Removed dead references (#200)

docs/amcache.md

@@ -1,33 +1,24 @@
 ---
 tags:
-  -  File Formats
-  -  Database
-  -  Windows
-  -  Articles that need to be expanded
+  - Articles that need to be expanded
+  - File Formats
+  - Windows
 ---
-The AMCache stores metadata about program installation and
-execution on Windows.
+The AMCache stores metadata about program installation and execution on Windows.
 
 It can be found on Windows 7 and Server 2008 R2 and later.
 
-The AMCache is stored in the [Windows NT Registry File
-(regf)](windows_nt_registry_file_(regf).md) format in a file
-named AMCache.hve.
+The AMCache is stored in the [Windows NT Registry File (regf)](windows_nt_registry_file_(regf).md)
+format in a file named AMCache.hve.
 
 ## See Also
 
-- [Windows Application
-  Compatibility](windows_application_compatibility.md)
-- [Amcache.hve in Windows 8 - Goldmine for malware
-  hunters](http://www.swiftforensics.com/2013/12/amcachehve-in-windows-8-goldmine-for.html),
+- [Windows Application Compatibility](windows_application_compatibility.md)
+- [Amcache.hve in Windows 8 - Goldmine for malware hunters](https://www.swiftforensics.com/2013/12/amcachehve-in-windows-8-goldmine-for.html),
   by Yogesh Khatri, December 2013
-- [Amcache on Windows
-  7](http://www.swiftforensics.com/2016/05/amcache-on-windows-7.html),
+- [Amcache on Windows 7](https://www.swiftforensics.com/2016/05/amcache-on-windows-7.html),
   by Yogesh Khatri, May 2016
-- [Examples of
-  amcache.py](https://gist.github.com/williballenthin/ee512eacb672320f2df5),
+- [Examples of amcache.py](https://gist.github.com/williballenthin/ee512eacb672320f2df5),
   by Willi Ballenthin
-- [Analysis of the
-  AMCache](https://www.ssi.gouv.fr/uploads/2019/01/anssi-coriin_2019-analysis_amcache.pdf),
+- [Analysis of the AMCache](https://www.ssi.gouv.fr/uploads/2019/01/anssi-coriin_2019-analysis_amcache.pdf),
   by Blanche Lagny, July 2019
-

docs/apple_iphone.md

@@ -27,7 +27,6 @@ Store does not allow in any application it distributes).
 - [Elcomsoft Mobile Forensic Bundle](https://www.elcomsoft.com/emfb.html) performs physical,
   logical and over-the-air acquisition.
 - EnCase Neutrino
-- [FTS iXAM](http://www.ixam-forensics.com/)
 - Internet Evidence Finder by Magnet Forensics
 - iPhone Analyzer
 - [iphone-dataprotection](https://code.google.com/archive/p/iphone-dataprotection);

docs/bibliography.md

@@ -38,7 +38,7 @@ tags:
 
 - [Retrieving Digital Evidence: Methods, Techniques and Issues](https://belkasoft.com/retrieving-digital-evidence-methods-techniques-and-issues),
   by Yuri Gubanov, 2012
-- [Byteprints: A Tool to Gather Digital Evidence](http://utdallas.edu/~sxs018540/index/docs/byteprints_itcc05.pdf),
+- [Byteprints: A Tool to Gather Digital Evidence](https://ieeexplore.ieee.org/document/1428548),
   Sriranjani Sitaraman, Srinivasan Krishnamurthy and S. Venkatesan,
   Proceedings of the International Conference on Information Technology
   (ITCC 2005), Las Vegas, Nevada, USA, April 4 - 6, 2005

docs/blogs.md

@@ -169,10 +169,6 @@ like: blogs, fora, tweets, tools and challenges (and test images).
 
 # Related blogs
 
-- [Emergent Chaos](http://www.emergentchaos.com/),
-  by Adam Shostack
-- [Inventor of NORA discusses privacy and all things digital](https://jeffjonas.typepad.com/),
-  by Jeff Jonas
 - [Digital Forensics, Coffee, Benevolent Hacking](https://outlookpurple.blogspot.com/),
   by [Golden G. Richard III](golden_g_richard_iii.md)
 

docs/body_file.md

@@ -82,7 +82,7 @@ Known shortcomings with body file format are:
 ### HFS+ and HFSX
 
 * On HFS+ and HFSX the `/` character in a file name will be replaced by `:`, which
-  corresponds with the behavior of Mac OS Terminal. Also see [here](https://github.com/sleuthkit/sleuthkit/blob/3d16b8bc293ba13a5674fe9ce6a35f867ccc945d/tsk/fs/hfs_dent.c#L110).
+  corresponds with the behavior of Mac OS Terminal. Also see [here](https://github.com/sleuthkit/sleuthkit/blob/3d16b8bc293ba13a5674fe9ce6a35f867ccc945d/tsk/fs/hfs_dent.c).
 * For hard links on HFS+ the Catalog Node Identifier (CNID) of the link target (indirect node) file record is used instead as the `inode` value instead of the CNID of the (hard link) file record itself. This matches the behavior of Mac OS (file) stat as described [here](https://developer.apple.com/library/archive/technotes/tn/tn1150.html), in the section "Hard Links".
 * For HFS+ the MD5 calculation of `fls` includes:
   * Regular files

docs/darik's_boot_and_nuke.md

@@ -8,10 +8,9 @@ tags:
 ---
 **D**arik's **B**oot **a**nd **N**uke is a disk image that can create a
 bootable CD/DVD/Floppy/USB Device that can securely wipe the hard disks
-of most computers. Dban has support for all 32-bit x86 machines as well
-as [beta](https://dban.org/beta/index.html) builds for Cisco
-Routers, Sparc, PowerPC and HP PA-RISC hardware architecture. DBan is
-bundled with [Eraser](eraser.md)
+of most computers. 
+
+DBan is bundled with [Eraser](eraser.md)
 
 ## Wipe Methods
 
@@ -24,4 +23,4 @@ bundled with [Eraser](eraser.md)
 ## External Links
 
 - [Official website](https://dban.org/)
-- [Support Forum](https://sourceforge.net/p/dban/discussion/208932/)
+- [Support Forum](https://sourceforge.net/p/dban/discussion/208932/)

docs/dd.md

@@ -157,4 +157,3 @@ home archive and will miss the srv archive.
 ## External Links
 
 - [LinuxJournal article about dd](https://www.linuxjournal.com/article/1320)
-- [Windows Version of dd and other forensics tools](http://users.erols.com/gmgarner/forensics/)

docs/disk_images.md

@@ -39,8 +39,8 @@ Forensics File Formats
 build-in, some of which are:
 
 * read-write disk image (.dmg): [raw](raw_image_format.md), [UDIF](dmg.md), NDIF
-* [Sparse disk image (.spareimage)](https://github.com/libyal/libmodi/blob/main/documentation/Mac%20OS%20disk%20image%20types.asciidoc#3-sparse-disk-image-sparseimage-format)
-* [Sparse bundle disk image (.sparsebundle)](https://github.com/libyal/libmodi/blob/main/documentation/Mac%20OS%20disk%20image%20types.asciidoc#4-sparse-bundle-disk-image-sparsebundle-format)
+* [Sparse disk image (.spareimage)](https://github.com/libyal/libmodi/blob/main/documentation/Mac%20OS%20disk%20image%20types.asciidoc)
+* [Sparse bundle disk image (.sparsebundle)](https://github.com/libyal/libmodi/blob/main/documentation/Mac%20OS%20disk%20image%20types.asciidoc)
 
 [Windows](windows.md)
 

docs/early_userspace.md

@@ -1,12 +1,9 @@
 ---
 tags:
-  -  Live CD
-  -  Linux
-  -  Open Source Software
-  -  Tools
+  - Linux
+  - Tools
 ---
-According to the [Linux
-documentation](https://www.kernel.org/doc/Documentation/early-userspace/README),
+According to the [Linux documentation](https://www.kernel.org/doc/Documentation/early-userspace/README),
 "early userspace" is a set of libraries and programs that provide
 various pieces of functionality that are important enough to be
 available while a Linux kernel is coming up, but that don't need to be
@@ -21,20 +18,16 @@ which contains a live system (desktop environment and various
 applications reside in a live system, while early userspace contains
 only a limited set of programs required for booting up).
 
-Due to varied conditions in which Live CDs and Live USBs are booting up
-(for example, it is possible to make Live USB from Live CD by writing
-ISO 9660 image [directly to USB
-device](https://help.ubuntu.com/community/Installation/FromUSBStick#dd_image_of_iso_file_to_USB_device_safely)
-as well as by exporting files from ISO 9660 image to an existing file
-system on USB device and setting up a bootloader on this device), early
-userspace should locate a root file system first. A root file system can
-be stored in a [SquashFS](https://en.wikipedia.org/wiki/SquashFS) image
-file, a [raw image](raw_image_format.md) file, a partition with
-a file system, a device without a partition table (but with a file
-system), or even in a set of directories in unpacked form (although
-specific implementations of early userspace may not support everything
-listed above).
+Due to varied conditions in which Live CDs and Live USBs are booting up (for
+example, it is possible to make Live USB from Live CD by writing ISO 9660 image
+directly to USB device as well as by exporting files from ISO 9660 image to an
+existing file system on USB device and setting up a bootloader on this device),
+early userspace should locate a root file system first. A root file system can
+be stored in a [SquashFS](https://en.wikipedia.org/wiki/SquashFS) image file, a
+[raw image](raw_image_format.md) file, a partition with a file system, a device
+without a partition table (but with a file system), or even in a set of
+directories in unpacked form (although specific implementations of early
+userspace may not support everything listed above).
 
 After booting, contents of a root file system are visible as the
 contents of "/" directory.
-

docs/famous_cases_involving_digital_forensics.md

@@ -36,7 +36,7 @@ had been assigned. It was Scott William Tyree.
 
 * [article on the abduction](https://www.covenanteyes.com/2012/01/13/caught-by-a-predator-10-years-after-her-abduction/)
 * [Popular Mechanics article](https://www.popularmechanics.com/technology/security/how-to/a630/2672751/)
-* [Congressional testimony of Alicia Kozakiewicz](http://notonemorechild.org/map/9)
+* [Congressional testimony of Alicia Kozakiewicz](https://notonemorechild.org)
 
 ### 2005 [Dennis Rader](https://en.wikipedia.org/wiki/Dennis_Rader) --- The "BTK" Serial Killer
 

docs/forensic_corpora.md

@@ -119,20 +119,6 @@ for the purpose of the evaluation.
 - [2000 DARPA Intrusion Detection Scenario
   Specific](http://www.ll.mit.edu/IST/ideval/data/2000/2000_data_index.html)
 
-## WIDE
-
-*The [MAWI Working Group](https://www.wide.ad.jp/project/wg/mawi.html) of
-the [WIDE Project](https://www.wide.ad.jp/)* maintains a [Traffic
-Archive](http://tracer.csl.sony.co.jp/mawi/). In it you will find:
-
-- daily trace of a trans-Pacific T1 line;
-- daily trace at an IPv6 line connected to 6Bone;
-- daily trace at another trans-Pacific line (100Mbps link) in operation
-  since 2006/07/01.
-
-Traffic traces are made by tcpdump, and then, IP addresses in the traces
-are scrambled by a modified version of [tcpdpriv](tcpdpriv.md).
-
 ## Wireshark
 
 The open source Wireshark project (formerly known as Ethereal) has a

docs/forensic_live_cd_issues.md

@@ -167,29 +167,23 @@ will efficiently write-protect the drive from programs running in
 userspace, while kernel and its modules still can write anything to the
 block device, regardless of the read-only mode).
 
-Analysis of the source code for the "write blocking" functionality
-utilized by hdparm and
-blockdev demonstrates that these tools use the
-same system call to alter a kernel flag which is checked in the file
-system layer. This flag (when set) disables generic write operations on
-a file within a file system and many internal write operations of the
-file system layer (like journaling, recovering a file system after a
-crash, superblock modifications, etc.). File system drivers use the
-interface to the [block device
-layer](http://researcher.watson.ibm.com/researcher/files/il-AVISHAY/01-block_io-v1.3.pdf)
-to perform internal write operations, and the block device layer is
-ignoring (not checking) the read-only flag set by hdparm or blockdev on
-a block device, therefore it's up to a file system driver to refuse
-writing to a block device in read-only mode (and there is nothing
-stopping write operations issued by a file system driver not adhering
-the read-only mode of a block device due to the lack of read-only flag
-checks). [A patch has been
-implemented](https://github.com/Schramp/linux-writeblock/wiki) to add
-the write blocking functionality to the IO scheduler / block device
+Analysis of the source code for the "write blocking" functionality utilized by
+hdparm and blockdev demonstrates that these tools use the same system call to
+alter a kernel flag which is checked in the file system layer. This flag (when
+set) disables generic write operations on a file within a file system and many
+internal write operations of the file system layer (like journaling, recovering
+a file system after a crash, superblock modifications, etc.). File system
+drivers use the interface to the block device layer to perform internal write
+operations, and the block device layer is ignoring (not checking) the read-only
+flag set by hdparm or blockdev on a block device, therefore it's up to a file
+system driver to refuse writing to a block device in read-only mode (and there
+is nothing stopping write operations issued by a file system driver not
+adhering the read-only mode of a block device due to the lack of read-only flag
+checks). [A patch has been implemented](https://github.com/Schramp/linux-writeblock/wiki)
+to add the write blocking functionality to the IO scheduler / block device
 layer as well, and make it the default to block all write IO issued to a
-read-only block device ([Linux write
-blocker](linux_write_blocker.md) does almost the same, except it
-doesn't write block anything by default).
+read-only block device ([Linux write blocker](linux_write_blocker.md) does
+almost the same, except it doesn't write block anything by default).
 
 ### TRIM aka discard command
 

docs/gethashes_sh.md

@@ -1,7 +1,7 @@
 ---
 tags:
-  -  Hashing
-  -  Linux
+  - Hashing
+  - Linux
 ---
 ## General Usage
 
@@ -66,5 +66,4 @@ The following video describes how to use the script:
 
 ## External Links
 
-* [Download location](https://bitbucket.org/stewdebaker/unix-hashing-script)
 * [ReadMe file](http://technicallysane.blogspot.com/p/unix-file-hashing-script.html)

docs/internet_explorer.md

@@ -79,7 +79,7 @@ On Windows Vista and later:
 ### Typed URLs
 
 Internet Explorer stores the cached History (or Address box) entries in
-the following Windows Registry key [2](http://support.microsoft.com/kb/157729).
+the following Windows Registry key:
 
     HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
 
@@ -106,13 +106,11 @@ the following Windows Registry key [2](http://support.microsoft.com/kb/157729).
 
 ### Recovery store
 
-* [Internet Explorer RecoveryStore (aka Travelog) as evidence of Internet Browsing activity](http://www.swiftforensics.com/2011/09/internet-explorer-recoverystore-aka.html),
+* [Internet Explorer RecoveryStore (aka Travelog) as evidence of Internet Browsing activity](https://www.swiftforensics.com/2011/09/internet-explorer-recoverystore-aka.html),
   by Yogesh Khatri, September 29, 2011
 
 ### Typed URLS
 
-* [The Trouble with TypedUrlsTime](http://randomthoughtsofforensics.blogspot.co.uk/2012/07/trouble-with-typedurlstime.html),
-  by Ken Johnson, July 4, 2012
 * [TypedURLs Registry Key](http://sketchymoose.blogspot.com/2014/02/typedurls-registry-key.html),
   Sketchymoose's Blog, February 18, 2014
 

docs/journals.md

@@ -14,7 +14,6 @@ subject of digital forensics:
 | Forensic Science Communications                                             | n/a                                      | n/a                                | n/a                                 | <https://archives.fbi.gov/archives/about-us/lab/forensic-science-communications>                   | Federal Bureau of Investigation (FBI)                                                                                           | United States     | Print            | Current issue still 2010.                                                                                                                                                                                        |
 | IEEE Transactions on Information Forensics and Security                     | 1.34                                     | 35                                 | 41                                  | <https://signalprocessingsociety.org/publications-resources/ieee-transactions-information-forensics-and-security>        | Institute of Electrical and Electronics Engineers Inc.                                                                          | United States     | Print/Electronic | Print journal from IEEE Signal Processing Society that started in 2005.                                                                                                                                          |
 | International Journal of Computer Science and Network Security              | n/a                                      | n/a                                | 24                                  | <http://ijcsns.org/>                                                                | IJCSNS                                                                                                                          | South Korea       | Electronic       | Open Access. Monthly                                                                                                                                                                                             |
-| International Journal of Cyber-Security and Digital Forensics               | n/a                                      | n/a                                | n/a                                 | <http://sdiwc.net/security-journal/index.php>                                       | The Society of Digital Information and Wireless Communications                                                                  | China (Hong Kong) | Electronic       |                                                                                                                                                                                                                  |
 | International Journal of Digital Crime and Forensics                        | n/a                                      | 4                                  | n/a                                 | <https://www.igi-global.com/journals/details.asp?ID=7828>                            | IGI Global                                                                                                                      | United States     | Print/Electronic | Started in 2009, Quarterly                                                                                                                                                                                       |
 | International Journal of Electronic Security and Digital Forensics          | n/a                                      | 4                                  | n/a                                 | <https://www.inderscience.com/jhome.php?jcode=ijesdf>                                | Inderscience Publishers                                                                                                         | United Kingdom    | Print/Electronic | Quarterly                                                                                                                                                                                                        |
 | International Journal of Forensic Computer Science                          | n/a                                      | n/a                                | n/a                                 | <http://www.ijofcs.org/>                                                            | Brazilian Association of High Technology Experts (ABEAT)                                                                        | Brazil            | Electronic       |                                                                                                                                                                                                                  |

docs/jpeg.md

@@ -31,12 +31,12 @@ remove metadata from all images.
 
 # Externals Links
 
-- [Wikipedia: JPEG](https://en.wikipedia.org/wiki/JPEG)
-- [ISO/IEC 10918-1](https://www.w3.org/Graphics/JPEG/itu-t81.pdf),
-  Section: Annex B contains a detailed description of the JPEG file
-  structure.
 - [JPEG File Interchange Format Version 1.02](https://www.w3.org/Graphics/JPEG/jfif3.pdf)
+- [Adobe: XMP Specification](https://www.adobe.com/products/xmp/standards.html)
 - [Extensible Metadata Platform (XMP)](https://www.adobe.com/products/xmp.html)
-- [Adobe - XMP Specification](http://partners.adobe.com/public/developer/en/xmp/sdk/XMPspecification.pdf)
 - [FlashPix Tags](https://exiftool.org/TagNames/FlashPix.html)
+- [ISO/IEC 10918-1](https://www.w3.org/Graphics/JPEG/itu-t81.pdf),
+  Section: Annex B contains a detailed description of the JPEG file
+  structure.
 - [Wikipedia: ICC profile](https://en.wikipedia.org/wiki/ICC_profile)
+- [Wikipedia: JPEG](https://en.wikipedia.org/wiki/JPEG)