Difference between revisions of "Main Page"

From ForensicsWiki
Jump to: navigation, search
m
m
Line 14: Line 14:
  
 
<div style="margin-top:0.5em; border:2px solid #ff0000; padding:0.5em 0.5em 0.5em 0.5em; background-color:#ffff99; align:center; border:1px solid #ddccff;">
 
<div style="margin-top:0.5em; border:2px solid #ff0000; padding:0.5em 0.5em 0.5em 0.5em; background-color:#ffff99; align:center; border:1px solid #ddccff;">
<h2 style="margin:0; background-color:#ffff33; font-size:120%; font-weight:bold; border:1px solid #afa3bf; text-align:left; color:#000; padding-left:0.4em; padding-top:0.2em; padding-bottom:0.2em;">Selected Forensics Research</h2>
+
<h2 style="margin:0; background-color:#ffff33; font-size:120%; font-weight:bold; border:1px solid #afa3bf; text-align:left; color:#000; padding-left:0.4em; padding-top:0.2em; padding-bottom:0.2em;">Selected Forensics NEWS</h2>
  
 
<!-- ARTICLE GOES HERE -->
 
<!-- ARTICLE GOES HERE -->
<small>September-2009</small>
+
<small>October-2009</small>
;'''[http://www.blackhat.com/presentations/bh-dc-08/FX/Whitepaper/bh-dc-08-fx-WP.pdf Cisco IOS Forensics]'''
+
;'''[http://sourceforge.net/projects/libmsiecf/ msiecfinfo released]'''
"Cisco System’s routers running Cisco IOS are still the prevalent routing platform on the Internet and corporate networks. Their huge population, architectural deficiencies and hugely diverse version distribution make them a valuable target that gains importance as common operating system platforms are closed down and secured.
+
Libmsiecf is a library with tools to access the Microsoft Internet Explorer (MSIE) Cache File (index.dat) files. Also released documentation about the file format of the index.dat files. You can download the library and tools from the project website: http://sourceforge.net/projects/libmsiecf/
This paper takes the position that the currently used, well accepted practices for monitoring, debugging and post mortem crash analysis are insufficient to deal with the threat of compromised IOS devices. It sets forth a different method that reduces the requirement for constant logging, favoring on- demand in-depth analysis in case of suspicion or actual device crashes. The paper concludes by presenting the current state in the development of software supporting the proposed method and requesting feedback from the community on the software’s future directions."
+
 
 +
Libmsiecf comes with the following tools: msiecfinfo and msiecfexport
 +
 
 +
Use msiecfinfo to determine information about a MSIE Cache File (index.dat).
 +
 
 +
<pre>
 +
Usage: msiecfinfo [ -ahvV ] source
 +
 
 +
    source: the source file
 +
 
 +
    -a:    shows allocation information
 +
    -h:    shows this help
 +
    -v:    verbose output to stderr
 +
    -V:    print version
 +
 
 +
Use msiecfexport to export items stored in from a MSIE Cache File (index.dat).
 +
 
 +
Usage: msiecfexport [ -c codepage ] [ -l logfile ] [ -m mode ] [ -hvV ] source
 +
 
 +
    source: the source file
 +
 
 +
    -c:    codepage of ASCII strings, options: ascii, windows-1250 (default),
 +
            windows-1251, windows-1252, windows-1253, windows-1254,
 +
            windows-1255, windows-1256, windows-1257 or windows-1258
 +
    -h:    shows this help
 +
    -l:    logs information about the exported items
 +
    -m:    export mode, option: all, items (default), recovered
 +
            'all' exports the (allocated) items and recovered items,
 +
            'items' exports the (allocated) items and 'recovered' exports
 +
            the recovered items
 +
    -v:    verbose output to stderr
 +
    -V:    print version
 +
</pre>
 +
 
 
<!--END OF ARTICLE-->
 
<!--END OF ARTICLE-->
  

Revision as of 19:04, 18 October 2009

This is the Forensics Wiki, a Creative Commons-licensed wiki devoted to information about digital forensics (also known as computer forensics). We currently list a total of 705 pages.

Much of computer forensics is focused on the tools and techniques used by investigators, but there are also a number of important papers, people, and organizations involved. Many of those organizations sponsor conferences throughout the year and around the world. You may also wish to examine the popular journals and some special reports.

Wiki Upgrade

27-AUG-09: We just got moved to a new server. Sorry about the downtime.


Selected Forensics NEWS

October-2009

msiecfinfo released

Libmsiecf is a library with tools to access the Microsoft Internet Explorer (MSIE) Cache File (index.dat) files. Also released documentation about the file format of the index.dat files. You can download the library and tools from the project website: http://sourceforge.net/projects/libmsiecf/

Libmsiecf comes with the following tools: msiecfinfo and msiecfexport

Use msiecfinfo to determine information about a MSIE Cache File (index.dat).

Usage: msiecfinfo [ -ahvV ] source

    source: the source file

    -a:     shows allocation information
    -h:     shows this help
    -v:     verbose output to stderr
    -V:     print version

Use msiecfexport to export items stored in from a MSIE Cache File (index.dat).

Usage: msiecfexport [ -c codepage ] [ -l logfile ] [ -m mode ] [ -hvV ] source

    source: the source file

    -c:     codepage of ASCII strings, options: ascii, windows-1250 (default),
            windows-1251, windows-1252, windows-1253, windows-1254,
            windows-1255, windows-1256, windows-1257 or windows-1258
    -h:     shows this help
    -l:     logs information about the exported items
    -m:     export mode, option: all, items (default), recovered
            'all' exports the (allocated) items and recovered items,
            'items' exports the (allocated) items and 'recovered' exports
            the recovered items
    -v:     verbose output to stderr
    -V:     print version


(Past selected articles are archived here.)


Topics


Categories

The contents of this wiki are organized into various categories:


You can help! We have a list of articles that need to be expanded. If you know anything about any of these topics, please feel free to chip in.