Difference between revisions of "Main Page"

From ForensicsWiki
Jump to: navigation, search
m
(removed old news, added selected article)
Line 4: Line 4:
 
Much of [[computer forensics]] is focused on the [[tools]] and [[techniques]] used by [[investigator]]s, but there are also a number of important [[papers]], [[people]], and [[organizations]] involved. Many of those organizations sponsor [[conferences]] throughout the year and around the world. You may also wish to examine the popular [[journals]] and some special [[reports]].
 
Much of [[computer forensics]] is focused on the [[tools]] and [[techniques]] used by [[investigator]]s, but there are also a number of important [[papers]], [[people]], and [[organizations]] involved. Many of those organizations sponsor [[conferences]] throughout the year and around the world. You may also wish to examine the popular [[journals]] and some special [[reports]].
 
</div>  
 
</div>  
 
<div style="margin-top:0.5em; border:2px solid #ff0000; padding:0.5em 0.5em 0.5em 0.5em; background-color:#99ff99; align:center; border:1px solid #ddccff;">
 
<h2 style="margin:0; background-color:#33ff33; font-size:120%; font-weight:bold; border:1px solid #afa3bf; text-align:left; color:#000; padding-left:0.4em; padding-top:0.2em; padding-bottom:0.2em;">Wiki Upgrade</h2>
 
 
27-AUG-09: We just got moved to a new server. Sorry about the downtime.
 
</div>
 
  
 
<!-- Selected Forensics Research -->   
 
<!-- Selected Forensics Research -->   
  
 
<div style="margin-top:0.5em; border:2px solid #ff0000; padding:0.5em 0.5em 0.5em 0.5em; background-color:#ffff99; align:center; border:1px solid #ddccff;">
 
<div style="margin-top:0.5em; border:2px solid #ff0000; padding:0.5em 0.5em 0.5em 0.5em; background-color:#ffff99; align:center; border:1px solid #ddccff;">
<h2 style="margin:0; background-color:#ffff33; font-size:120%; font-weight:bold; border:1px solid #afa3bf; text-align:left; color:#000; padding-left:0.4em; padding-top:0.2em; padding-bottom:0.2em;">Selected Forensics NEWS</h2>
+
<h2 style="margin:0; background-color:#ffff33; font-size:120%; font-weight:bold; border:1px solid #afa3bf; text-align:left; color:#000; padding-left:0.4em; padding-top:0.2em; padding-bottom:0.2em;">Selected Forensics Research</h2>
  
 
<!-- ARTICLE GOES HERE -->
 
<!-- ARTICLE GOES HERE -->
<small>October-2009</small>
+
<small>November-2009</small>
;'''[http://sourceforge.net/projects/libmsiecf/ msiecfinfo released]'''
+
;'''[http://www.computer-forensics-lab.org/pdf/Linux_for_computer_forensic_investigators.pdf Linux for computer forensic investigators: «pitfalls» of mounting file systems] [http://computer-forensics-lab.org/lib/?cid=174 (Russian version)], Suhanov Maxim, 2009'''
Libmsiecf is a library with tools to access the Microsoft Internet Explorer (MSIE) Cache File (index.dat) files. Also released documentation about the file format of the index.dat files. You can download the library and tools from the project website: http://sourceforge.net/projects/libmsiecf/
+
 
+
Libmsiecf comes with the following tools: msiecfinfo and msiecfexport
+
 
+
Use msiecfinfo to determine information about a MSIE Cache File (index.dat).
+
 
+
<pre>
+
Usage: msiecfinfo [ -ahvV ] source
+
 
+
    source: the source file
+
 
+
    -a:    shows allocation information
+
    -h:    shows this help
+
    -v:    verbose output to stderr
+
    -V:    print version
+
 
+
Use msiecfexport to export items stored in from a MSIE Cache File (index.dat).
+
 
+
Usage: msiecfexport [ -c codepage ] [ -l logfile ] [ -m mode ] [ -hvV ] source
+
 
+
    source: the source file
+
  
    -c:     codepage of ASCII strings, options: ascii, windows-1250 (default),
+
The paper opens discussion about building forensically sound Live CD distributions based on Linux. Problems described:
            windows-1251, windows-1252, windows-1253, windows-1254,
+
* Common misconceptions about "-o ro" mount option (is it forensically sound?);
            windows-1255, windows-1256, windows-1257 or windows-1258
+
* Bugs in many forensic Live CDs that alter the data on evidentiary media.
    -h:    shows this help
+
    -l:    logs information about the exported items
+
    -m:    export mode, option: all, items (default), recovered
+
            'all' exports the (allocated) items and recovered items,
+
            'items' exports the (allocated) items and 'recovered' exports
+
            the recovered items
+
    -v:    verbose output to stderr
+
    -V:    print version
+
</pre>
+
  
 +
Denis Frati ([[CAINE Live CD|CAINE]] developer) wrote an [http://www.denisfrati.it/pdf/Suhanov_Maxim_bug.pdf excellent review (Italian)] of the bug found in Casper scripts.
 
<!--END OF ARTICLE-->
 
<!--END OF ARTICLE-->
  

Revision as of 16:39, 4 November 2009

This is the Forensics Wiki, a Creative Commons-licensed wiki devoted to information about digital forensics (also known as computer forensics). We currently list a total of 741 pages.

Much of computer forensics is focused on the tools and techniques used by investigators, but there are also a number of important papers, people, and organizations involved. Many of those organizations sponsor conferences throughout the year and around the world. You may also wish to examine the popular journals and some special reports.


Selected Forensics Research

November-2009

Linux for computer forensic investigators: «pitfalls» of mounting file systems (Russian version), Suhanov Maxim, 2009

The paper opens discussion about building forensically sound Live CD distributions based on Linux. Problems described:

  • Common misconceptions about "-o ro" mount option (is it forensically sound?);
  • Bugs in many forensic Live CDs that alter the data on evidentiary media.

Denis Frati (CAINE developer) wrote an excellent review (Italian) of the bug found in Casper scripts.


(Past selected articles are archived here.)


Topics


Categories

The contents of this wiki are organized into various categories:


You can help! We have a list of articles that need to be expanded. If you know anything about any of these topics, please feel free to chip in.