what about the validation of legal/illegal licenses of commercial software?
I'm sometimes requested by the Courts to process with investigations in order to detect is a company is using software (e.g. AutoCad, MS Office, Adobe) with licenses or not. The evidence of such stuff is easy or not. The display of the "About" is sometimes enough but for some software the evidence is not so easy.
May I propose we open a new section to address such topics?
What do you think? --Chuv 04:16, 19 July 2007 (PDT)
- Sounds like a good idea. How about How to determine if software is legally licensed? It should probably go in the Category:Howtos. Jessek 16:11, 19 July 2007 (PDT)
Link to Pages for Expanding
Could we add a link to the Main Page for all of the other pages that need expanding (i.e. Category:Articles that need to be expanded)? I think we're more likely to get help if we advertise where we need it! Jessek 05:52, 19 March 2007 (PDT)
Global Directory of Analysts
I am setting up a global directory of computer forensics analysts, and am looking for feedback to the idea. Although the directory is in the UK, I want it to be global. Any thoughts, please put them on Computer Forensics  in the forums section. Thanks and regards, Simon
- Given the lack of response I'm not sure this is a viable idea. Jessek 21:13, 26 February 2007 (PST)
- Doesn't seem like a good idea to me. Simsong 18:50, 15 March 2007 (PDT)
- Response is small because the very idea and both sites are not well known within North America. Computer forensics here has been mostly a secondary role rather than a principal focus. To raise awareness of both efforts, this wiki and computer-forensics.co.uk, you need to get their existence promoted in major publications and the primary professional organizations.
Hi, I'm the author of Hachoir, a generic framework for binary file manipulation. I don't know if I can add it in your wiki. I prefer to have your review first :-)
Hachoir supports many file formats (more than 60 formats) and have many features:
* Fault tolerant parser (truncated/buggy file or buggy parser) * Smart syntax: you don't have to care about endian or charset, and you can mix byte and bit fields * Few functions to modify files * File recognition using header/footer in a disk image (in any file) with few false positive (each file is checked using the parser) * Written in Python: OS independant and easy to script/extend * curses, wxWidgets and Gtk interfaces * Many programs based on hachoir-core and hachoir-parser: * hachoir-strip: remove metadata and other "useless" informations * hachoir-grep: find substring in a binary file (using hachoir parsers: so search is Unicode aware) * hachoir-subfile: find all subfiles in a file * etc.
List of OS changed files at boot time or poweroff.
Some times i found useful to know which files are changed on boot time of OS or on poweroff. For example to know what happened with OS ( Windows or Linux or ... ) what files to exclude or include by investigation. So i started collect this information with qemu and mactime. I think this wiki is the best place to post it, what do you think haw should i name it and the category? Also i will thankful if some one can correct my English.
Anti-forensic Tools Link on Homepage
The anti-forensic tools link on the homepage of this wiki doesn't appear to go to the proper page, but rather goes to a pro-forensic tools page. Do we have a page just for anti-forensic tools? It would appear to me that the internal link should point to that type of a page rather than one on pro-forensic tools. Thoughts? AEI Forensics
File Header Page
Do we have a page on this forensic wiki devoted to File Header information such as specific file header and footer signatures or at least a page of links to known file header compendiums? Do we want one? AEI Forensics