Difference between revisions of "Talk:Main Page"

From ForensicsWiki
Jump to: navigation, search
m (It was a good idea, so I did it.)
 
(24 intermediate revisions by 8 users not shown)
Line 25: Line 25:
 
Some times i found useful to know which files are changed on boot time of OS or on poweroff.  For example to know what happened with OS ( Windows or Linux or ... ) what files to exclude or include by investigation. So i started collect this information with qemu and mactime. I think this wiki is the best place to post it,  what do you think haw should i name it and the category? Also i will thankful if some one can correct my English.
 
Some times i found useful to know which files are changed on boot time of OS or on poweroff.  For example to know what happened with OS ( Windows or Linux or ... ) what files to exclude or include by investigation. So i started collect this information with qemu and mactime. I think this wiki is the best place to post it,  what do you think haw should i name it and the category? Also i will thankful if some one can correct my English.
  
== Anti-forensic Tools Link on Homepage ==
+
I would encourage you to post it at [[Files changed at boot:Windows XP]], [[Files changed at boot:Windows Vista]], and the like. [[User:Simsong|Simsong]] 18:53, 25 October 2007 (PDT)
  
The anti-forensic tools link on the homepage of this wiki doesn't appear to go to the proper page, but rather goes to a pro-forensic tools pageDo we have a page just for anti-forensic tools? It would appear to me that the internal link should point to that type of a page rather than one on pro-forensic tools.  Thoughts? [[User:Cobalt2020|AEI Forensics]]
+
== Organizing Anti-Forensics and Page Naming query ==
 +
I've made a start on trying to organize the Anti-Forensics information creating a number of sections including Category:Anti-ForensicsI created a category for Category:Anti-Forensics Tools(uppercase) with out realising there was already a Category:Anti-forensics tools (lowercase)Is there any standardization on whether page titles should be upper or lower case? I would have though upper case being the better option...
 +
[[User:Fsck|Fsck]] 22:43, 4 July 2008 (UTC)
  
== File Header Page ==
+
I've started a weekly posting of forensics research. In my quick review of the other websites that come up when doing a google search for "computer forensics" it seems that nothing is really up-to-date, so perhaps we can start a more active community here. Perhaps this will grow into a blog roll. [[User:Simsong|Simsong]] 23:46, 5 July 2008 (UTC)
 +
:: What about next Selected Forensics Research? Two months passed without updates [[User:.FUF|.FUF]] 21:10, 17 October 2008 (UTC)
 +
:::I got radically overcommitted. I'll try to post something this weekend. [[User:Simsong|Simsong]] 06:35, 18 October 2008 (UTC)
 +
== Removal of non-contributing users ==
  
Do we have a page on this forensic wiki devoted to File Header information such as specific file header and footer signatures or at least a page of links to known file header compendiums? Do we want one? [[User:Cobalt2020|AEI Forensics]]
+
I've written a little SQL statement which will remove the 1100 or so usernames that have been registered but which have never contributed anything and have no talk. This was considered for the mediawiki project but never implemented (weird). Anyway, unless there is a suggestion, I'll go ahead and do it... [[User:Simsong|Simsong]] 05:10, 20 August 2008 (UTC)
 +
 
 +
== Tools table ==
 +
 
 +
Is it possible to add [[Wireshark]] and [[NetworkMiner]] to the Tools table on the Main Page (here: ''Network Forensics: Snort, ... '')? [[User:.FUF|.FUF]] 17:08, 11 September 2008 (UTC)
 +
: Done [[User:Simsong|Simsong]] 04:40, 12 September 2008 (UTC).
 +
 
 +
== Did you know? ==
 +
 
 +
What about organizing "Did you know?" section with some interesting facts from articles (like in Wikipedia)? [[User:.FUF|.FUF]] 12:34, 29 October 2008 (UTC)
 +
: I don't think that we have enough people to do this. [[User:Simsong|Simsong]] 06:50, 19 July 2009 (UTC)
 +
 
 +
== Wiki News ==
 +
 
 +
I have updated the version of SpamBlacklist. [[User:Simsong|Simsong]] 23:49, 30 October 2008 (UTC)
 +
 
 +
I have fixed the server config file so we now get /wiki/ URLs. [[User:Simsong|Simsong]] 20:33, 3 November 2008 (UTC)
 +
 
 +
== Forensics Mailing List ==
 +
Hello all. I would like to ask, are there any mailing list focus on forensics? I need reference here. --[[User:Zakiakhmad|Zakiakhmad]] 09:48, 13 March 2009 (UTC)
 +
 
 +
: It seems a little bit passive this discussion --[[User:Zakiakhmad|Zakiakhmad]] 03:16, 23 March 2009 (UTC)
 +
 
 +
== AJAX ==
 +
 
 +
Ajax has been enabled by adding these settings to the LocalSettings.php file:
 +
  $wgUseAjax = true;
 +
  $wgEnableMWSuggest = true;
 +
  $wgMWSuggestTemplate =SearchEngine::getMWSuggestTemplate() . '&limit=20';
 +
 
 +
:Yours wikily, [[User:Simsong|Simsong]] 06:49, 19 July 2009 (UTC)
 +
 
 +
== Zalety i Wady - obiektywnie wyłącznie inżynierowie forensics ==
 +
 
 +
'''Analiza SIM karty danych i odzyskiwania usuniętych danych
 +
ANALYSIS SIM CARD DATA AND RECOVER DELETED DATA'''
 +
 
 +
Odzyskiwanie skasowanych wiadomości SMS / tekst i wykonać kompleksową analizę danych na karcie SIM. Karta SIM ma zajęcia nabycia karty SIM i elementy analizy zajęciu urządzenia parabenów i umieszcza je w specjalistyczne karty SIM nabycia kryminalistycznych i narzędzie do analizy. Karta SIM zawiera zajęcia programowe, jak Forensic SIM Card Reader. Jeśli masz już zajęcia Device & Device Seizure Toolbox, nie ma potrzeby, aby otrzymać karty SIM zajęcia, jak również dlatego, że zawierają składniki, aby wykonać kryminalistycznych badań karty SIM i analizy. Jest to narzędzie dla badacza, który chce nabyć tylko karty SIM i nie chcesz wykonać kryminalistycznych egzaminów wszystkich danych z telefonu komórkowego. Karta SIM zawiera bezpłatne zajęcia roczną subskrypcję z zakupu.
 +
 
 +
SIM Card Seizure has unicode support to read multiple languages such as Arabic, Chinese, & Russian: Features:
 +
 
 +
    * Forensic SIM Card Reader Included
 +
    * Calculates MD5 & SHA1 Hash Values
 +
    * Search Function
 +
    * Recovers Deleted SMS Data*
 +
    * Bookmarking Options
 +
    * Report Creation Wizard
 +
    * Save Workspaces for Further Review
 +
    * Time Stamps Calculate GMT Offset
 +
    * Access to Paraben's Forum
 +
    * Access to Paraben's 24 Hour Support
 +
 
 +
Data Acquired from SIM Cards
 +
 
 +
    * Phase Phase ID
 +
    * SST SIM Service table
 +
    * ICCID Serial Number
 +
    * LP Preferred languages variable
 +
    * SPN Service Provider name
 +
    * MSISDN Subscriber phone number
 +
    * AND Short Dial Number
 +
    * FDN Fixed Numbers
 +
    * LND Last Dialed numbers
 +
    * EXT1 Dialing Extension
 +
    * EXT2 Dialing Extension
 +
    * GID1 Groups
 +
    * GID2 Groups
 +
    * SMS Text Messages
 +
    * SMSP Text Message parameters
 +
    * SMSS Text message status
 +
    * CBMI Preferred network messages
 +
    * PUCT Charges per unit
 +
    * ACM Charge counter
 +
    * ACMmax Charge limit
 +
    * HPLMNSP HPLMN search period
 +
    * PLMNsel PLMN selector
 +
    * FPLMN Forbidden PLMNs
 +
    * CCP Capability configuration parameter
 +
    * ACC Access control class
 +
    * IMSI IMSI
 +
    * LOCI Location information
 +
    * BCCH Broadcast control channels
 +
    * Kc Ciphering key
 +
 
 +
Pytanie 1
 +
_________
 +
 
 +
 
 +
Jakie zalety na pierwszy plan,  a jakie wady które można zignorować w śledztwie?
 +
 
 +
==Spam==
 +
In an attempt to deal with spam, account creation now requires confirmation.

Latest revision as of 12:46, 5 February 2012

what about the validation of legal/illegal licenses of commercial software?

I'm sometimes requested by the Courts to process with investigations in order to detect is a company is using software (e.g. AutoCad, MS Office, Adobe) with licenses or not. The evidence of such stuff is easy or not. The display of the "About" is sometimes enough but for some software the evidence is not so easy.

May I propose we open a new section to address such topics?

What do you think? --Chuv 04:16, 19 July 2007 (PDT)

Sounds like a good idea. How about How to determine if software is legally licensed? It should probably go in the Category:Howtos. Jessek 16:11, 19 July 2007 (PDT)


Global Directory of Analysts

I am setting up a global directory of computer forensics analysts, and am looking for feedback to the idea. Although the directory is in the UK, I want it to be global. Any thoughts, please put them on Computer Forensics [1] in the forums section. Thanks and regards, Simon

Given the lack of response I'm not sure this is a viable idea. Jessek 21:13, 26 February 2007 (PST)
Doesn't seem like a good idea to me. Simsong 18:50, 15 March 2007 (PDT)
Response is small because the very idea and both sites are not well known within North America. Computer forensics here has been mostly a secondary role rather than a principal focus. To raise awareness of both efforts, this wiki and computer-forensics.co.uk, you need to get their existence promoted in major publications and the primary professional organizations.


List of OS changed files at boot time or poweroff.

Some times i found useful to know which files are changed on boot time of OS or on poweroff. For example to know what happened with OS ( Windows or Linux or ... ) what files to exclude or include by investigation. So i started collect this information with qemu and mactime. I think this wiki is the best place to post it, what do you think haw should i name it and the category? Also i will thankful if some one can correct my English.

I would encourage you to post it at Files changed at boot:Windows XP, Files changed at boot:Windows Vista, and the like. Simsong 18:53, 25 October 2007 (PDT)

Organizing Anti-Forensics and Page Naming query

I've made a start on trying to organize the Anti-Forensics information creating a number of sections including Category:Anti-Forensics. I created a category for Category:Anti-Forensics Tools(uppercase) with out realising there was already a Category:Anti-forensics tools (lowercase). Is there any standardization on whether page titles should be upper or lower case? I would have though upper case being the better option... Fsck 22:43, 4 July 2008 (UTC)

I've started a weekly posting of forensics research. In my quick review of the other websites that come up when doing a google search for "computer forensics" it seems that nothing is really up-to-date, so perhaps we can start a more active community here. Perhaps this will grow into a blog roll. Simsong 23:46, 5 July 2008 (UTC)

What about next Selected Forensics Research? Two months passed without updates .FUF 21:10, 17 October 2008 (UTC)
I got radically overcommitted. I'll try to post something this weekend. Simsong 06:35, 18 October 2008 (UTC)

Removal of non-contributing users

I've written a little SQL statement which will remove the 1100 or so usernames that have been registered but which have never contributed anything and have no talk. This was considered for the mediawiki project but never implemented (weird). Anyway, unless there is a suggestion, I'll go ahead and do it... Simsong 05:10, 20 August 2008 (UTC)

Tools table

Is it possible to add Wireshark and NetworkMiner to the Tools table on the Main Page (here: Network Forensics: Snort, ... )? .FUF 17:08, 11 September 2008 (UTC)

Done Simsong 04:40, 12 September 2008 (UTC).

Did you know?

What about organizing "Did you know?" section with some interesting facts from articles (like in Wikipedia)? .FUF 12:34, 29 October 2008 (UTC)

I don't think that we have enough people to do this. Simsong 06:50, 19 July 2009 (UTC)

Wiki News

I have updated the version of SpamBlacklist. Simsong 23:49, 30 October 2008 (UTC)

I have fixed the server config file so we now get /wiki/ URLs. Simsong 20:33, 3 November 2008 (UTC)

Forensics Mailing List

Hello all. I would like to ask, are there any mailing list focus on forensics? I need reference here. --Zakiakhmad 09:48, 13 March 2009 (UTC)

It seems a little bit passive this discussion --Zakiakhmad 03:16, 23 March 2009 (UTC)

AJAX

Ajax has been enabled by adding these settings to the LocalSettings.php file:

 $wgUseAjax = true;
 $wgEnableMWSuggest = true;
 $wgMWSuggestTemplate =SearchEngine::getMWSuggestTemplate() . '&limit=20';
Yours wikily, Simsong 06:49, 19 July 2009 (UTC)

Zalety i Wady - obiektywnie wyłącznie inżynierowie forensics

Analiza SIM karty danych i odzyskiwania usuniętych danych ANALYSIS SIM CARD DATA AND RECOVER DELETED DATA

Odzyskiwanie skasowanych wiadomości SMS / tekst i wykonać kompleksową analizę danych na karcie SIM. Karta SIM ma zajęcia nabycia karty SIM i elementy analizy zajęciu urządzenia parabenów i umieszcza je w specjalistyczne karty SIM nabycia kryminalistycznych i narzędzie do analizy. Karta SIM zawiera zajęcia programowe, jak Forensic SIM Card Reader. Jeśli masz już zajęcia Device & Device Seizure Toolbox, nie ma potrzeby, aby otrzymać karty SIM zajęcia, jak również dlatego, że zawierają składniki, aby wykonać kryminalistycznych badań karty SIM i analizy. Jest to narzędzie dla badacza, który chce nabyć tylko karty SIM i nie chcesz wykonać kryminalistycznych egzaminów wszystkich danych z telefonu komórkowego. Karta SIM zawiera bezpłatne zajęcia roczną subskrypcję z zakupu.

SIM Card Seizure has unicode support to read multiple languages such as Arabic, Chinese, & Russian: Features:

   * Forensic SIM Card Reader Included
   * Calculates MD5 & SHA1 Hash Values
   * Search Function
   * Recovers Deleted SMS Data*
   * Bookmarking Options
   * Report Creation Wizard
   * Save Workspaces for Further Review
   * Time Stamps Calculate GMT Offset
   * Access to Paraben's Forum
   * Access to Paraben's 24 Hour Support

Data Acquired from SIM Cards

   * Phase Phase ID
   * SST SIM Service table
   * ICCID Serial Number
   * LP Preferred languages variable
   * SPN Service Provider name
   * MSISDN Subscriber phone number
   * AND Short Dial Number
   * FDN Fixed Numbers
   * LND Last Dialed numbers
   * EXT1 Dialing Extension
   * EXT2 Dialing Extension
   * GID1 Groups
   * GID2 Groups
   * SMS Text Messages
   * SMSP Text Message parameters
   * SMSS Text message status
   * CBMI Preferred network messages
   * PUCT Charges per unit
   * ACM Charge counter
   * ACMmax Charge limit
   * HPLMNSP HPLMN search period
   * PLMNsel PLMN selector
   * FPLMN Forbidden PLMNs
   * CCP Capability configuration parameter
   * ACC Access control class
   * IMSI IMSI
   * LOCI Location information
   * BCCH Broadcast control channels
   * Kc Ciphering key

Pytanie 1 _________


Jakie zalety na pierwszy plan, a jakie wady które można zignorować w śledztwie?

Spam

In an attempt to deal with spam, account creation now requires confirmation.