From f062ad8392bdb3031de0954f01638be7f4c200a4 Mon Sep 17 00:00:00 2001 From: Joachim Metz Date: Wed, 29 Nov 2023 09:14:31 -0800 Subject: [PATCH] Removed dead references (#196) --- docs/cell_phone_forensics.md | 4 +- docs/cloud_forensics_research.md | 2 +- docs/conferences.md | 75 +------------------ docs/extended_file_system_(ext).md | 6 +- docs/file_format_identification.md | 3 +- docs/forensic_corpora.md | 5 +- docs/forensicswiki_feedburner_feed.md | 9 --- docs/header.md | 8 +- docs/helix3.md | 50 ++++++------- docs/hiberfil.sys.md | 2 - docs/jtag_and_chip-off_tools_and_equipment.md | 2 +- docs/jump_lists.md | 2 - docs/knoppix_std.md | 62 ++++++++------- docs/logfile_analysis.md | 16 +--- docs/mhdd.md | 8 +- docs/open_research_topics.md | 5 +- docs/outlook_express_database_(dbx).md | 17 ++--- docs/people.md | 14 ---- docs/pysim.md | 2 +- docs/shell_item.md | 2 +- docs/sim.md | 5 +- docs/simis.md | 11 +-- docs/simreader.md | 7 +- docs/simson's_open_research_topics.md | 5 +- docs/solid_state_drives.md | 6 +- docs/timeline_analysis_bibliography.md | 5 +- docs/tools.md | 6 -- docs/tools_timeline_analysis.md | 6 +- docs/twrp.md | 18 +++-- docs/windows_event_log_(evt).md | 15 ++-- docs/windows_nt.md | 5 +- docs/windows_registry.md | 7 -- 32 files changed, 130 insertions(+), 260 deletions(-) delete mode 100644 docs/forensicswiki_feedburner_feed.md delete mode 100644 docs/people.md diff --git a/docs/cell_phone_forensics.md b/docs/cell_phone_forensics.md index d11dcd405..989210192 100644 --- a/docs/cell_phone_forensics.md +++ b/docs/cell_phone_forensics.md @@ -90,7 +90,7 @@ Investigative Support * [Creating a Cell Phone Investigation Toolkit: Basic Hardware and Software Specifications](http://www.search.org/files/pdf/CellphoneInvestToolkit-0806.pdf) * [E-Evidence.Info Mobile Forensic Tools](http://www.e-evidence.info/cellular.html) * [ForensicFocus.com(Practitioners Forum)](https://forensicfocus.com) -* [Mobile-Forensics.com (Research Forum for Mobile Device Forensics)](http://www.Mobile-Forensics.com) +* [Mobile-Forensics.com (Research Forum for Mobile Device Forensics)](http://www.mobile-forensics.com/) * [Phone-Forensics.com (Advanced Forum for Practitioners)](http://www.Phone-Forensics.com) * [TREW Mobile Telephone Evidence (Mobile Telephone Evidence Practitioner Site)](http://trewmte.blogspot.com) @@ -104,6 +104,6 @@ Training * [SANS: FOR585: Smartphone Forensic Analysis In-Depth](https://www.sans.org/cyber-security-courses/advanced-smartphone-mobile-device-forensics/) * [Teel Technologies Smartphone training](http://www.teeltech.com/mobile-device-forensics-training/) -* [Mobile-Forensics.com (Research Forum for Mobile Device Forensics)](http://www.Mobile-Forensics.com) +* [Mobile-Forensics.com (Research Forum for Mobile Device Forensics)](http://www.mobile-forensics.com/) * [Paraben-Forensics.com (Paraben's Handheld Forensic Training Classes)](https://paraben.com/dfir-training-3/) * [Micro Systemation Training (Mobile Forensics Training)](https://www.msab.com/) diff --git a/docs/cloud_forensics_research.md b/docs/cloud_forensics_research.md index faad443fa..b44170a0f 100644 --- a/docs/cloud_forensics_research.md +++ b/docs/cloud_forensics_research.md @@ -97,7 +97,7 @@ location="Monterey, CA", `volume = {9},` `year = {2012},` `pages = {S90--S98},` -` url="`[`http://ww.cs.umbc.edu/~dykstra/DFRWS_Dykstra.pdf`](http://ww.cs.umbc.edu/~dykstra/DFRWS_Dykstra.pdf)`"` +` url="`[`https://www.sciencedirect.com/science/article/pii/S1742287612000266`](https://www.sciencedirect.com/science/article/pii/S1742287612000266)`"` diff --git a/docs/conferences.md b/docs/conferences.md index 4fc6e49fe..2c98953c2 100644 --- a/docs/conferences.md +++ b/docs/conferences.md @@ -21,141 +21,82 @@ Research conferences that are related to digital investigation and forensics. American Academy of Forensic Science - - BlackHat Federal Briefings & Training - - BSides Security (various locations) - - CanSecWest - - Computer Technology Investigators Network (CTIN) Digital Forensics Conference - - Conference on Digital Forensics, Security and Law - - Department of Defense CyberCrime Conference (Discontinued - now US Cyber Crime Conference) - - Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA) - - Digital Forensics Research Conference (DFRWS) - - -e-Forensics (Last found in 2010) - - - - EuroForensics Forensics Sciences, Cyber Security and Surveillance Technologies Conference and Exhibition (With ending of FSS, this seems to be a trade show now) - - FIRST Conference - - French-Speaking Days on Digital Investigations - Journées Francophones de l'Investigation Numérique - - IEEE Workshop on Information Forensics and Security - - IFIP International Information Security Conference - - IFIP WG 11.9 International Conference on Digital Forensics - - Information Hiding Conference - - International Conference on Availability, Reliability and Security - - [International Conference on Digital Forensics and Cyber Crime (ICDF2C)](https://d-forensics.eai-conferences.org/) - - International Conference on IT-Incident Management & IT-Forensics - - International Symposium on Recent Advances in Intrusion Detection - - Open Source Software for Computer and Network Forensics (Last seen in 2008) - - Open Web Application Security Project - - Security OPUS Information Security Conference (Last seen 2010) - - Sleuthkit and Open Source Digital Forensics Conference (OSDFCon) - - USENIX Annual Technical Conference - - USENIX Security Symposium - - Virus Bulletin Conference - - International Workshop on Cyber Forensics and Advanced Threat Investigations @@ -164,42 +105,28 @@ International Workshop on Cyber Forensics and Advanced Threat Investigations Enfuse Conference - formerly Computer and Enterprise Investigations Conference (CEIC) - - The First Forensic Forum (F3) - - HTCIA International Training Conference and Expo - - IACIS Computer Forensic Training Event - - PFIC (Parabin Corporation) - - Regional Computer Forensics Group Conference (RCFG) - - SANS Digital Forensics & Incident Response Summit & Training - - Techno-Security Conference # See also -* [Upcoming events](upcoming_events.md) * [Journals](journals.md) +* [Upcoming events](upcoming_events.md) diff --git a/docs/extended_file_system_(ext).md b/docs/extended_file_system_(ext).md index 2b0dbba9e..b9067be74 100644 --- a/docs/extended_file_system_(ext).md +++ b/docs/extended_file_system_(ext).md @@ -31,9 +31,9 @@ file system. ### Ext2 * [Wikipedia article on ext2](https://en.wikipedia.org/wiki/Ext2) -* [Layout of the ext2 Filesystem](http://www.nongnu.org./ext2-doc/ext2.html) -* [Linux Ext2fs Undeletion mini-HOWTO](http://fedora.linuxsir.org/doc/ext2undelete/Ext2fs-Undeletion.html) -* [Using ext2 on other systems](http://blog.boreas.ro/2007/11/ext2-filesystem-for-linux-and-solaris.html) +* [Layout of the ext2 Filesystem](https://www.nongnu.org/ext2-doc/ext2.html) +* [Linux Ext2fs Undeletion mini-HOWTO](https://tldp.org/HOWTO/Ext2fs-Undeletion-1.html) +* [Ext2 Filesystem for Linux and Solaris](http://blog.boreas.ro/2007/11/ext2-filesystem-for-linux-and-solaris.html), by Cmihai, November 3, 2007 ### Ext3 diff --git a/docs/file_format_identification.md b/docs/file_format_identification.md index b712c28a9..d707dac9f 100644 --- a/docs/file_format_identification.md +++ b/docs/file_format_identification.md @@ -73,9 +73,8 @@ See: - Online - Based on machine learning techniques, uses multiple file features - Uses novel signatures computed from file format samples -- Identifications are linked to +- Identifications are linked to the [file formats archive](http://fileformats.archiveteam.org/wiki/Main_Page) ontology -- ## Apache Tika diff --git a/docs/forensic_corpora.md b/docs/forensic_corpora.md index 06e11f247..8c3f2fe5b 100644 --- a/docs/forensic_corpora.md +++ b/docs/forensic_corpora.md @@ -188,9 +188,8 @@ available a series of [text collections](https://trec.nist.gov//data.html). ## American National Corpus -The [American National Corpus (ANC) -project](http://www.americannationalcorpus.org/) is creating a massive -collection of American english from 1990 onward. The goal is to create a +The [American National Corpus (ANC) project](https://anc.org/) is creating +a collection of American english from 1990 onward. The goal is to create a corpus of at least 100 million words that is comparable to the British National Corpus. diff --git a/docs/forensicswiki_feedburner_feed.md b/docs/forensicswiki_feedburner_feed.md deleted file mode 100644 index 03f53f0d7..000000000 --- a/docs/forensicswiki_feedburner_feed.md +++ /dev/null @@ -1,9 +0,0 @@ ---- -tags: - - No Category ---- -FeedBurner Page: - - -Subscribe by email: - \ No newline at end of file diff --git a/docs/header.md b/docs/header.md index 8f627dd5f..e5b2590d8 100644 --- a/docs/header.md +++ b/docs/header.md @@ -1,8 +1,8 @@ --- tags: - - No Category + - Articles that need to be expanded --- -For now, see "File Signatures" here: -`- `[`https://en.wikipedia.org/wiki/List_of_file_signatures`](https://en.wikipedia.org/wiki/List_of_file_signatures) -`- `[`http://filesignatures.net/index.php?page=all`](http://filesignatures.net/index.php?page=all) \ No newline at end of file +## External Links + +* [Wikipedia: List of file signatures](https://en.wikipedia.org/wiki/List_of_file_signatures) diff --git a/docs/helix3.md b/docs/helix3.md index 7420ed8fd..0202eae6b 100644 --- a/docs/helix3.md +++ b/docs/helix3.md @@ -1,15 +1,13 @@ --- tags: - - Live CD - - Tools - - Linux - - Disk Imaging - - System Analysis + - Disk Imaging + - Linux + - Live CD + - System Analysis + - Tools --- -**Helix3** is a [Live CD](live_cd.md) built on top of -[Ubuntu](ubuntu.md). It focuses on [incident -response](incident_response.md) and [computer -forensics](computer_forensics.md). +**Helix3** is a [Live CD](live_cd.md) built on top of [Ubuntu](ubuntu.md). It +focuses on [incident response](incident_response.md) and [computer forensics](computer_forensics.md). According to Helix3 Support Forum, e-fense is no longer planning on updating the free version of Helix. @@ -22,22 +20,22 @@ Response and forensic techniques. ### Bootable Side -- [The Sleuth Kit](the_sleuth_kit.md) -- [dc3dd](dc3dd.md) -- [dcfldd](dcfldd.md) -- [LinEn](linen.md) -- [aimage](aimage.md) +* [aimage](aimage.md) +* [dc3dd](dc3dd.md) +* [dcfldd](dcfldd.md) +* [LinEn](linen.md) +* [The Sleuth Kit](the_sleuth_kit.md) *and others.* ### Windows Side -- [FTK Imager](ftk_imager.md) -- [mdd](mdd.md) -- [win32dd](windd.md) -- winen -- WFT -- IRCR +* [FTK Imager](ftk_imager.md) +* IRCR +* [mdd](mdd.md) +* WFT +* [win32dd](windd.md) +* winen *and others.* @@ -45,18 +43,14 @@ Windows side can be used to scan for pictures on a live system. ## Forensic Issues -- Helix3 will automount ext3 and ext4 file systems during the boot process and +* Helix3 will automount ext3 and ext4 file systems during the boot process and recover them if required (bug in *initrd* scripts); -- Helix3 can automount some storage devices like firewire devices and +* Helix3 can automount some storage devices like firewire devices and MMC in read/write mode; -- Helix3 relies on file system drivers to provide write protection, +* Helix3 relies on file system drivers to provide write protection, mounting some file system types (e.g. [XFS](xfs.md) will result in several data writes to the original media. ## See Also -- [Helix3 Pro](helix3_pro.md) - -## External Links - -- [Helix3 CE Forum](http://forum.charlestendell.com) +* [Helix3 Pro](helix3_pro.md) diff --git a/docs/hiberfil.sys.md b/docs/hiberfil.sys.md index 161fcf4e0..b1ae8044b 100644 --- a/docs/hiberfil.sys.md +++ b/docs/hiberfil.sys.md @@ -42,8 +42,6 @@ from the multiple levels of slack space within them. * [Windows hibernation file for fun & profit](http://msuiche.net/con/bhusa2008/Windows_hibernation_file_for_fun_%27n%27_profit-0.6.pdf), by Matthieu Suiche -* [Hibernation File Format](http://web17.webbpro.de/downloads/Hibernation%20File%20Attack/Hibernation%20File%20Format.pdf), - by Peter Kleissner, 2009 * [Microsoft Hibernation Files](https://code.google.com/archive/p/volatility/wikis/HiberAddressSpace.wiki), by [the Volatility project](volatility_framework.md) * [Hibernation Recon](https://arsenalrecon.com/apps/hibernation-recon/) diff --git a/docs/jtag_and_chip-off_tools_and_equipment.md b/docs/jtag_and_chip-off_tools_and_equipment.md index ce488c9ae..f162ae42b 100644 --- a/docs/jtag_and_chip-off_tools_and_equipment.md +++ b/docs/jtag_and_chip-off_tools_and_equipment.md @@ -17,7 +17,7 @@ made for equivalent tools and equipment.* | Item | Info | Estimated Cost (CAD) | |:-------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------| | iSeasamo Phone Opening Tool | | £6 | -| Carton SPZT-50PG Microscope (optional: w/trinocular) | | \$1200 | +| Carton SPZT-50PG Microscope (optional: w/trinocular) | | \$1200 | | Xytronic 988D Solder Rework Station | | \$300 | | Weller WES51 Solder Station | sourced locally (Electronics shop) | \$100 | | Xytronic LF-852D Hot Air Station | | \$225 | diff --git a/docs/jump_lists.md b/docs/jump_lists.md index 6ed61e01c..56ea7627b 100644 --- a/docs/jump_lists.md +++ b/docs/jump_lists.md @@ -82,8 +82,6 @@ binary format segments. by Michael Dunn, May 19, 2009 * [Jump Lists in Windows 7 and Possible Forensic Implementations](http://mikeahrendt.blogspot.com/2011/04/jump-lists-in-windows-7-and-possible.html), by Mike Ahrendt, April 3, 2011 -* [The Forensic Value of the Windows 7 Jump List](http://www.alexbarnett.com/jumplistforensics.pdf), - by Alexander G Barnett, April 18, 2011 * [Forensic Examination of Windows 7 Jump Lists](https://www.slideshare.net/ctin/windows-7-forensics-jump-listsrv3public), by Troy Larson, June 6, 2011 * [Jump List Analysis](https://windowsir.blogspot.com/2011/08/jump-list-analysis.html), diff --git a/docs/knoppix_std.md b/docs/knoppix_std.md index fc1a7ae2f..359034bb1 100644 --- a/docs/knoppix_std.md +++ b/docs/knoppix_std.md @@ -1,49 +1,47 @@ --- tags: - - No Category + - Live CD --- -Knoppix STD is a [computer forensics](computer_forensics.md) / -[incident response](incident_response.md) [Live -CD](live_cd.md) based on Knoppix. +Knoppix security tools distribution (STD) is a [computer forensics](computer_forensics.md) +and [incident response](incident_response.md) [Live CD](live_cd.md) based on Knoppix. ## Tools ### Forensics -- [The Sleuth Kit](the_sleuth_kit.md) 1.66 : extensions to The Coroner's +* [The Sleuth Kit](the_sleuth_kit.md) 1.66 : extensions to The Coroner's Toolkit forensic toolbox. -- autopsy 1.75 : Web front-end to TASK. Evidence Locker defaults to +* autopsy 1.75 : Web front-end to TASK. Evidence Locker defaults to /mnt/evidence -- biew : binary viewer -- bsed : binary stream editor -- consh : logged shell (from F.I.R.E.) -- coreography : analyze core files -- dcfldd : US DoD Computer Forensics Lab version of dd -- fenris : code debugging, tracing, decompiling, reverse engineering +* biew : binary viewer +* bsed : binary stream editor +* consh : logged shell (from F.I.R.E.) +* coreography : analyze core files +* dcfldd : US DoD Computer Forensics Lab version of dd +* fenris : code debugging, tracing, decompiling, reverse engineering tool -- fatback : Undelete FAT files -- foremost : recover specific file types from disk images (like all JPG +* fatback : Undelete FAT files +* foremost : recover specific file types from disk images (like all JPG files) -- ftimes : system baseline tool (be proactive) -- galleta : recover Internet Explorer cookies -- hashdig : dig through hash databases -- hdb : java decompiler -- mac-robber : TCT's graverobber written in C -- [md5deep](md5deep.md) : run md5 against multiple +* ftimes : system baseline tool (be proactive) +* galleta : recover Internet Explorer cookies +* hashdig : dig through hash databases +* hdb : java decompiler +* mac-robber : TCT's graverobber written in C +* [md5deep](md5deep.md) : run md5 against multiple files/directories -- memfetch : force a memory dump -- pasco : browse IE index.dat -- photorec : grab files from digital cameras -- readdbx : convert Outlook Express .dbx files to mbox format -- readoe : convert entire Outlook Express .directory to mbox format -- rifiuti : browse Windows Recycle Bin INFO2 files -- secure_delete : securely delete files, swap, memory.... -- testdisk : test and recover lost partitions -- wipe : wipe a partition securely. good for prep'ing a partition for dd -- and other typical system tools used for forensics (dd, lsof, strings, +* memfetch : force a memory dump +* pasco : browse IE index.dat +* photorec : grab files from digital cameras +* readdbx : convert Outlook Express .dbx files to mbox format +* readoe : convert entire Outlook Express .directory to mbox format +* rifiuti : browse Windows Recycle Bin INFO2 files +* secure_delete : securely delete files, swap, memory.... +* testdisk : test and recover lost partitions +* wipe : wipe a partition securely. good for prep'ing a partition for dd +* and other typical system tools used for forensics (dd, lsof, strings, grep, etc.) ## External Links -- [Official Site](https://s-t-d.org/) -- [Support Forum](http://forum.s-t-d.org/) +* [Official Site](https://s-t-d.org/) diff --git a/docs/logfile_analysis.md b/docs/logfile_analysis.md index 598232b7d..fe5b1e06d 100644 --- a/docs/logfile_analysis.md +++ b/docs/logfile_analysis.md @@ -33,8 +33,6 @@ and CSV, as well as Windows Event Log, Registry, and Active Directory Also see: Microsoft Log Parser Toolkit, by Gabriele Giuseppini, Mark Burnett, ISBN: 1-93226-652-6 - - [Logpresso Mini](https://github.com/logpresso/community) From Logpresso, claims to parse a variety of log files, including CSV, @@ -50,41 +48,29 @@ website. It can also be used for analysis of webserver logfiles. Claims to be *"the most popular logfile analyser in the world"* - - [Webalizer](http://www.mrunix.net/webalizer/) *"A fast, free web server log file analysis program"* - - [phpMyVisites](http://www.phpmyvisites.us/) New "clicks heatmap" shows where people are clicking on your website; depends on JavaScript. (on the other hand, doesn't need access to your logfiles) - - [AWStats](https://awstats.sourceforge.io/) *"Free powerful and featureful tool that generates advanced web, streaming, ftp or mail server statistics, graphically."* - - -[JasperReports](http://jasperforge.org/sf/projects/jasperreports) +[JasperReports](https://community.jaspersoft.com/) Java reporting tool. - - [Open Web Analytics](http://wiki.openwebanalytics.com/index.php?title=Main_Page) *"An open source web analytics framework written in PHP."* - - [Breadboard BI Web Analytics](https://sourceforge.net/projects/web-analytics/) *"Uses open source tools to collect and distribute web analytics data."* diff --git a/docs/mhdd.md b/docs/mhdd.md index 75b50e614..acb422855 100644 --- a/docs/mhdd.md +++ b/docs/mhdd.md @@ -1,8 +1,12 @@ --- tags: - - Articles that need to be expanded + - Tools --- +MHDD is a program for low-level HDD diagnostics. + MHDD accesses hard drives at the physical level, allowing bad-blocks to be accessed and remapped. - \ No newline at end of file +## External Links + +* [Official Site](https://hddguru.com/software/2005.10.02-MHDD/) diff --git a/docs/open_research_topics.md b/docs/open_research_topics.md index 3ac48b8ef..273c2707e 100644 --- a/docs/open_research_topics.md +++ b/docs/open_research_topics.md @@ -1,5 +1,6 @@ --- tags: - - No Category + - Redirect --- -1. REDIRECT [Research Topics](research_topics.md) \ No newline at end of file + +_See: [Research Topics](research_topics.md)_ diff --git a/docs/outlook_express_database_(dbx).md b/docs/outlook_express_database_(dbx).md index bece22566..9becbc0ca 100644 --- a/docs/outlook_express_database_(dbx).md +++ b/docs/outlook_express_database_(dbx).md @@ -1,11 +1,10 @@ --- tags: - - File Formats + - File Formats --- -Outlook Express uses the **Outlook -Express Database (DBX)** database to store emails, folders, etc. The DBX -was introduced in version 5. Earlier versions of OE use different file -formats. +Outlook Express uses the **Outlook Express Database (DBX)** database to store +emails, folders, etc. The DBX was introduced in version 5. Earlier versions of +Outlook Express use different file formats. ## MIME types @@ -24,15 +23,13 @@ until now it is unknown how it affects the file type. The contents of a DBX file is dependent on the content CLSID. -- Message Database (CLSID: 6F74FDC5-E366-11d1-9A4E-00C04FA309D4) -- Folder Database (CLSID: 6F74FDC6-E366-11d1-9A4E-00C04FA309D4) +* Message Database (CLSID: 6F74FDC5-E366-11d1-9A4E-00C04FA309D4) +* Folder Database (CLSID: 6F74FDC6-E366-11d1-9A4E-00C04FA309D4) ## Encryption ## External Links -* [Outlook Express Wikipedia](https://en.wikipedia.org/wiki/Outlook_Express) -* [Outlook Express dbx file format by Arne Schloh](http://oedbx.aroh.de/) -* [Outlook Express Version 5.0 file format](http://www.fpns.net/willy/DBX-FMT.HTM) +* [Wikipedia: Outlook Express Wikipedia](https://en.wikipedia.org/wiki/Outlook_Express) * [libdbx](https://sourceforge.net/projects/ol2mbox/), see FILE-FORMAT in the package. diff --git a/docs/people.md b/docs/people.md deleted file mode 100644 index 6c43cf03d..000000000 --- a/docs/people.md +++ /dev/null @@ -1,14 +0,0 @@ ---- -tags: - - No Category ---- -- [Harvard Forensics Project](harvard_forensics_project.md) -- - -The MultimediaWiki catalogs as many technical details as possible about -video and audio formats. Also includes details on reverse engineering -and tools used, etc. - -- [Digital Records Forensics - Project](http://digitalrecordsforensics.org/) at the University of - British Columbia, SLAIS diff --git a/docs/pysim.md b/docs/pysim.md index 85c1e5ace..15058adda 100644 --- a/docs/pysim.md +++ b/docs/pysim.md @@ -28,4 +28,4 @@ prohibitive - Ease of use: The simplicity of pySIM enables novice investigators to acquire data - Logging capabilities: Some competing SIM readers do not keep a -logfile \ No newline at end of file +logfile diff --git a/docs/shell_item.md b/docs/shell_item.md index f5d95a862..41c4972cd 100644 --- a/docs/shell_item.md +++ b/docs/shell_item.md @@ -107,7 +107,7 @@ An example of a shell item list taken from **Calculator.lnk** Chad Tilbury, July 5, 2011 * [MoVP 3.2 Shellbags in Memory, SetRegTime, and TrueCrypt Volumes](https://volatility-labs.blogspot.com/2012/09/movp-32-shellbags-in-memory-setregtime.html), by Jamie Levy, September 2012 -* [Shellbag Analysis, Revisited...Some Testing](http://windowsir.blogspot.com/2012/10/shellbag-analysis-revisitedsome-testing.html), +* [Shellbag Analysis, Revisited...Some Testing](https://windowsir.blogspot.com/2012/10/shellbag-analysis-revisitedsome-testing.html), by [Harlan Carvey](harlan_carvey.md), October 2012 * [Shellbags Forensics: Addressing a Misconception (interpretation, step-by-step testing, new findings, and more)](https://www.4n6k.com/2013/12/shellbags-forensics-addressing.html), by Dan Pullega, December 4, 2013 (RESTRICTED) diff --git a/docs/sim.md b/docs/sim.md index 5480c0fa5..c9035f3b9 100644 --- a/docs/sim.md +++ b/docs/sim.md @@ -1,5 +1,6 @@ --- tags: - - No Category + - Redirect --- -1. REDIRECT [SIM Cards](sim_cards.md) \ No newline at end of file + +_See: [SIM Cards](sim_cards.md)_ diff --git a/docs/simis.md b/docs/simis.md index 95c2a09d6..1b8b0f3ba 100644 --- a/docs/simis.md +++ b/docs/simis.md @@ -1,9 +1,8 @@ --- tags: - - No Category + - Abandoned + - Tools --- -Back to [SIM Card Forensics](sim_card_forensics.md) - SIMIS is a range of products developed for forensic examination of GSM SIM Cards. @@ -132,8 +131,6 @@ the use of the engine or the sale of any product that may compete with our own. Regular updates are made to the SIMIS engine and provide the licensee with updates as required. -## References - -1\. +## Also see -Back to [SIM Card Forensics](sim_card_forensics.md) \ No newline at end of file +* [SIM Card Forensics](sim_card_forensics.md) diff --git a/docs/simreader.md b/docs/simreader.md index 2df6aa5a6..7c158875e 100644 --- a/docs/simreader.md +++ b/docs/simreader.md @@ -1,5 +1,8 @@ --- tags: - - No Category + - Articles that need to be expanded --- -1. REDIRECT [pySIM](pysim.md) \ No newline at end of file + +## Also see: + +* [pySIM](pysim.md) diff --git a/docs/simson's_open_research_topics.md b/docs/simson's_open_research_topics.md index 6de3a55b0..273c2707e 100644 --- a/docs/simson's_open_research_topics.md +++ b/docs/simson's_open_research_topics.md @@ -1,5 +1,6 @@ --- tags: - - No Category + - Redirect --- -1. REDIRECT [Open Research Topics](open_research_topics.md) \ No newline at end of file + +_See: [Research Topics](research_topics.md)_ diff --git a/docs/solid_state_drives.md b/docs/solid_state_drives.md index a77fef162..276f81997 100644 --- a/docs/solid_state_drives.md +++ b/docs/solid_state_drives.md @@ -1,6 +1,6 @@ --- tags: - - No Category + - Redirect --- -1. REDIRECT [Solid State Drive (SSD) - Forensics](solid_state_drive_(ssd)_forensics.md) \ No newline at end of file + +_See: [Solid State Drive (SSD) Forensics](solid_state_drive_(ssd)_forensics.md)_ diff --git a/docs/timeline_analysis_bibliography.md b/docs/timeline_analysis_bibliography.md index ddd814c32..c7320d9da 100644 --- a/docs/timeline_analysis_bibliography.md +++ b/docs/timeline_analysis_bibliography.md @@ -1,5 +1,6 @@ --- tags: - - No Category + - Redirect --- -1. REDIRECT [Timeline Analysis](timeline_analysis.md) \ No newline at end of file + +_See: [Timeline Analysis](timeline_analysis.md)_ diff --git a/docs/tools.md b/docs/tools.md index b5ed34a98..edd11d718 100644 --- a/docs/tools.md +++ b/docs/tools.md @@ -337,12 +337,6 @@ Paraben StrongHold Tent # Other Tools -[Chat Sniper](http://www.alexbarnett.com/chatsniper.htm) - -A forensic software tool designed to simplify the process of on-scene -evidence acquisition and analysis of logs and data left by the use of -AOL, MSN (Live), or Yahoo instant messenger. - [Serial Port Analyzer](https://www.serial-port-communication.com/how-to-analyze-serial-port-activity/) The tool to analyze serial port and device activity. diff --git a/docs/tools_timeline_analysis.md b/docs/tools_timeline_analysis.md index 5e059d938..c7320d9da 100644 --- a/docs/tools_timeline_analysis.md +++ b/docs/tools_timeline_analysis.md @@ -1,6 +1,6 @@ --- tags: - - No Category + - Redirect --- -1. REDIRECT [Timeline Analysis - Bibliography](timeline_analysis_bibliography.md) \ No newline at end of file + +_See: [Timeline Analysis](timeline_analysis.md)_ diff --git a/docs/twrp.md b/docs/twrp.md index d7772b4de..51b983496 100644 --- a/docs/twrp.md +++ b/docs/twrp.md @@ -1,10 +1,10 @@ --- tags: - - Tools - - Android - - Data Recovery - - Howtos - - Articles that need to be expanded + - Android + - Articles that need to be expanded + - Data Recovery + - Howtos + - Tools --- # TWRP (Team Win Recovery Project) @@ -35,7 +35,7 @@ device before you started the process.* The process of using TWRP is as follows: `* Download the newest version of Odin from `[`https://odindownload.com/`](https://odindownload.com/)`.` -`* Download a TWRP recovery image in .tar format from `[`http://teamw.in/Devices/`](http://teamw.in/Devices/)`. They are specific to your device.` +`* Download a TWRP recovery image in .tar format. They are specific to your device.` `* Remove any removable media as TWRP could install to an SD card if one is inserted.` `* Place the phone in download mode (varies per phone - commonly Vol Down+Home+Power.` `* Connect the phone to your PC.` @@ -118,4 +118,8 @@ the loop. If not, you will have to flash a stock image to the phone. The phone will reboot and take a minute or two to fully boot. It should now be like factory new. If the phone still goes into a bootloop, try a different image. If the phone appears frozen on a splash screen, give it -a good half hour before re-trying the process. \ No newline at end of file +a good half hour before re-trying the process. + +## External links + +* [TeamWin - TWRP](https://twrp.me/) diff --git a/docs/windows_event_log_(evt).md b/docs/windows_event_log_(evt).md index f689dc005..f582e6788 100644 --- a/docs/windows_event_log_(evt).md +++ b/docs/windows_event_log_(evt).md @@ -134,14 +134,11 @@ be careful to keep these issues in mind when analyzing EVT logs. ## Tools -* [GrokEVT](http://projects.sentinelchicken.org/grokevt) is a set of - forensics scripts designed to make sense of EVT logs for - investigations. Along with RegLookup, it is able to combine registry - information and event log templates to place EVT data in context. - (UN\*X platforms only.) * [File::ReadEVT](http://www.cpan.org/modules/by-authors/id/H/HC/HCARVEY/) - is a Perl module that parses event log files for the purpose of - forensics. + is a Perl module that parses event log files for the purpose of forensics. + This tool appears to be abandoned. +* [evtkit - fix broken evt files](https://github.com/yarox24/evtkit). This tool + appears to be abandoned. +* [lfle.py](https://github.com/williballenthin/LfLe), by Willi Ballenthin. + This tool appears to be abandoned. * [libevt](libevt.md) -* [lfle.py](https://github.com/williballenthin/LfLe), by Willi Ballenthin -* [evtkit - fix broken evt files](https://github.com/yarox24/evtkit) diff --git a/docs/windows_nt.md b/docs/windows_nt.md index 736277ad5..42afa8ae7 100644 --- a/docs/windows_nt.md +++ b/docs/windows_nt.md @@ -1,5 +1,6 @@ --- tags: - - No Category + - Redirect --- -1. REDIRECT [Windows](windows.md) \ No newline at end of file + +_See: [Windows](windows.md)_ diff --git a/docs/windows_registry.md b/docs/windows_registry.md index 5892550ef..e27870588 100644 --- a/docs/windows_registry.md +++ b/docs/windows_registry.md @@ -1251,12 +1251,6 @@ name

* [Forensic Registry EDitor (fred)](https://www.pinguin.lu/index.php) - "Forensic Registry EDitor (fred) is a cross-platform M\$ registry hive editor" by Daniel Gillen -* [libregfi](http://projects.sentinelchicken.org/data/doc/reglookup/regfi/) - - The regfi library is a read-only NT registry library which serves as - the main engine behind the reglookup tool -* [reglookup](http://projects.sentinelchicken.org/reglookup/) — "small - command line utility for reading and querying Windows NT-based - registries." * [regviewer](https://sourceforge.net/projects/regviewer/) — a tool for looking at the registry. * [RegRipper](regripper.md) — "the fastest, easiest, and best @@ -1299,6 +1293,5 @@ name

* [Alien Registry Viewer](http://lastbit.com/arv/default.asp) * [NT Registry Optimizer](http://www.larshederer.homepage.t-online.de/erunt/index.htm) * [iExpert Software-Free Registry Defrag](https://cumdiner.com/categories/) -* [Registry Undelete (russian)](http://paullee.ru/regundel) * [Windows Registry Recovery](http://mitec.cz/wrr.html) * [Registry Tool](http://registrytool.com/)