Difference between revisions of "Talk:Main Page"

From ForensicsWiki
Jump to: navigation, search
(what about the validation of legal/illegal licenses of commercial software?)
Line 40: Line 40:
 
: Please add it. [[User:Simsong|Simsong]] 09:50, 15 March 2007 (PDT)
 
: Please add it. [[User:Simsong|Simsong]] 09:50, 15 March 2007 (PDT)
 
:: Done: [[Hachoir]] --[[User:Haypo|Haypo]] 18:44, 18 March 2007 (PDT)
 
:: Done: [[Hachoir]] --[[User:Haypo|Haypo]] 18:44, 18 March 2007 (PDT)
 +
 +
== List of OS changed at boot or poweroff time. ==
 +
 +
Some times i found useful to know which files are changed on boot time of OS or on poweroff.  For example to know what happened with OS ( Windows or Linux or ... ) what files to exclude or include by investigation. So i started collect this information with qemu and mactime. I think this wiki is the best place to post it,  what do you think haw should i name it and the category? Also i will thankful if some one can correct my English.

Revision as of 14:54, 18 October 2007

what about the validation of legal/illegal licenses of commercial software?

I'm sometimes requested by the Courts to process with investigations in order to detect is a company is using software (e.g. AutoCad, MS Office, Adobe) with licenses or not. The evidence of such stuff is easy or not. The display of the "About" is sometimes enough but for some software the evidence is not so easy.

May I propose we open a new section to address such topics?

What do you think? --Chuv 04:16, 19 July 2007 (PDT)

Sounds like a good idea. How about How to determine if software is legally licensed? It should probably go in the Category:Howtos. Jessek 16:11, 19 July 2007 (PDT)

Link to Pages for Expanding

Could we add a link to the Main Page for all of the other pages that need expanding (i.e. Category:Articles that need to be expanded)? I think we're more likely to get help if we advertise where we need it! Jessek 05:52, 19 March 2007 (PDT)

Global Directory of Analysts

I am setting up a global directory of computer forensics analysts, and am looking for feedback to the idea. Although the directory is in the UK, I want it to be global. Any thoughts, please put them on Computer Forensics [1] in the forums section. Thanks and regards, Simon

Given the lack of response I'm not sure this is a viable idea. Jessek 21:13, 26 February 2007 (PST)
Doesn't seem like a good idea to me. Simsong 18:50, 15 March 2007 (PDT)
Response is small because the very idea and both sites are not well known within North America. Computer forensics here has been mostly a secondary role rather than a principal focus. To raise awareness of both efforts, this wiki and computer-forensics.co.uk, you need to get their existence promoted in major publications and the primary professional organizations.

Hachoir framework

Hi, I'm the author of Hachoir, a generic framework for binary file manipulation. I don't know if I can add it in your wiki. I prefer to have your review first :-)

Hachoir supports many file formats (more than 60 formats) and have many features:

* Fault tolerant parser (truncated/buggy file or buggy parser)
* Smart syntax: you don't have to care about endian or charset, and you can mix byte and bit fields
* Few functions to modify files
* File recognition using header/footer in a disk image (in any file) with few false positive (each file is checked using the parser)
* Written in Python: OS independant and easy to script/extend
* curses, wxWidgets and Gtk interfaces
* Many programs based on hachoir-core and hachoir-parser:
  * hachoir-strip: remove metadata and other "useless" informations
  * hachoir-grep: find substring in a binary file (using hachoir parsers: so search is Unicode aware)
  * hachoir-subfile: find all subfiles in a file
  * etc.
Please add it. Simsong 09:50, 15 March 2007 (PDT)
Done: Hachoir --Haypo 18:44, 18 March 2007 (PDT)

List of OS changed at boot or poweroff time.

Some times i found useful to know which files are changed on boot time of OS or on poweroff. For example to know what happened with OS ( Windows or Linux or ... ) what files to exclude or include by investigation. So i started collect this information with qemu and mactime. I think this wiki is the best place to post it, what do you think haw should i name it and the category? Also i will thankful if some one can correct my English.