker/)
+* [M3 Bitlocker Recovery](https://www.m3datarecovery.com/bitlocker-recovery/bitlocker-data-recovery.html)
+* [Manage-bde.exe](http://technet.microsoft.com/en-us/library/dd875513(v=ws.10>).aspx)
diff --git a/docs/cryptocloud.md b/docs/cryptocloud.md
deleted file mode 100644
index 15bc0e4de..000000000
--- a/docs/cryptocloud.md
+++ /dev/null
@@ -1,19 +0,0 @@
----
-tags:
-  -  Encryption
-  -  Network Encryption
-  -  Organization
----
-**Cryptocloud VPN** is a commercial, consumer-oriented
-[VPN](vpn.md) service provided by
-[Cryptocloud](cryptocloud.md). It uses a modified implementation
-of the OpenVPN toolset to provide TCP-and UDP-based VPN connectivity to
-customers worldwide. Cryptocloud has publicly stated that it does not
-keep user-detail logfiles of its customers' usage of its network
-[1](http://ww25.cryptocloud.com/privacypolicy.php?subid1=20230112-2011-50f7-855b-31255d59b9de).
-
-## External Links
-
-- [Official website](https://cryptocloud.net/)
-- [Affiliated discussion forum used by
-  Cryptocloud](http://www.cultureghost.org)
\ No newline at end of file
diff --git a/docs/data_mining.md b/docs/data_mining.md
index 6d7d35be6..02a708b80 100644
--- a/docs/data_mining.md
+++ b/docs/data_mining.md
@@ -1,23 +1,20 @@
 ---
 tags:
-  -  Tools
-  -  Articles that need to be expanded
+  - Articles that need to be expanded
+  - Tools
 ---
 Right now this is just a list of resources that will be useful for
 people doing forensic data mining and machine learning.
 
 ## Open Source Software
 
-- [Weka](https://www.cs.waikato.ac.nz/ml/weka/) data mining toolkit -
+* [Weka](https://www.cs.waikato.ac.nz/ml/weka/) data mining toolkit -
   java, has programmatic and GUI interface.
-- Ping He has created an [Open Source C4.5 implementation in
-  C](https://code.google.com/archive/p/fc45)
-- [Machine Learning Open Source Software](http://mloss.org) - a page
+* Ping He has created an [Open Source C4.5 implementation in C](https://code.google.com/archive/p/fc45)
+* [Machine Learning Open Source Software](https://mloss.org) - a page
   hosting many open source machine learning tools and libraries.
-- [Apache Mahout](https://mahout.apache.org//): goal is to "build
+* [Apache Mahout](https://mahout.apache.org//): goal is to "build
   scalable, Apache licensed machine learning libraries" (java). also
-  includes a focus on using [hadoop](http://hadoop.apache.org/core/).
-- The [Journal of Machine Learning](https://jmlr.csail.mit.edu/)
-  maintains an [archive of non-trivial machine learning algorithms,
-  toolboxes, and languages](https://jmlr.csail.mit.edu/mloss/).
-
+  includes a focus on using [hadoop](http://hadoop.apache.org/).
+* The [Journal of Machine Learning](https://jmlr.csail.mit.edu/)
+  maintains an [archive of non-trivial machine learning algorithms, toolboxes, and languages](https://jmlr.csail.mit.edu/mloss/).
diff --git a/docs/document_metadata_extraction.md b/docs/document_metadata_extraction.md
index c6c37a30b..cba5e64ac 100644
--- a/docs/document_metadata_extraction.md
+++ b/docs/document_metadata_extraction.md
@@ -16,7 +16,7 @@ documents. Besides, can extract plain texts (combining all texts from
 all XLS/XLSX/ODS pages and PPT/PPTX/ODP slides) and embedded objects.
 The tool can visualize pictures embedded in a document.
 
-[catdoc](http://www.45.free.net/~vitus/software/catdoc/)
+[catdoc](https://github.com/petewarden/catdoc)
 
 [laola](http://user.cs.tu-berlin.de/~schwartz/pmh/index.html)
 
diff --git a/docs/fat.md b/docs/fat.md
index 6151708f4..464fdc5c9 100644
--- a/docs/fat.md
+++ b/docs/fat.md
@@ -658,7 +658,6 @@ object.
 * <http://support.microsoft.com/kb/q154997/#XSLTH3126121123120121120120>
 * <http://www.dewassoc.com/kbase/hard_drives/boot_sector.htm>
 * <http://home.teleport.com/~brainy/fat32.htm>
-* <http://web.ukonline.co.uk/cook/fat32.htm>
 * <https://www.ntfs.com/index.html/fat-systems.htm>
 * <http://support.microsoft.com/kb/q140418>
 
diff --git a/docs/file_carving_smartcarving.md b/docs/file_carving_smartcarving.md
index 5f5234bba..2f4f2a1ec 100644
--- a/docs/file_carving_smartcarving.md
+++ b/docs/file_carving_smartcarving.md
@@ -8,7 +8,7 @@ fragmented files first proposed by A.  Pal, T. Sencar and N. Memon in DFRWS
 2008.
 
 The term **smart carving** was already proposed in 2006 in
-[Analysis of 2006 DFRWS forensic carving challenge - A smart carving approach](http://sandbox.dfrws.org/2006/mora/dfrws2006.pdf).
+[Analysis of 2006 DFRWS forensic carving challenge - A smart carving approach](https://github.com/libyal/documentation/blob/main/dfrws2006_carving_challenge.pdf).
 
 SmartCarving utilizes a combination of structure based validation along
 with validation of each file's unique content. Results for the
@@ -40,12 +40,12 @@ be done in parallel for many files.
 There are currently two commercial applications available that utilize
 SmartCarving, both produced by Digital Assembly:
 
-- [Adroit Photo Forensics](adroit_photo_forensics.md)
-- Adroit Photo Recovery
+* [Adroit Photo Forensics](adroit_photo_forensics.md)
+* Adroit Photo Recovery
 
 Further there is one open-source solution under development:
 
-- [Multimedia File Carver](https://github.com/rpoisel/mmc) -
+* [Multimedia File Carver](https://github.com/rpoisel/mmc) -
   Implementation that focuses on the recovery of fragmented movies and
   images (JPEG)
 
diff --git a/docs/forensic_corpora.md b/docs/forensic_corpora.md
index 14c79c611..7eb1b7508 100644
--- a/docs/forensic_corpora.md
+++ b/docs/forensic_corpora.md
@@ -132,7 +132,6 @@ The Storage Networking Industry Association has a set of network file
 system traces that can be downloaded from:
 
 - <http://iotta.snia.org/traces>
-- <http://tesla.hpl.hp.com/public_software/>
 
 ## Other
 
diff --git a/docs/forensic_live_cd_issues.md b/docs/forensic_live_cd_issues.md
index b11f4c1e7..f64a8a96f 100644
--- a/docs/forensic_live_cd_issues.md
+++ b/docs/forensic_live_cd_issues.md
@@ -152,18 +152,16 @@ searching for available block devices (*/dev/?d?* instead of
 
 ### Incorrect write blocking approach
 
-Some forensic Linux Live CD distributions rely on
-hdparm and blockdev programs
-to mount file systems in read-only mode (by setting the underlying block
-device to read-only mode). Unfortunately, setting a block device to
-read-only mode does not guarantee that [no write commands will be passed
-to the drive](http://oss.sgi.com/archives/xfs/2009-07/msg00213.html).
-There were several other bugs related to writing on a read-only block
-device in the past (like [Ext3/4 orphan inodes
-deletion](https://lkml.org/lkml/2007/2/6/1)). At present (Linux 3.14.2),
-kernel code still disregards read-only mode set on block devices in many
-places (it should be noted that setting a block device to read-only mode
-will efficiently write-protect the drive from programs running in
+Some forensic Linux Live CD distributions rely on hdparm and blockdev programs
+to mount file systems in read-only mode (by setting the underlying block device
+to read-only mode). Unfortunately, setting a block device to read-only mode does
+not guarantee that no write commands will be passed to the drive.
+
+There were several other bugs related to writing on a read-only block device in
+the past (like [Ext3/4 orphan inodes deletion](https://lkml.org/lkml/2007/2/6/1)).
+At present (Linux 3.14.2), kernel code still disregards read-only mode set on
+block devices in many places (it should be noted that setting a block device to
+read-only mode will efficiently write-protect the drive from programs running in
 userspace, while kernel and its modules still can write anything to the
 block device, regardless of the read-only mode).
 
@@ -189,6 +187,6 @@ almost the same, except it doesn't write block anything by default).
 
 ## External links
 
-- [Linux for computer forensic investigators: problems of booting trusted operating system](http://www.computer-forensics-lab.org/pdf/Linux_for_computer_forensic_investigators_2.pdf)
-- [Linux for computer forensic investigators: «pitfalls» of mounting file systems](http://www.computer-forensics-lab.org/pdf/Linux_for_computer_forensic_investigators.pdf)
-- [Testing the forensic soundness of forensic examination environments on bootable media](http://www.dfrws.org/2014/proceedings/DFRWS2014-3.pdf)
+* [Linux for computer forensic investigators: problems of booting trusted operating system](http://www.computer-forensics-lab.org/pdf/Linux_for_computer_forensic_investigators_2.pdf)
+* [Linux for computer forensic investigators: «pitfalls» of mounting file systems](http://www.computer-forensics-lab.org/pdf/Linux_for_computer_forensic_investigators.pdf)
+* [Testing the forensic soundness of forensic examination environments on bootable media](http://www.dfrws.org/2014/proceedings/DFRWS2014-3.pdf)
diff --git a/docs/full_disk_encryption.md b/docs/full_disk_encryption.md
index b7284e41c..880e4f971 100644
--- a/docs/full_disk_encryption.md
+++ b/docs/full_disk_encryption.md
@@ -1,8 +1,6 @@
 ---
 tags:
-  - Anti-Forensics
   - Disk Encryption
-  - Encryption
 ---
 **Full Disk Encryption** or **Whole Disk Encryption** is a phrase that
 was coined by Seagate to describe their encrypting
@@ -32,8 +30,7 @@ provides no software to utilize encrypted drive features (such as key
 management). There is a proprietary Windows-only API, but it is not
 available to the public.
 
-- [FIPS
-  140-2](https://www.seagate.com/de/de/)
+- [FIPS 140-2](https://www.seagate.com/de/de/)
   (Federal Information Processing Standard 140-2 certification issued by
   NIST)
 
@@ -218,7 +215,7 @@ Supports hidden volumes within TrueCrypt volumes (plausible deniability).
 
 <!-- -->
 
-[VeraCrypt](http://veracrypt.codeplex.com/)
+[VeraCrypt](https://www.veracrypt.fr/)
 Fork of [TrueCrypt](truecrypt.md) project. Support for for
 [Linux](linux.md), [Windows](windows.md), and
 [MacOS](mac_os_x.md).
diff --git a/docs/hiberfil.sys.md b/docs/hiberfil.sys.md
index b1ae8044b..d09ab8161 100644
--- a/docs/hiberfil.sys.md
+++ b/docs/hiberfil.sys.md
@@ -40,11 +40,8 @@ from the multiple levels of slack space within them.
 
 ## External Links
 
-* [Windows hibernation file for fun & profit](http://msuiche.net/con/bhusa2008/Windows_hibernation_file_for_fun_%27n%27_profit-0.6.pdf),
-  by Matthieu Suiche
-* [Microsoft Hibernation Files](https://code.google.com/archive/p/volatility/wikis/HiberAddressSpace.wiki), by
-  [the Volatility project](volatility_framework.md)
-* [Hibernation Recon](https://arsenalrecon.com/apps/hibernation-recon/)
+* [Microsoft Hibernation Files](https://code.google.com/archive/p/volatility/wikis/HiberAddressSpace.wiki),
+  by [the Volatility project](volatility_framework.md)
 * [Parsing hibernation slack space](https://diablohorn.com/2014/12/10/parsing-the-hiberfil-sys-searching-for-slack-space/)
 
 ### LZ XPRESS
diff --git a/docs/incident_response.md b/docs/incident_response.md
index 3e196c0a4..8641a29dd 100644
--- a/docs/incident_response.md
+++ b/docs/incident_response.md
@@ -79,7 +79,7 @@ victims can be easier if they stand out from the crowd.
 
 ### Product related
 
-* [Palantir: A Framework for Collaborative Incident Response and Investigation](http://middleware.internet2.edu/idtrust/2009/papers/05-khurana-palantir.pdf),
+* [Palantir: A Framework for Collaborative Incident Response and Investigation](https://www.researchgate.net/publication/221190732_Palantir_A_framework_for_collaborative_incident_response_and_investigation),
   Himanshu Khurana, Jim Basney, Mehedi Bakht, Mike Freemon, Von Welch,
   Randy Butler, April 2009
 
@@ -103,8 +103,6 @@ victims can be easier if they stand out from the crowd.
 
 ## Books
 
-There are several books available that discuss incident response. For
-[Windows](windows.md), *[Windows Forensics and Incident
-Recovery](https://www.windows-ir.com/)* by [Harlan
-Carvey](harlan_carvey.md) is an excellent introduction to
-possible scenarios and how to respond to them.
+There are several books available that discuss incident response. For [Windows](windows.md),
+*[Windows Forensics and Incident Recovery](https://www.windows-ir.com/)* by [Harlan Carvey](harlan_carvey.md)
+is an introduction to possible scenarios and how to respond to them.
diff --git a/docs/internships.md b/docs/internships.md
index c21beea12..3f6b340f2 100644
--- a/docs/internships.md
+++ b/docs/internships.md
@@ -1,17 +1,15 @@
 ---
 tags:
-  - No Category
+  - Articles that need to be expanded
 ---
 This page describes internship opportunities in the field of computer
 forensics. Please feel free to add your own.
 
 ## United States
 
-- <http://people.rit.edu/gtfsbi/forensics/internships.htm> has a load of
-  internships although all are not stipend paying
 - Internet Crimes Against Children. ICAC has offices in almost every
   state.
 - Check with companies that do computer forensics. Examples include
   [ManTech](mantech.md), Kroll, and Pinkerton.
 - Explore the Scholarship for Service and Scholarship for Work programs
-  offered by the US Government.
\ No newline at end of file
+  offered by the US Government.
diff --git a/docs/java.md b/docs/java.md
index d14e99730..0549903d6 100644
--- a/docs/java.md
+++ b/docs/java.md
@@ -183,7 +183,6 @@ other) information.
 
 - [Tracing and Logging](https://docs.oracle.com/javase/6/docs/technotes/guides/deployment/deployment-guide/tracing_logging.html),
   by Oracle
-- [Java Forensics using TLN Timelines](http://sploited.blogspot.com/2012/08/java-forensics-using-tln-timelines.html)
 - [Almost Cooked UP Some Java](http://journeyintoir.blogspot.com/2011/02/almost-cooked-up-some-java.html)
 - [Finding Initial Infection Vector](http://journeyintoir.blogspot.com/2011/11/finding-initial-infection-vector.html)
 - [Java IDX Format Specification](https://github.com/woanware/javaidx/blob/master/Documents/Java.IDX.Format.pdf),
diff --git a/docs/jump_lists.md b/docs/jump_lists.md
index 56ea7627b..0b3627bc0 100644
--- a/docs/jump_lists.md
+++ b/docs/jump_lists.md
@@ -1,6 +1,6 @@
 ---
 tags:
-  -  Windows
+  - Windows
 ---
 **Jump Lists** are a feature found in Windows 7.
 
@@ -27,9 +27,8 @@ Files: \*.automaticDestinations-ms
 
 #### Structure
 
-The AutomaticDestinations Jump List files are [OLE Compound
-Files](ole_compound_file.md) containing multiple streams of
-which:
+The AutomaticDestinations Jump List files are [OLE Compound Files](ole_compound_file.md)
+containing multiple streams of which:
 
 * hexadecimal numbered, e.g. "1a"
 * DestList
@@ -49,7 +48,7 @@ following information at the corresponding offsets:
 |--------|----------|-----------------------------------------------------------------------------------------------------------------|
 | 0x48   | 16 bytes | NetBIOS name of the system; padded with zeros to 16 bytes                                                       |
 | 0x58   | 8 bytes  | Stream number; corresponds to the numbered stream within the jump list                                          |
-| 0x64   | 8 bytes  | Last modification time, contains a [FILETIME](http://msdn2.microsoft.com/en-us/library/ms724284.aspx) structure |
+| 0x64   | 8 bytes  | Last modification time, contains a [FILETIME](https://learn.microsoft.com/en-us/windows/win32/api/minwinbase/ns-minwinbase-filetime) structure |
 | 0x70   | 2 bytes  | Path string size, the number of characters (UTF-16 words) of the path string                                    |
 | 0x72   | ...      | Path string                                                                                                     |
 |        |          |                                                                                                                 |
@@ -111,8 +110,6 @@ binary format segments.
 * [Woanware: JumpLister](https://github.com/woanware). Tool to view
   the information within the numbered streams of each autodest file.
 * [plaso](plaso.md)
-* [JumpList](https://github.com/EricZimmerman/JumpList). Parser written
-  in C# with support thru Windows 10 jump lists
-* [JLECmd](https://github.com/EricZimmerman/JLECmd). Command line tool
-  using the above parser
-
+* [JLECmd](https://github.com/EricZimmerman/JLECmd). Command line tool using the
+  [JumpList](https://github.com/EricZimmerman/JumpList), a parser written in C#
+  with support thru Windows 10 jump lists.
diff --git a/docs/libdnet.md b/docs/libdnet.md
index d858b3803..c5c95f951 100644
--- a/docs/libdnet.md
+++ b/docs/libdnet.md
@@ -46,7 +46,7 @@ tags:
 - [dnet.rb](http://www.shmoo.com/~bmc/software/ruby/ruby-dnet/) - Ruby
   interface to libdnet
 - [libpcap](https://www.tcpdump.org/) - portable packet capture library
-- [winpcap](http://winpcap.polito.it/) - libpcap for Windows
+- [winpcap](https://www.winpcap.org/) - libpcap for Windows
 - [pypcap](https://github.com/dugsong/pypcap) - libpcap Python module
 - [dpkt](https://github.com/kbandla/dpkt) - fast, simple packet
   creation and parsing in Python
@@ -63,4 +63,4 @@ tags:
 
 All information on this page can be found at
 [libdnet.sourceforge.net](https://libdnet.sourceforge.net/) and is
-credited to Dug Song - dugsong+libdnet@monkey.org
\ No newline at end of file
+credited to Dug Song - dugsong+libdnet@monkey.org
diff --git a/docs/linux_logical_volume_manager_(lvm).md b/docs/linux_logical_volume_manager_(lvm).md
index b2c8fc9e3..2b44eeb96 100644
--- a/docs/linux_logical_volume_manager_(lvm).md
+++ b/docs/linux_logical_volume_manager_(lvm).md
@@ -108,8 +108,6 @@ To read-only loop-back mount an individual volume:
   by RedHat
 * [Unix/Linux Administration Logical Volume Management Guide](https://wpollock.com/AUnix1/LVM.htm),
   by Wayne Pollock, 2005
-* [LVM2 – data recovery](http://lvb.sti.fce.vutbr.cz/public/LinuxAlt_2009/2009_11_08_LA_04_LVM/2009_11_08_LA_04_LVM.pdf),
-  by Milan Brož, LinuxAlt 2009
 * [Logical Volume Manager ‐ Software RAID](http://forensic-proof.com/wp-content/uploads/2010/03/FP_Logical_Volume_Manager.pdf),
   by Proneer, March 30, 2010
 
diff --git a/docs/logfile_analysis.md b/docs/logfile_analysis.md
index 56eeacc58..16605562d 100644
--- a/docs/logfile_analysis.md
+++ b/docs/logfile_analysis.md
@@ -8,18 +8,18 @@ of the operating system, certain applications, etc.
 Log files come in various formats, in general these formats can be
 divided in the following categories:
 
-- Binary formats
-- Text-based formats
-- in-database
+* Binary formats
+* Text-based formats
+* in-database
 
 ## Binary formats
 
-- [Windows Event Log (evt)](windows_event_log_(evt).md)
-- [Windows XML Event Log (evtx)](windows_xml_event_log_(evtx).md)
+* [Windows Event Log (evt)](windows_event_log_(evt).md)
+* [Windows XML Event Log (evtx)](windows_xml_event_log_(evtx).md)
 
 ## Text-based formats
 
-- [Apache HTTP Server access log format](http://httpd.apache.org/docs/1.3/logs.html#accesslog)
+* [Apache HTTP Server access log format](https://httpd.apache.org/docs/2.4/logs.html#accesslog)
 
 ## Tools
 
@@ -59,7 +59,7 @@ streaming, ftp or mail server statistics, graphically."*
 
 Java reporting tool.
 
-[Open Web Analytics](http://wiki.openwebanalytics.com/index.php?title=Main_Page)
+[Open Web Analytics](https://www.openwebanalytics.com/)
 
 *"An open source web analytics framework written in PHP."*
 
diff --git a/docs/memory_imaging.md b/docs/memory_imaging.md
index 39e23c35d..e2d9eabb0 100644
--- a/docs/memory_imaging.md
+++ b/docs/memory_imaging.md
@@ -52,18 +52,18 @@ physical address range to non-paged system space.
 
 ## Memory Imaging Techniques
 
-Crash Dumps
+### Crash Dumps
 When configured to create a full memory dump,
 [Windows](windows.md) operating systems will automatically save
 an image of physical memory when a bugcheck (aka blue screen or kernel
 panic) occurs.
 
-LiveKd Dumps
+### LiveKd Dumps
 The Sysinternals tool LiveKd can be used to create an image of physical memory
 on a live machine in crash dump format. Once livekd is started, use the command
 ".dump -f \[output file\]"
 
-Hibernation Files
+### Hibernation Files
 [Windows](windows.md) 98, 2000, XP, 2003, and Vista support a
 feature called hibernation that saves the
 machine's state to the disk when the computer is powered off. When the
@@ -83,7 +83,7 @@ turns on [File Vault](file_vault.md) and enables Secure Virtual
 Memory.
 [1](http://pc-eye.blogspot.com/2008/08/live-memory-dump-on-mac-laptops.html).
 
-Firewire
+### Firewire
 It is possible for [Firewire](firewire.md) or IEEE1394 devices
 to directly access the memory of a computer. Using this capability has
 been suggested as a method for acquiring memory images for forensic
@@ -103,10 +103,10 @@ This can be used to grab screen contents.
 
 This technique has been turned into a tool.
 
-The [Goldfish](http://digitalfire.ucd.ie/?page_id=430) tool automates
-this exploit for investigators needing to analyze the memory of a Mac.
+The Goldfish tool automates this exploit for investigators needing to analyze
+the memory of a Mac.
 
-Cold and Warm reboots
+### Cold and Warm reboots
 Typical RAM-modules retain memory during reboots as long as power is
 provided. The modules typically support a self-refresh. Whether the data
 is retained depend on BIOS-es that do or do not clear the RAM during
@@ -126,7 +126,7 @@ without power. Opinions on how practical cold boot is are discussed in
 "[On the Practicability of Cold Boot
 Attacks](https://faui1-files.cs.fau.de/filepool/projects/coldboot/fares_coldboot.pdf)".
 
-Virtual Machine Imaging
+### Virtual Machine Imaging
 There are numerous popular virtual machines that are in wide use such as
 xen, qemu or vmware. If the memory image is for a machine running in
 this kind of virtual environment, there are usually two methods for
diff --git a/docs/mounting_disk_images.md b/docs/mounting_disk_images.md
index efd353c52..16071a348 100644
--- a/docs/mounting_disk_images.md
+++ b/docs/mounting_disk_images.md
@@ -79,10 +79,6 @@ Don't forget the switch ***-o ro*** !
 
 `# umount /mnt`
 
-## Mounting Images Using Alternate Superblocks
-
-- [Mounting Images Using Alternate Superblocks](http://sansforensics.wordpress.com/2008/12/18/mounting-images-using-alternate-superblocks/)
-
 # Windows
 
 MS Windows does not include a native means for mounting acquired images.
diff --git a/docs/netfse.md b/docs/netfse.md
index 8bec904f9..eef33dfde 100644
--- a/docs/netfse.md
+++ b/docs/netfse.md
@@ -1,6 +1,7 @@
 ---
 tags:
-  -  Network Forensics
+  - Abandoned
+  - Network Forensics
 ---
 # Net/FSE: Network Forensic Search Engine
 
@@ -26,12 +27,10 @@ capabilities with minimal coding.
 
 # Project Status
 
-In June 2009 version 0.2 of the open source Net/FSE was released at
-[NetFSE.org](http://www.netfse.org). The 0.3 release is in the works and
-will be available in August 2010. NetFSE.org is the user community and
-information center for Net/FSE users.
+In June 2009 version 0.2 of the open source Net/FSE was initially published on
+NetFSE.org. The 0.3 release was targeted for August 2010. The project appears
+to have been abandoned.
 
 ## External Links
 
-- [Project site](https://code.google.com/archive/p/netfse)
-
+* [Project site](https://code.google.com/archive/p/netfse)
diff --git a/docs/network_forensics.md b/docs/network_forensics.md
index 16a6c097d..a77d00324 100644
--- a/docs/network_forensics.md
+++ b/docs/network_forensics.md
@@ -41,9 +41,6 @@ available.
 
 - [Wireless forensics](wireless_forensics.md)
 - [SSL forensics](ssl_forensics.md)
-
-<!-- -->
-
 - [IP geolocation](ip_geolocation.md)
 - [Tools: Network Forensics](tools_network_forensics.md)
 - [Tools: Logfile Analysis](logfile_analysis.md#tools)
@@ -67,21 +64,17 @@ available.
 - [KisMAC](kismac.md) is a free, open source wireless stumbling
   and security tool for Mac OS X.
 - [Kismet](kismet.md)
-- [logstash](http://logstash.net/) is a tool for managing events and
+- [logstash](https://www.elastic.co/logstash) is a tool for managing events and
   logs. You can use it to collect logs, parse them, and store them for
   later use (like, for searching). Speaking of searching, logstash comes
   with a web interface for searching and drilling into all of your logs.
-
-<!-- -->
-
 - [log2Timeline](log2timeline.md) a framework for automatic
   creation of a super timeline. The main purpose is to provide a single
   tool to parse various log files and artifacts found on suspect systems
   (and supporting systems, such as network equipment) and produce a
   timeline that can be analysed by forensic investigators/analysts.
-- [NetFSE](netfse.md) is a web-based search and analysis
-  application for high-volume network data [available at
-  NetFSE.org](http://www.netfse.org)
+- [NetFSE](netfse.md) is a web-based search and analysis application for
+   high-volume network data.
 - [NetSleuth](http://www.netgrab.co.uk) is a live and retrospective
   network analysis and triage tool.
 - [ntop](ntop.md)
@@ -94,9 +87,6 @@ available.
   things, is a Python-based engine used by several tools for automatic creation
   of timelines. Plaso default behavior is to create super timelines but it also
   supports creating more targeted timelines.
-
-<!-- -->
-
 - [RegRipper](regripper.md) is an open source tool, written in
   Perl, for extracting/parsing information (keys, values, data) from the
   Registry and presenting it for analysis
diff --git a/docs/pdf.md b/docs/pdf.md
index 8f0f5db00..89b6b6116 100644
--- a/docs/pdf.md
+++ b/docs/pdf.md
@@ -58,12 +58,12 @@ each in its own file.
 Several related standards exist that contain subsets or supersets of the
 PDF standard features. These standards include
 
-- PDF/A a simpler set of features for archiving documents, allowing for
+* PDF/A a simpler set of features for archiving documents, allowing for
   long-term reproducibility. Some scanning software saves documents in
   PDF/A by default.
-- PDF/X for graphic arts.
-- PDF/UA for universal accessibility.
-- PDF/E for engineering drawings.
+* PDF/X for graphic arts.
+* PDF/UA for universal accessibility.
+* PDF/E for engineering drawings.
 
 ## PDF Software
 
@@ -89,8 +89,6 @@ and carving documents, including PDF files. The product can show PDF
 preview, plain text, metadata and extract embedded objects (including
 batch extraction from all found PDF files).
 
-<!-- -->
-
 JEB2 PDF Analysis Plugin
 <https://www.pnfsoftware.com/jeb2/pdfplugin>
 
@@ -101,16 +99,12 @@ Strong parsing for malicious files. Reports notifications on
 malformations and anomalies. API can also be used for tool/scanner
 integration.
 
-<!-- -->
-
 Origami
 <http://security-labs.org/origami/>
 
 A powerful open source framework and GUI written in Ruby. It allows for
 parsing and exploring pdf files and graphically browsing its contents.
 
-<!-- -->
-
 PDF Tools
 <https://blog.didierstevens.com/programs/pdf-tools/>
 
@@ -118,24 +112,18 @@ Didier Stevens'
 [pdf-parse](https://blog.didierstevens.com/2008/10/30/pdf-parserpy/) and
 pdfid, written in Python
 
-<!-- -->
-
 PDF Stream Dumper
 <http://sandsprite.com/blogs/index.php?uid=7&pid=57>
 
 Free tool for the analysis of malicious PDF documents by David Zimmer.
 ([GitHub](https://github.com/dzzie/pdfstreamdumper))
 
-<!-- -->
-
 pdfresurrect
 <http://www.757labs.com/projects/pdfresurrect/#downloads>
 
 Retrieves previous versions of PDF files that have changes appended with
 "incremental updates"
 
-<!-- -->
-
 PDFMiner
 <https://www.unixuser.org/~euske/python/pdfminer/index.html>
 
@@ -144,8 +132,6 @@ PDFMiner
 Includes **pdf2txt.py** command-line tool for extracting text from PDF
 files, and **dumppdf.py** for dumping PDF objects.
 
-<!-- -->
-
 pyPdf
 <https://pybrary.net/pyPdf/>
 
@@ -153,40 +139,29 @@ pyPdf
 
 Will encrypt and decrypt PDF files.
 
-<!-- -->
-
-QPDF
-<https://sourceforge.net/projects/qpdf/>
+[QPDF](https://sourceforge.net/projects/qpdf/)
 
 Open source, cross-platform library and set of programs to inspect and
 manipulate PDF files. Packaged in recent Debian based distributions.
 
 These tools are useful for manipulating and generating PDF files:
 
-ReportLab Open Source PDF Library
-<https://docs.reportlab.com/>
+[ReportLab](https://docs.reportlab.com/) Open Source PDF Library
 
 "our proven, industry-strength PDF generating software. Programmatically
 create any kind of PDF document"
 
 # See Also
 
-- [Arabic PDFs](arabic_pdfs.md)
-- [Document Metadata Extraction](document_metadata_extraction.md)
+* [Arabic PDFs](arabic_pdfs.md)
+* [Document Metadata Extraction](document_metadata_extraction.md)
 
 ## External Links
 
-- [Adobe PDF
-  Reference](http://partners.adobe.com/public/developer/pdf/index_reference.html)
-- [Wikipedia: PDF](https://en.wikipedia.org/wiki/PDF)
-- [Portable Document Format: An Introduction for
-  Programmers](http://www.mactech.com/articles/mactech/Vol.15/15.09/PDFIntro/),
+* [Adobe PDF Reference 1.7](https://opensource.adobe.com/dc-acrobat-sdk-docs/pdfstandards/pdfreference1.7old.pdf)
+* [Wikipedia: PDF](https://en.wikipedia.org/wiki/PDF)
+* [Portable Document Format: An Introduction for Programmers](http://www.mactech.com/articles/mactech/Vol.15/15.09/PDFIntro/),
   MacTech Magazine, Volume 15, (1999), Issue 9
-- [ISO
-  Standard](https://www.iso.org/standard/51502.html)
-- [Patent
-  Licenses](http://partners.adobe.com/public/developer/support/topic_legal_notices.html)
-- [Quickpost: About the Physical and Logical Structure of PDF
-  Files](https://blog.didierstevens.com/2008/04/09/quickpost-about-the-physical-and-logical-structure-of-pdf-files/),
+* [ISO Standard](https://www.iso.org/standard/51502.html)
+* [Quickpost: About the Physical and Logical Structure of PDF Files](https://blog.didierstevens.com/2008/04/09/quickpost-about-the-physical-and-logical-structure-of-pdf-files/),
   by Didier Stevens, April 9, 2008
-
diff --git a/docs/sanitization_standards.md b/docs/sanitization_standards.md
index b17af59a4..8b095ff0e 100644
--- a/docs/sanitization_standards.md
+++ b/docs/sanitization_standards.md
@@ -39,7 +39,7 @@ regarding the disk sanitization problem:
 - [DoD Destruction](http://simson.net/ref/2001/ASD_HD_Disposition_memo060401.pdf):
   Disposition of Unclassified DoD Computer Hard Drives, Assistant
   Secretary of Defence, June 4, 2001.
-- [DoD 5200.28-STD](http://security.isu.edu/pdf/d520028.pdf):
+- [DoD 5200.28-STD](https://irp.fas.org/nsa/rainbow/std001.htm):
   Department of Defence Trusted Computer System Evaluation Criteria,
   December 26, 1985.
 - [DoD 5220.22-M](http://simson.net/ref/2001/DoD_5220.22-M.pdf):
diff --git a/docs/sim_card_forensics.md b/docs/sim_card_forensics.md
index 0f10b9213..e718bcda9 100644
--- a/docs/sim_card_forensics.md
+++ b/docs/sim_card_forensics.md
@@ -68,7 +68,6 @@ External Links
 * [Forensic Card Reader (FCR) - German](http://www.becker-partner.de/index.php?id=17)
 * [SIM Manager](http://www.txsystems.com/sim-manager.html)
 * [SIMQuery](http://vidstrom.net/otools/simquery/)
-* [SimScan](http://users.net.yu/~dejan/)
 * [SIMSpy](http://www.nobbi.com/download.htm)
 * [UnDeleteSMS](https://vidstromlabs.com/freetools/undeletesms/)
 * [Forensic SIM Card Reader](http://www.bkforensics.com/FCR.html)
diff --git a/docs/spada.md b/docs/spada.md
index 4af60777f..9000a8095 100644
--- a/docs/spada.md
+++ b/docs/spada.md
@@ -1,23 +1,16 @@
 ---
 tags:
-  -  Deprecated
-  -  Linux
-  -  Tools
-  -  Live CD
-  -  Open Source Software
+  - Abandoned
+  - Live CD
 ---
-**SPADA**, or System Preview And Data Acquisition, is a forensic [Live
-CD](live_cd.md) base on [Knoppix](knoppix.md).
+**SPADA**, or System Preview And Data Acquisition, is a forensic [Live CD](live_cd.md)
+based on [Knoppix](knoppix.md).
 
 ## Forensic Issues
 
-- SPADA will automount file systems during the hardware detection
-  process and recover some of them if required.
+SPADA will automount file systems during the hardware detection process and
+recover some of them if required.
 
 ## History
 
-The development on SPADA stopped, the last release was in September 2010
-
-## External Links
-
-- [Project site](http://spada-cd.info/)
\ No newline at end of file
+The development on SPADA stopped, the last release was in September 2010.
diff --git a/docs/unlock_codes.md b/docs/unlock_codes.md
deleted file mode 100644
index 2c6318f0a..000000000
--- a/docs/unlock_codes.md
+++ /dev/null
@@ -1,8 +0,0 @@
----
-tags:
-  -  Articles that need to be expanded
----
-## See Also
-
-- <http://nfader.z-host.ru/> --- Claims to generate unlock codes for
-  Nokia phones based on IMEI
\ No newline at end of file
diff --git a/docs/virtual_hard_disk_(vhd).md b/docs/virtual_hard_disk_(vhd).md
index a90284c09..22f68ca8b 100644
--- a/docs/virtual_hard_disk_(vhd).md
+++ b/docs/virtual_hard_disk_(vhd).md
@@ -1,20 +1,20 @@
 ---
 tags:
-  - File Formats
-  - Virtual Disk
-  - Disk Analysis
   - Articles that need to be expanded
-  - Windows
+  - Disk Analysis
+  - File Formats
   - Linux
   - MacOS
+  - Virtual Disk
+  - Windows
 ---
 The Virtual Hard Disk (VHD) commonly uses the .vhd extension.
 
 This format is used to store virtual disk images by:
 
-- Microsoft Virtual PC
-- Microsoft Virtual Server
-- Microsoft Hyper-V Server
+* Microsoft Virtual PC
+* Microsoft Virtual Server
+* Microsoft Hyper-V Server
 
 VHD support is also integrated into [Windows](windows.md) (at
 least in Windows 7) where "Disk Management" (part of "Computer
@@ -25,10 +25,10 @@ files.
 
 There are multiple types of Virtual Hard Disk (VHD) images:
 
-- Fixed-size hard disk image; the image contains all data
-- Dynamic-size (or sparse) hard disk image; the image contains used data
+* Fixed-size hard disk image; the image contains all data
+* Dynamic-size (or sparse) hard disk image; the image contains used data
   only
-- Differential (or differencing, or delta) hard disk image; the image
+* Differential (or differencing, or delta) hard disk image; the image
   contains changes relative to its parent image
 
 ## Snapshots
@@ -43,30 +43,30 @@ differential images of the previous snapshot.
 
 ## See Also
 
-- [Disk Images](disk_images.md)
-- [Windows](windows.md)
+* [Disk Images](disk_images.md)
+* [Windows](windows.md)
 
 ## External Links
 
-- [VHD (file format)](https://en.wikipedia.org/wiki/VHD_(file_format)),
+* [VHD (file format)](https://en.wikipedia.org/wiki/VHD_(file_format)),
   by Wikipedia
-- [Virtual Hard Disk Image Format Specification](https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/mt169373(v=ws.11)),
+* [Virtual Hard Disk Image Format Specification](https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/mt169373(v=ws.11)),
   by Microsoft, October 2006
-- [Overview of VHD & VHDX Virtual Hard Drive](https://www.bitrecover.com/blog/what-is-virtual-hard-disk/) An
+* [Overview of VHD & VHDX Virtual Hard Drive](https://www.bitrecover.com/blog/what-is-virtual-hard-disk/) An
   overview of virtual hard drive image files
-- [Virtual Hard Disk (VHD) image format](https://github.com/libyal/libvhdi/blob/main/documentation/Virtual%20Hard%20Disk%20(VHD)%20image%20format.asciidoc),
+* [Virtual Hard Disk (VHD) image format](https://github.com/libyal/libvhdi/blob/main/documentation/Virtual%20Hard%20Disk%20(VHD)%20image%20format.asciidoc),
   by the [libvhdi project](libvhdi.md), September 2012
 
 ### Snapshots
 
-- [Hyper-V Concepts - Snapshots](http://social.technet.microsoft.com/wiki/contents/articles/670.hyper-v-concepts-snapshots.aspx)
-- [Hyper-V SnapShot Files – AVHD and VHD? What The ?](http://survey-smiles.com)
-- [Manually Merge .avhd to .vhd in Hyper-V](http://social.technet.microsoft.com/wiki/contents/articles/6257.manually-merge-avhd-to-vhd-in-hyper-v.aspx)
+* [Hyper-V Concepts - Snapshots](https://social.technet.microsoft.com/wiki/contents/articles/670.hyper-v-concepts-snapshots.aspx)
+* [Hyper-V SnapShot Files – AVHD and VHD? What The ?](http://survey-smiles.com)
+* [Manually Merge .avhd to .vhd in Hyper-V](https://social.technet.microsoft.com/wiki/contents/articles/6257.manually-merge-avhd-to-vhd-in-hyper-v.aspx)
 
 ## Tools
 
-- [libvhdi](libvhdi.md)
-- [VHD Data Recovery](https://www.bitrecover.com/vhd-recovery-software/)
+* [libvhdi](libvhdi.md)
+* [VHD Data Recovery](https://www.bitrecover.com/vhd-recovery-software/)
   Help you recover & extract your files from a corrupt or damaged .vhd /
   .vhdx files. Supports Microsoft Hyper-V, Microsoft Virtual PC,
   Microsoft Virtual Server virtual machine drive images.
diff --git a/docs/windows_8.md b/docs/windows_8.md
index d1271414a..7d99b3a24 100644
--- a/docs/windows_8.md
+++ b/docs/windows_8.md
@@ -9,18 +9,17 @@ edition became Windows Server 2012.
 
 The following new features were introduced in Windows 8:
 
-- [File History](windows_file_history.md)
-- [Storage Spaces](windows_storage_spaces.md)
-- Search Charm History
+* [File History](windows_file_history.md)
+* [Storage Spaces](windows_storage_spaces.md)
+* Search Charm History
 
 ## File System
 
 The file system used by Windows 8 is primarily [NTFS](ntfs.md).
 
-The [Resilient File System
-(refs)](resilient_file_system_(refs).md) was initially available
-in the Windows 8 server edition but became part of Windows 2012 server
-edition.
+The [Resilient File System (refs)](resilient_file_system_(refs).md) was
+initially available in the Windows 8 server edition but became part of
+Windows 2012 server edition.
 
 ## Jump Lists
 
@@ -51,27 +50,27 @@ A common location for Amcache.hve is:
 
 ## See Also
 
-- [Windows](windows.md)
-- [Windows Vista](windows_vista.md)
-- [Windows 7](windows_7.md)
+* [Windows](windows.md)
+* [Windows Vista](windows_vista.md)
+* [Windows 7](windows_7.md)
 
 ## External Links
 
-- [Features new to Windows 8](https://en.wikipedia.org/wiki/Features_new_to_Windows_8), Wikipedia
-- [Windows 8 Registry Forensics](https://www.dataforensics.org/windows-8-file-history-forensics/)
-- [Windows 8 Forensic Guide](http://propellerheadforensics.files.wordpress.com/2012/05/thomson_windows-8-forensic-guide2.pdf),
+* [Features new to Windows 8](https://en.wikipedia.org/wiki/Features_new_to_Windows_8), Wikipedia
+* [Windows 8 Registry Forensics](https://www.dataforensics.org/windows-8-file-history-forensics/)
+* [Windows 8 Forensic Guide](https://elhacker.info/manuales/An%C3%A1lisis%20forense/thomson_windows-8-forensic-guide2.pdf),
   by Amanda C. F. Thomson, 2012
-- [Forensic Focus: Windows 8 Forensics - A First Look](https://forensicfocus.com/Forums/viewtopic/t=9604/),
+* [Forensic Focus: Windows 8 Forensics - A First Look](https://forensicfocus.com/Forums/viewtopic/t=9604/),
   [Presentation](https://www.youtube.com/watch?v=uhCooEz9FQshttp://www.youtube.com/watch?v=uhCooEz9FQs&feature=youtu.befeature=youtu.be),
   [Slides](https://forensicfocus.com/downloads/windows-8-forensics-josh-brunty.pdf),
   by Josh Brunty, August 2012
-- [Windows 8: Tracking Opened Photos](https://dfstream.blogspot.com/2013/03/windows-8-tracking-opened-photos.html),
+* [Windows 8: Tracking Opened Photos](https://dfstream.blogspot.com/2013/03/windows-8-tracking-opened-photos.html),
   by Jason Hale, March 8, 2013
-- [Windows 8 and 8.1: Search Charm History](https://dfstream.blogspot.com/2013/09/windows-8-and-81-search-charm-history.html),
+* [Windows 8 and 8.1: Search Charm History](https://dfstream.blogspot.com/2013/09/windows-8-and-81-search-charm-history.html),
   by Jason Hale, September 9, 2013
-- [Amcache.hve in Windows 8 - Goldmine for malware hunters](http://www.swiftforensics.com/2013/12/amcachehve-in-windows-8-goldmine-for.html),
+* [Amcache.hve in Windows 8 - Goldmine for malware hunters](http://www.swiftforensics.com/2013/12/amcachehve-in-windows-8-goldmine-for.html),
   by Yogesh Khatri, December 4, 2013
-- [Amcache.hve - Part 2](http://www.swiftforensics.com/2013/12/amcachehve-part-2.html), by
+* [Amcache.hve - Part 2](http://www.swiftforensics.com/2013/12/amcachehve-part-2.html), by
   Yogesh Khatri, December 16, 2013
-- [SRUM forensics](https://files.sans.org/summit/Digital_Forensics_and_Incident_Response_Summit_2015/PDFs/Windows8SRUMForensicsYogeshKhatri.pdf),
+* [SRUM forensics](https://files.sans.org/summit/Digital_Forensics_and_Incident_Response_Summit_2015/PDFs/Windows8SRUMForensicsYogeshKhatri.pdf),
   by Yogesh Khatri