Main Page

From ForensicsWiki
Revision as of 23:04, 18 October 2009 by Simsong (Talk | contribs)

Jump to: navigation, search

This is the Forensics Wiki, a Creative Commons-licensed wiki devoted to information about digital forensics (also known as computer forensics). We currently list a total of 870 pages.

Much of computer forensics is focused on the tools and techniques used by investigators, but there are also a number of important papers, people, and organizations involved. Many of those organizations sponsor conferences throughout the year and around the world. You may also wish to examine the popular journals and some special reports.

Wiki Upgrade

27-AUG-09: We just got moved to a new server. Sorry about the downtime.

Selected Forensics NEWS


msiecfinfo released

Libmsiecf is a library with tools to access the Microsoft Internet Explorer (MSIE) Cache File (index.dat) files. Also released documentation about the file format of the index.dat files. You can download the library and tools from the project website:

Libmsiecf comes with the following tools: msiecfinfo and msiecfexport

Use msiecfinfo to determine information about a MSIE Cache File (index.dat).

Usage: msiecfinfo [ -ahvV ] source

    source: the source file

    -a:     shows allocation information
    -h:     shows this help
    -v:     verbose output to stderr
    -V:     print version

Use msiecfexport to export items stored in from a MSIE Cache File (index.dat).

Usage: msiecfexport [ -c codepage ] [ -l logfile ] [ -m mode ] [ -hvV ] source

    source: the source file

    -c:     codepage of ASCII strings, options: ascii, windows-1250 (default),
            windows-1251, windows-1252, windows-1253, windows-1254,
            windows-1255, windows-1256, windows-1257 or windows-1258
    -h:     shows this help
    -l:     logs information about the exported items
    -m:     export mode, option: all, items (default), recovered
            'all' exports the (allocated) items and recovered items,
            'items' exports the (allocated) items and 'recovered' exports
            the recovered items
    -v:     verbose output to stderr
    -V:     print version

(Past selected articles are archived here.)



The contents of this wiki are organized into various categories:

You can help! We have a list of articles that need to be expanded. If you know anything about any of these topics, please feel free to chip in.