2015-08-26: – A support email address (support AT forensicswiki.org) was created for all your forensicswiki needs. This is a mailing list that goes to the appropriate staff that will assist with site maintenance, issues, etc. If you have questions or issues with the site please send us an email.
2015-07-18: Forensic Wiki has been acquired by Harris Corporation for the betterment of the community. All licensing and data rights are staying the same, there’s just corporate funding behind the site now. The wiki will remain as an international resource, with no editorial input from Harris whatsoever. All of the existing editorial controls and checks and balances will remain in place. All of the existing accounts carry forward.
2014-06-14: The Wiki has been migrated to the most up-to-date MediaWiki and moved from HostGator to Pair. The previous bugs with the AccountCreation problem should be fixed. Please let us know if there are any problems.
2014-06-16 - It seems that the transfer and upgrade has resulted in some content being lost. The content appears to be on the old site and we may need some help in migrating it. Please see Content Lost in Migration for a list of the lost content.
Abstract: Criminal investigations today can hardly be imagined without the forensic analysis of digital devices, regardless of whether it is a desktop computer, a mobile phone, or a navigation system. This not only holds true for cases of cybercrime, but also for traditional delicts such as murder or blackmail, and also private corporate investigations rely on digital forensics. This leads to an increasing number of cases with an ever-growing amount of data, that exceeds the capacity of the forensic experts. To support investigators to work more efficiently, we introduce a novel approach to automatically reconstruct events that previously occurred on the examined system and to provide a quick overview to the investigator as a starting point for further investigation. In contrast to the few existing approaches, our solution does not rely on any previously profiled system behavior or knowledge about specific applications, log files, or file formats. We further present a prototype implementation of our so-called zero knowledge event reconstruction approach, that solely tries to make sense of characteristic structures in file system metadata such as file- and folder-names and timestamps.
Forensic Linux Live CD distributions are widely used during computer forensic investigations. Currently, many vendors of such Live CD distributions state that their Linux do not modify the contents of hard drives or employ "write protection." Testing indicates that this may not always be the case. Read More...