Online resources
From Forensics Wiki
There are lots of web sites that can provide valuable information for forensic investigators. (This page will probably be broken into categories eventually...)
WHOIS Queries
The WHOIS Service can be used to find the owner of a domain. Sometimes this is only sufficient to find the registrar for a domain, but even that is a start.
The SamSpade web site also offers several WHOIS related searches
Sample Cases
One of the most difficult things for new investigators is finding sample cases to work on.
- The HoneyNet Project has several forensics challenges online. These include the "Scan of Month", "The Reverse Challenge," and "The Forensic Challenge." The last one asked entrants to examine a complete RedHat Linux system for information. All of these challenges include complete solutions.
Web Page Archives
Web page archives can give the investigator a look at what a web page used to look like. The most well known is the Google cache, but here are some others:
- The Internet Archive's WayBack Machine can produce a nicely formatted page showing how a web site looked on certain dates. For example, the history of yahoo.com's homepage gives a nice history lesson. The machine records both main pages and subpages. For example, note the changes in time between Jesse Kornblum's Yahoo! profile.
