Difference between pages "Tool template" and "Talk:Tool template"

From Forensics Wiki
(Difference between pages)
Jump to: navigation, search
m
 
(Tool template discussion.)
 
Line 1: Line 1:
This really isn't the tool template that we want to use, because it is not a wiki template...
+
== Template ==
  
 
+
* I'm not sure the template makes sense in it's current form - it's too specific, IMHO. Not every tool "understands filesystems" (jhead, snort, ...), not every tool has any search facilities (dd, wipe, ...), not every tool supports hash databases, etc. etc. --[[User:Uwe Hermann|Uwe Hermann]] 14:01, 4 April 2006 (EDT)
'''Tool Name''' is a ...
+
 
+
 
+
=Features=
+
 
+
==File Systems Understood==
+
 
+
==File Search Facilities==
+
 
+
==Historical Reconstruction==
+
 
+
Can it build timelines and search by creation date?
+
 
+
==Searching Abilities==
+
 
+
Can it search? Does it build an index? Can it focus on file types or particular kinds of metadata?
+
 
+
==Hash Databases==
+
 
+
Can it create hashes of files and/or blocks? Can it compare these hash values to any databases?
+
What sort of hash functions does it use?
+
 
+
==Evidence Collection Features==
+
 
+
Can it sign files? Does it keep an audit log?
+
 
+
=History=
+
 
+
==License Notes==
+
 
+
Is it proprietary, free, or open source? Are there other licensing options?
+
 
+
= External Links =
+
+
==External Reviews==
+

Revision as of 13:01, 4 April 2006

Template

  • I'm not sure the template makes sense in it's current form - it's too specific, IMHO. Not every tool "understands filesystems" (jhead, snort, ...), not every tool has any search facilities (dd, wipe, ...), not every tool supports hash databases, etc. etc. --Uwe Hermann 14:01, 4 April 2006 (EDT)