Forensics
Overview
Forensics is a topic that is often misinterpreted. The most common
misconception seen today is: “Forensics is a way to recover deleted
files.” Recovering deleted information
from a drive can certainly be part of what forensics entails, but is in no way
a complete definition of what Forensics is.
This project will help security professionals with tips, pointers and
education in the world of forensics and cover a wide range of topics.
What is Forensics?
Forensics is the science of finding the truth. In technology, it’s finding the truth with
technology. It can be as simply as
opening up the file browser and searching for a document or file, or as complex
as examining bits of data on a hard drive, recovering deleted information, or
reviewing access logs to a building or floor.
This project is a living project, meaning it will continue to grow as
new ideas, new techniques, and new methods of hiding data are discovered. It will also develop multiple
branches, like a tree, as it will cover suspect interviewing, key registry
settings in Microsoft Operating Systems, tools such as The Coroners Toolkit and
the Forensic Browser and etc.
Goal
Today, there is no single source of forensic knowledge, no
brain-dump on this science. Our goal is
to provide a central repository for this information for the security
community. This project will present
both, scenarios which tell stories and tutorials that will teach how to use
certain applications and tools. We have
found that stories are often the best way to teach. By sharing experiences, one will learn by
real-life instances hoping that one may even be able to relate or remember more
easily. In addition, some of the topics
presented here will coincide with the Honeynet@home
project.
Contributions
This project will continue to grow as more and more
information is contributed by the security community. If you would like to contribute, please send your
contribution to mrcorp@yahoo.com.
Further Links
Good Sources for Forensic Information:
Notes
Notes from the field: