The combination of the Yahoo Win4n6 group's discussion about David Kovar's post The Fragmentation of the digital forensics community, hooked-on-mnemonics blog post Malware Analysis Search, and writing my last post on searching RSS feeds inspired me to want to search for information a different way. A more effective way is to use a custom search engine that's configured to only search blogs, groups, forums, or any other sites related to digital forensics and incident response. Digital Forensic Search is a custom Google search and in a way I think it harnesses the collective knowledge and research of the people/organizations who share information back to the forensics community.
Digital Forensic Search results in more search hits which are in the realm of digital forensics and incident response. Depending on the artifact being researched, the search hits may result in information on the artifact, tools to extract data from the artifact, and how the artifact affected other practitioners' examinations. For example, perform a search for the keyword "link file" (include the quotes) in your favorite search engine. The first 10 hits in my search only included one digital forensics hit while the other hits were for information not beneficial to any type of forensic investigation. Run the same search in the Digital Forensic Search and it results in the majority of the hits being directly related to link files in the context of a digital forensic examination. Three of the hits on the first page were an article about the Evidentiary Value of Link Files on Forensic Focus, Richard Drinkwater's blog post Link Files in System Restore Points, and the article The Meaning of Link Files in Forensic Examinations on the Computer Forensics Miscellany website.
If anyone still isn't convinced in the value of a custom search then I recommend performing a couple of searches between *insert search engine*
This post is where I'm going to be maintaining the list of sites included in the Digital Forensic Search so any updates to the index will be reflected below.
Digital Forensic Search can be found at the top of jIIr or directly at this link:
http://www.google.com/cse/home?cx=011905220571137173365:7eskxxzhjj8
**********Sites Last Updated on 02/03/2013**********
The following is the listing of sites indexed by the Digital Forensic:
DFIR Blogs
A Geek Raised by Wolves http://jessekornblum.livejournal.com/
A Renaissance Security Professional http://renaissancesecurity.blogspot.com/
An Eye on Forensics http://eyeonforensics.blogspot.com/
An Eye on Forensics http://eyeonforensics.blogspot.com/
Active Security http://active-security.blogspot.com/
All things time related http://blog.kiddaland.net/
American Destroyer http://megadeus.com/
Another Forensics Blog http://az4n6.blogspot.com/
appointments-uk http://appointments-uk.blogspot.com/
All things time related http://blog.kiddaland.net/
American Destroyer http://megadeus.com/
Another Forensics Blog http://az4n6.blogspot.com/
appointments-uk http://appointments-uk.blogspot.com/
Ball In Your Court http://ballinyourcourt.wordpress.com/
Blog Matt Churchill http://mattchurchill.net/blog/
Bradley Schatz on the intersection of technology and the law http://blog.schatzforensic.com.au/
Browser Forensics http://www.browserforensics.com/
c-APT-ure http://c-apt-ure.blogspot.com/
cci http://cci.cocolog-nifty.com/blog/
Blog Matt Churchill http://mattchurchill.net/blog/
Bradley Schatz on the intersection of technology and the law http://blog.schatzforensic.com.au/
Browser Forensics http://www.browserforensics.com/
c-APT-ure http://c-apt-ure.blogspot.com/
cci http://cci.cocolog-nifty.com/blog/
Cellular.Sherlock - Mobile Forensics from the front lines http://blog.csvance.com/
Cheeky4n6Monkey - Learning About Digital Forensics http://cheeky4n6monkey.blogspot.com/
Chris Sanders http://chrissanders.org/
Christa Miller http://christammiller.com/
CnW Recovery http://cnwrecovery.blogspot.com/
Codeslack http://codeslack.blogspot.com/
Cheeky4n6Monkey - Learning About Digital Forensics http://cheeky4n6monkey.blogspot.com/
Chris Sanders http://chrissanders.org/
Christa Miller http://christammiller.com/
CnW Recovery http://cnwrecovery.blogspot.com/
Codeslack http://codeslack.blogspot.com/
Command Line Kung Fu http://blog.commandlinekungfu.com/
Computer Forensic Blog http://computer.forensikblog.de/en/
Computer Forensic Graduate http://computerforensicgraduate.wordpress.com
Computer Forensic Blog http://computer.forensikblog.de/en/
Computer Forensic Graduate http://computerforensicgraduate.wordpress.com
Computer Forensic Source http://forensicsource.blogspot.com/
Computer Forensics and IR - What's New http://newinforensics.blogspot.com/
Computer Forensics Forums - Recent Blogs Posts - Blogs http://www.computer-forensics.co.uk/computer-forensics-forums/blog.php?s=88da0ba9705c1f3b0a6e0ff5168ac75b
Computer Forensics, Malware Analysis & Digital Investigations http://www.forensickb.com/
Computer Forensics-E-Discovery Tips-Tricks and Information http://cfed-ttf.blogspot.com/
ComputerForensicSource.com http://www.computerforensicsource.com/
Consortium of Digital Forensic Specialists CDFS Blog http://www.cdfs.org/blog/
Consortium of Digital Forensic Specialists CDFS Blog http://www.cdfs.org/blog/
contagio http://contagiodump.blogspot.com/
copgeek018 http://copgeek018.wordpress.com/
Crucial Security Forensics Blog http://crucialsecurityblog.harris.com/
CSITech - Computer Forensics http://nickfurneaux.blogspot.com/
Crucial Security Forensics Blog http://crucialsecurityblog.harris.com/
CSITech - Computer Forensics http://nickfurneaux.blogspot.com/
CYB3RCRIM3 http://cyb3rcrim3.blogspot.com/
Cyber Crime 101 http://www.cybercrime101.com/
CyberSpeak's Podcast http://cyberspeak.libsyn.com/
Dancho Danchev's Blog - Mind Streams of Information Security Knowledge http://ddanchev.blogspot.com/
Default Deny http://kurtaubuchon.blogspot.com/
Derek Newton « Information Security Insights http://dereknewton.com/
DFF and Open Sourse Digitial Forensics blog http://www.digital-forensic.org/blog/
Derek Newton « Information Security Insights http://dereknewton.com/
DFF and Open Sourse Digitial Forensics blog http://www.digital-forensic.org/blog/
digfor http://digfor.blogspot.com/
Digital Detective http://blog.digital-detective.co.uk/
Digital Forensic Source http://www.digitalforensicsource.com/
Digital Forensics Stream http://dfstream.blogspot.com/
don't blink http://gutterchurl.blogspot.com/
dougee http://dougee652.blogspot.com/
Digital Forensics Blog http://digiforensics.blogspot.com/
don't blink http://gutterchurl.blogspot.com/
dougee http://dougee652.blogspot.com/
Digital Forensics Blog http://digiforensics.blogspot.com/
Digital Forensics Solutions http://dfsforensics.blogspot.com/
EDD and Forensics http://eddandforensics.blogspot.com/
edd blog online http://eddblogonline.blogspot.com
edd blog online http://eddblogonline.blogspot.com
Ex Forensis http://exforensis.blogspot.com/
FireEye Malware Intelligence Lab http://blog.fireeye.com/research/
Forensic 4cast http://www.forensic4cast.com/
FireEye Malware Intelligence Lab http://blog.fireeye.com/research/
Forensic 4cast http://www.forensic4cast.com/
forensic . seccure . net http://seccure.blogspot.com/
Forensic Artifacts http://forensicartifacts.com/
Forensic Computing — Digital forensics from the view of a computer scientist http://www.forensicblog.org/
Forensics For the Newbs http://forensicnewbs.wordpress.com/
Forensic Incident Response http://forensicir.blogspot.com/
Forensic Incident Response http://forensicir.blogspot.com/
Forensic interviews http://f-interviews.com/
Forensic Methods http://forensicmethods.com/
Forensic Photoshop http://forensicphotoshop.blogspot.com/
Forensicaliente - because digital forensics is "hot" http://forensicaliente.blogspot.com/
Forensically sound(ing off) http://marshalla99.wordpress.com/
Forensicator Of The Dead http://forensicotd.blogspot.com/
Forensics from London http://forensiccontrol.blogspot.com/
Forensics from the sausage factory http://forensicsfromthesausagefactory.blogspot.com/
Forensic Methods http://forensicmethods.com/
Forensic Photoshop http://forensicphotoshop.blogspot.com/
Forensicaliente - because digital forensics is "hot" http://forensicaliente.blogspot.com/
Forensically sound(ing off) http://marshalla99.wordpress.com/
Forensicator Of The Dead http://forensicotd.blogspot.com/
Forensics from London http://forensiccontrol.blogspot.com/
Forensics from the sausage factory http://forensicsfromthesausagefactory.blogspot.com/
Geoff Black's Forensic Gremlins - Everything that gives you fits in Digital
Girl, Unallocated http://girlunallocated.blogspot.com/
GPS Evidence Tracking Issues http://gpsevidence.blogspot.com/
Grand Stream Dreams http://grandstreamdreams.blogspot.com/
Forensics and E-Discovery http://www.geoffblack.com/
Girl, Unallocated http://girlunallocated.blogspot.com/
GPS Evidence Tracking Issues http://gpsevidence.blogspot.com/
Grand Stream Dreams http://grandstreamdreams.blogspot.com/
Forensics and E-Discovery http://www.geoffblack.com/
Hacking Exposed Computer Forensics blog http://hackingexposedcomputerforensicsblog.blogspot.com/
Happy As A Monkey http://happyasamonkey.wordpress.com/
Hexacorn Blog http://www.hexacorn.com/blog/
integriography A Journal of Broken Locks, Ethics, and Computer Forensics http://integriography.wordpress.com/
Hexacorn Blog http://www.hexacorn.com/blog/
integriography A Journal of Broken Locks, Ethics, and Computer Forensics http://integriography.wordpress.com/
Internet Storm Center Diary http://isc.sans.edu/
JL's stuff http://gleeda.blogspot.com/
JonRajewski http://www.jonrajewski.com/cyberblog/
Journey into Incident Response http://journeyintoir.blogspot.com/
Journey into Incident Response http://journeyintoir.blogspot.com/
JustAskWeg http://justaskweg.com
Linux Sleuthing http://linuxsleuthing.blogspot.com/
Lowmanio (digital forensic category) http://www.lowmanio.co.uk/blog/categories/digital-forensics/
Macaroni Forensics http://macaroniforensics.blogspot.com/
Linux Sleuthing http://linuxsleuthing.blogspot.com/
Lowmanio (digital forensic category) http://www.lowmanio.co.uk/blog/categories/digital-forensics/
Macaroni Forensics http://macaroniforensics.blogspot.com/
man allyn-blog http://allynstott.blogspot.com/
Matthieu Suiche’s blog ! - Happiness only real when shared. http://www.msuiche.net/
Matthieu Suiche’s blog ! - Happiness only real when shared. http://www.msuiche.net/
Malware Analysis Blog http://www.malanalysis.com/blog/
Mark Russinovich's Blog http://blogs.technet.com/b/markrussinovich/
McGrew Security Blog http://www.mcgrewsecurity.com/
Mark Russinovich's Blog http://blogs.technet.com/b/markrussinovich/
McGrew Security Blog http://www.mcgrewsecurity.com/
Memory Forensics http://memoryforensics.blogspot.com/
MNIN Security http://www.malwarecookbook.com/
MNIN Security Blog http://mnin.blogspot.com/
Mobile Device Forensics http://mobileforensics.wordpress.com/
MNIN Security http://www.malwarecookbook.com/
MNIN Security Blog http://mnin.blogspot.com/
Mobile Device Forensics http://mobileforensics.wordpress.com/
Mobile Forensics Inc Blogger http://blog.mobileforensicsinc.com/
Mobile Telephone Evidence http://trewmte.blogspot.com/
Multimedia Forensics http://multimediaforensics.com/
My Stupid Forensic Blog http://marksforensicblog.wordpress.com/
M-unition http://blog.mandiant.com/
nerdiosity http://www.nerdiosity.com/
Nibble on DAV NADS http://www.davnads.blogspot.com/
Notes http://msvetlik.wordpress.com/
Open Security Research http://blog.opensecurityresearch.com/
OS X Forensics Blog http://osxforensics.wordpress.com/
Overhack http://overhack.wordpress.com/
Phil Hagen's Scratch Pad http://stuffphilwrites.com
My Stupid Forensic Blog http://marksforensicblog.wordpress.com/
M-unition http://blog.mandiant.com/
nerdiosity http://www.nerdiosity.com/
Nibble on DAV NADS http://www.davnads.blogspot.com/
Notes http://msvetlik.wordpress.com/
Open Security Research http://blog.opensecurityresearch.com/
OS X Forensics Blog http://osxforensics.wordpress.com/
Overhack http://overhack.wordpress.com/
Phil Hagen's Scratch Pad http://stuffphilwrites.com
Post Humorous http://www.posthumorous.com/
Practical Digital Forensics http://practicaldigitalforensics.blogspot.com/
Propeller Head Forensics http://propellerheadforensics.com/
Push the Red Button http://moyix.blogspot.com/
Practical Digital Forensics http://practicaldigitalforensics.blogspot.com/
Propeller Head Forensics http://propellerheadforensics.com/
Push the Red Button http://moyix.blogspot.com/
RAM Slack – Random Thoughts from a Computer Forensic Examiner http://ramslack.wordpress.com/
Random Thoughts of Forensics http://randomthoughtsofforensics.blogspot.com/
Reversing Malware http://internetopenurla.blogspot.com/
Reversing Malware http://internetopenurla.blogspot.com/
SANs Penetration Testing Blog http://pen-testing.sans.org/blog
Sketchymoose's Blog http://sketchymoose.blogspot.com/
Security Ripcord http://www.cutawaysecurity.com/blog/
Sempersecurus http://sempersecurus.blogspot.com/
Sergio Hernando http://www.sahw.com/wp/
Scudette in Wonderland http://scudette.blogspot.com/
Student of Security http://mikeahrendt.blogspot.com/
System Forensics http://www.sysforensics.org/
Seculert http://blog.seculert.com/
Secureartisan http://secureartisan.wordpress.com/
Security Braindump http://securitybraindump.blogspot.com/
TaoSecurity http://taosecurity.blogspot.com/
Sketchymoose's Blog http://sketchymoose.blogspot.com/
Security Ripcord http://www.cutawaysecurity.com/blog/
Sempersecurus http://sempersecurus.blogspot.com/
Sergio Hernando http://www.sahw.com/wp/
Scudette in Wonderland http://scudette.blogspot.com/
Student of Security http://mikeahrendt.blogspot.com/
System Forensics http://www.sysforensics.org/
Seculert http://blog.seculert.com/
Secureartisan http://secureartisan.wordpress.com/
Security Braindump http://securitybraindump.blogspot.com/
TaoSecurity http://taosecurity.blogspot.com/
Taksati http://taksati.wordpress.com/
The Cave http://cyb3rdaw6.harpermountain.net/
The Digital Standard http://thedigitalstandard.blogspot.com/
The Digital4rensics Blog http://www.digital4rensics.com/
The Forensics Ferret Blog http://forensicsferret.wordpress.com/
The Last Line of Defense http://blog.tllod.com/
trustedsignal -- blog http://trustedsignal.blogspot.com/
Unchained Forensics http://unchainedforensics.blogspot.com/
Unmask Parisites blog http://blog.unmaskparasites.com/
ViaForensics https://viaforensics.com/blog/
Volatility Advanced Memory Forensics http://volatility.tumblr.com/
The Cave http://cyb3rdaw6.harpermountain.net/
The Digital Standard http://thedigitalstandard.blogspot.com/
The Digital4rensics Blog http://www.digital4rensics.com/
The Forensics Ferret Blog http://forensicsferret.wordpress.com/
The Last Line of Defense http://blog.tllod.com/
trustedsignal -- blog http://trustedsignal.blogspot.com/
Unchained Forensics http://unchainedforensics.blogspot.com/
Unmask Parisites blog http://blog.unmaskparasites.com/
ViaForensics https://viaforensics.com/blog/
Volatility Advanced Memory Forensics http://volatility.tumblr.com/
Volatility Labs http://volatility-labs.blogspot.com/
Webcase Weblog http://veresoftware.com/blog/
Websense Security Labs http://community.websense.com/blogs/securitylabs/
Windows Forensic Environment http://winfe.wordpress.com/
Webcase Weblog http://veresoftware.com/blog/
Websense Security Labs http://community.websense.com/blogs/securitylabs/
Windows Forensic Environment http://winfe.wordpress.com/
Windows Incident Response http://windowsir.blogspot.com/
WriteBlocked http://writeblocked.org/
Wyatt Roersma Blog http://www.wyattroersma.com/
Yogesh Khatri's forensic blog http://www.swiftforensics.com/
Zena Forensics http://blog.digital-forensics.it/
Zscaler http://research.zscaler.com/
WriteBlocked http://writeblocked.org/
Wyatt Roersma Blog http://www.wyattroersma.com/
Yogesh Khatri's forensic blog http://www.swiftforensics.com/
Zena Forensics http://blog.digital-forensics.it/
Zscaler http://research.zscaler.com/
DFIR Websites
Brian Carrier Digital Investigation - Forensics and Evidence Research http://www.digital-evidence.org/
CERIAS Reports and Papers Archive https://www.cerias.purdue.edu/apps/reports_and_papers/
Cert http://www.cert.org/
Computer Crime & Intellectual Property Section US DOJ http://www.justice.gov/criminal/cybercrime/
Computer Forensics Miscellany http://computerforensics.parsonage.co.uk/
Craig Gall Helping Lawyers Master Technology http://www.craigball.com/
DFI News http://www.dfinews.com/
DFRWS (Digital Forensics Research Conference) http://www.dfrws.org/Digital Forensics Magazine supporting the professional computer security industry http://www.digitalforensicsmagazine.com/
Digital Forensics Solutions' Research http://www.digitalforensicssolutions.com/research.shtml
ENSIA CERT http://www.enisa.europa.eu/act/cert/
E-Evidence Information Center - Home http://www.e-evidence.info/
FIRST - Improving security together http://www.first.org/
Forensic Focus www.forensicfocus.com/
Forensic Magazine Issues http://www.forensicmag.com/
Forensics Wiki http://www.forensicswiki.org/
Inside the registry http://www.insidetheregistry.com/regdatabase/
I-Sight's Investigations http://i-sight.com/investigation/
International Journal of Digital Evidence on Utica College http://www.utica.edu/academic/institutes/ecii/ijde/
Into The Boxes http://intotheboxes.wordpress.com/
IronGeek's InfoSec Articles http://www.irongeek.com/i.php?page=security/
Journal of Digital Forensics, Security and Law http://www.jdfsl.org/
Lenny Zeltser http://zeltser.com/
log2timeline http://log2timeline.net/
mnin.org http://www.mnin.org/
Mobile Forensics Central http://www.mobileforensicscentral.com/
National Institute of Justice Publications http://nij.gov/nij/pubs-sum/
National White Collar Crime Center http://www.nw3c.org/
Network Forensics Puzzle Contest http://forensicscontest.com/
NIST Computer Security Division Special Publications http://csrc.nist.gov/publications/nistpubs/
Open Source Digital Forensics http://www2.opensourceforensics.org/
SANs Computer Forensics http://computer-forensics.sans.org/
SANS InfoSec Reading Room - Forensics http://www.sans.org/reading_room/whitepapers/forensics/
SANS InfoSec Reading Room - Incident Handling http://www.sans.org/reading_room/whitepapers/incident/
SANS InfoSec Reading Room - Malicious Code http://www.sans.org/reading_room/whitepapers/malicious/
SANS InfoSec Reading Room - Steganography http://www.sans.org/reading_room/whitepapers/stenganography/
Small Scale Digital Device Forensics Journal http://www.ssddfj.org/
SWGDE http://www.swgde.org/
The Honeynet Project Challenges https://www.honeynet.org/challenges/
Welcome AppleExaminer http://www.appleexaminer.com/
DFIR Webpages
AuSCERT Forming an Incident Response Team http://www.auscert.org.au/render.html?it=2252&cid=1938
Cybercrime.gov searching and seizing manual http://www.cybercrime.gov/ssmanual/index.html
Daubert v. Merrell Dow Pharmaceuticals http://www.law.cornell.edu/supct/html/92-102.ZS.html
Default Processes in Windows 2000 http://support.microsoft.com/kb/263201
Digital Evidence: Standards and Principles http://www.fbi.gov/about-us/lab/forensic-science-communications/fsc/april2000/swgde.htm
Digitalcorpora Disk Images http://digitalcorpora.org/corpora/disk-images/
FileSignatures Table http://www.garykessler.net/library/file_sigs.html
Forensically interesting spots in the Windows 7, Vista and XP file system and registry (and anti-forensics) http://www.irongeek.com/i.php?page=security/windows-forensics-registry-and-file-system-spots
Microsoft Windows XP - Default settings for services http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/sys_srv_default_settings.mspx?mfr=true
QQIS Whitepapers http://qccis.com/resources/publications/
RFC 3227 - Guidelines for Evidence Collection and Archiving http://www.rfc-archive.org/getrfc.php?rfc=3227
SEI Handbook for Incident Response Teams http://www.sei.cmu.edu/library/abstracts/reports/03hb002.cfm
Windows 7 Default Services and Suggested Startup Mode http://www.windowsnetworking.com/articles_tutorials/Windows-7-Default-Services-Suggested-Startup-Mode.html
DFIR Groups
Yahoo Win4n6 Group http://tech.groups.yahoo.com/group/win4n6/
Yahoo Linux Forensics Group http://tech.groups.yahoo.com/group/linux_forensics/
DFIR Tool Websites
Digital Forensics Framework Wiki http://wiki.digital-forensic.org/
Jafat Archive of Forensic Analysis Tools http://jafat.sourceforge.net/
Live View http://liveview.sourceforge.net/
md5deep and hashdeep http://md5deep.sourceforge.net/
MiTec http://www.mitec.cz/
My SecTools http://www.mysectools.com/
NirSoft http://www.nirsoft.net/
OpenSourceForensics http://code.google.com/p/opensourceforensics/
pydetective http://code.google.com/p/pydetective/
Registry Decoder http://code.google.com/p/registrydecoder/
Registry Decoder Live http://code.google.com/p/regdecoderlive/
RegRipper http://regripper.wordpress.com/
Shadow Explorer http://www.shadowexplorer.com/
Sleuthkit http://www.sleuthkit.org/
TZWorks LLC http://www.tzworks.net/
Volatility An advanced memory forensics framework http://code.google.com/p/volatility/
Winforensicaanalysis http://code.google.com/p/winforensicaanalysis/
Windows Forensic Environment http://winfe.wordpress.com/
Woanware http://www.woanware.co.uk/
DFIR Tool Webpages
Digital Detective - Free Tools http://www.digital-detective.co.uk/freetools/decode.asp
E-evidence Information Center - Other Forensic Tools http://www.e-evidence.info/other.html
Forensic Control Free Computer Forensic Tools http://forensiccontrol.com/resources/free-software/
HB Gary Free Security Tools http://www.hbgary.com/free-tools
IndxParse http://www.williballenthin.com/forensics/indx/index.html
Mandiant Free Software http://www.mandiant.com/products/free_software
QCC Information Security Free Forensic Tools http://www.qccis.com/forensic-tools
RedWolf Computer Forensics http://redwolfcomputerforensics.com/index.php?option=com_content&task=view&id=42&Itemid=55
Sanderson Forensics Free Utilities http://www.sandersonforensics.com/content.asp?page=15
0 comments:
Post a Comment