Difference between revisions of "Getting Started in Forensic Research"

From ForensicsWiki
Jump to: navigation, search
m
m (Recommended Reading)
(One intermediate revision by the same user not shown)
Line 1: Line 1:
 
Interested in getting involved in computer forensics research? Here's how to start.
 
Interested in getting involved in computer forensics research? Here's how to start.
  
=Recommended Reading=
+
==Recommended Reading==
# Read the proceedings for each of the past [http://www.dfrws.org Digital Forensic Research Workshops] sessions. If a specific article looks interesting, download it and read it!
+
# Read the proceedings for the past four years of the [http://www.dfrws.org DFRWS] conference. If a specific article looks interesting, download it and read it!
 +
#*[http://www.dfrws.org/2009/program.shtml DFRWS 2009 Program]
 +
#*[http://www.dfrws.org/2008/program.shtml DFRWS 2008 Program]
 
#*[http://www.dfrws.org/2007/program.shtml DFRWS 2007 Program]
 
#*[http://www.dfrws.org/2007/program.shtml DFRWS 2007 Program]
 
#*[http://www.dfrws.org/2006/program.shtml DFRWS 2006 Program]
 
#*[http://www.dfrws.org/2006/program.shtml DFRWS 2006 Program]
#*[http://www.dfrws.org/2005/program.shtml DFRWS 2005 Program]
+
# Review the proceedings from the past few years of the IEEE/SADFE (Systematic Approaches to Digital Forensics Engineering) workshops. The papers do not appear on the website, but you can generally find them with Google by searching for the title in quotes.
#*[http://www.dfrws.org/2004/program.shtml DFRWS 2004 Program]
+
#*[http://conf.ncku.edu.tw/sadfe/sadfe09/program.html SADFE 2009 Program]
#*[http://www.dfrws.org/2003/program.shtml DFRWS 2003 Program]
+
#*[http://conf.ncku.edu.tw/sadfe/sadfe08/program.html SADFE 2008 Program]
#*[http://www.dfrws.org/2002/program.shtml DFRWS 2002 Program]
+
#*[http://www.dfrws.org/2001/dfrws-rm-final.pdf DFRWS 2001 Technical Report] (no program available)
+
 
# Review the [http://www.ifip119.org/ IFIP Working Group 11.9 on Digital Forensics] website and look at the proceedings from the past conferences (unfortunately, you can't download the papers and the book costs more than $100, but if you see something interesting it can usually be requested via interlibrary loan) (Some higher education libraries subscribe to SpringerLink which makes full text of these proceedings available to students and faculty as part of the school subscription)
 
# Review the [http://www.ifip119.org/ IFIP Working Group 11.9 on Digital Forensics] website and look at the proceedings from the past conferences (unfortunately, you can't download the papers and the book costs more than $100, but if you see something interesting it can usually be requested via interlibrary loan) (Some higher education libraries subscribe to SpringerLink which makes full text of these proceedings available to students and faculty as part of the school subscription)
 
#*[http://www.ifip119.org/Publications/ IFIP WG 11.9 publications]
 
#*[http://www.ifip119.org/Publications/ IFIP WG 11.9 publications]
Line 15: Line 15:
 
# Review the [http://www.sleuthkit.org/ Sleuth Kit Website]. In particular, review the issues of [http://www.sleuthkit.org/informer/index.php The Sleuth Kit Informer] and download a copy of Sleuth Kit for your computer.
 
# Review the [http://www.sleuthkit.org/ Sleuth Kit Website]. In particular, review the issues of [http://www.sleuthkit.org/informer/index.php The Sleuth Kit Informer] and download a copy of Sleuth Kit for your computer.
  
=Exercises for the Reader=
+
==Setting up a C++ development environment==
 +
Many people working in forensics find it useful to be able to compile their tools from source code. Most of the tools compile on Linux, Mac, and within the Cygwin environment under Windows.
 +
 
 +
Because all of these tools build upon one another, it is important to compile and install them in the order specified below.
 +
 
 +
 
 +
# Download a copy of [http://sourceforge.net/projects/libewf/ libewf] and install it on your computer.
 +
# Download a copy of [
 +
# Download a copy of [http://www.sleuthkit.org/sleuthkit/ Sleuthkit] and install it.
 +
 
 +
 
 +
==Exercises for the Reader==
 
# Download a few of the public corpora from the [http://digitalcorpora.org/ Digital Corpora] website and give them a try.
 
# Download a few of the public corpora from the [http://digitalcorpora.org/ Digital Corpora] website and give them a try.
 
# Try your hand at the [http://www.honeynet.org/misc/chall.html HoneyNet Project Challenges]. They are a little older, but are still valid. Plus there are solutions from previous attempts online!
 
# Try your hand at the [http://www.honeynet.org/misc/chall.html HoneyNet Project Challenges]. They are a little older, but are still valid. Plus there are solutions from previous attempts online!

Revision as of 16:25, 1 October 2009

Interested in getting involved in computer forensics research? Here's how to start.

Recommended Reading

  1. Read the proceedings for the past four years of the DFRWS conference. If a specific article looks interesting, download it and read it!
  2. Review the proceedings from the past few years of the IEEE/SADFE (Systematic Approaches to Digital Forensics Engineering) workshops. The papers do not appear on the website, but you can generally find them with Google by searching for the title in quotes.
  3. Review the IFIP Working Group 11.9 on Digital Forensics website and look at the proceedings from the past conferences (unfortunately, you can't download the papers and the book costs more than $100, but if you see something interesting it can usually be requested via interlibrary loan) (Some higher education libraries subscribe to SpringerLink which makes full text of these proceedings available to students and faculty as part of the school subscription)
  4. Search for interesting forensic terms at the ACM Digital Library and CiteSeer
  5. Review the Sleuth Kit Website. In particular, review the issues of The Sleuth Kit Informer and download a copy of Sleuth Kit for your computer.

Setting up a C++ development environment

Many people working in forensics find it useful to be able to compile their tools from source code. Most of the tools compile on Linux, Mac, and within the Cygwin environment under Windows.

Because all of these tools build upon one another, it is important to compile and install them in the order specified below.


  1. Download a copy of libewf and install it on your computer.
  2. Download a copy of [
  3. Download a copy of Sleuthkit and install it.


Exercises for the Reader

  1. Download a few of the public corpora from the Digital Corpora website and give them a try.
  2. Try your hand at the HoneyNet Project Challenges. They are a little older, but are still valid. Plus there are solutions from previous attempts online!