Difference between pages "User talk:Lawtor Fare" and "1-Page Report"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
m (Welcome!)
 
m
 
Line 1: Line 1:
'''Welcome to ''Forensics Wiki''!'''
+
The idea of a 1-Page Forensics Report is to have a single page that conveys information about a piece of media, a network capture, or a file.
We hope you will contribute much and well.
+
 
You will probably want to read the [[Help:Contents|help pages]].
+
==Disk Forensics 1-Page Report==
Again, welcome and have fun! [[User:Simsong|Simsong]] ([[User talk:Simsong|talk]]) 15:59, 24 April 2013 (CDT)
+
Thoughts about what should go on the report:
 +
* OS Release, Version and Patch Level
 +
* Kernel Release
 +
* Language
 +
* Distribution
 +
* Last Boot
 +
* Installation Date
 +
* Per-user information --- how many users? When was each logged on last
 +
* IP addresses assigned.
 +
* DHCP information
 +
* ISPs that were in use
 +
* DNS information
 +
* Where the connections came from
 +
* resolv.conf files on a mac?
 +
* structured text files
 +
* windows host file
 +
 
 +
SMART information from the drive - hours the drive was used
 +
* dmi decode
 +
* hdparam
 +
* smart
 +
* ishw - apple model #
 +
 
 +
File systems:
 +
* most recently edited docs
 +
* most recently run files
 +
* HFS superblock?

Latest revision as of 10:14, 18 July 2013

The idea of a 1-Page Forensics Report is to have a single page that conveys information about a piece of media, a network capture, or a file.

Disk Forensics 1-Page Report

Thoughts about what should go on the report:

  • OS Release, Version and Patch Level
  • Kernel Release
  • Language
  • Distribution
  • Last Boot
  • Installation Date
  • Per-user information --- how many users? When was each logged on last
  • IP addresses assigned.
  • DHCP information
  • ISPs that were in use
  • DNS information
  • Where the connections came from
  • resolv.conf files on a mac?
  • structured text files
  • windows host file

SMART information from the drive - hours the drive was used

  • dmi decode
  • hdparam
  • smart
  • ishw - apple model #

File systems:

  • most recently edited docs
  • most recently run files
  • HFS superblock?