Introducing the Digital Forensics Search

Saturday, April 9, 2011 Posted by Corey Harrell
Have you ever run a *insert search engine* search to locate information about an artifact only to find a listing of mostly irrelevant hits? A lot of time is wasted going through the irrelevant hits to locate the few websites with information that helps you better see how the artifacts fit into your forensic examination. Wouldn't it be better if the majority of the search hits were in the context of digital forensics or incident response, thereby making the hits more relevant to your forensic examination? Here is the formal introduction of the Digital Forensic Search engine.

The combination of the Yahoo Win4n6 group's discussion about David Kovar's post The Fragmentation of the digital forensics community, hooked-on-mnemonics blog post Malware Analysis Search, and writing my last post on searching RSS feeds inspired me to want to search for information a different way. A more effective way is to use a custom search engine that's configured to only search blogs, groups, forums, or any other sites related to digital forensics and incident response. Digital Forensic Search is a custom Google search and in a way I think it harnesses the collective knowledge and research of the people/organizations who share information back to the forensics community.

Digital Forensic Search results in more search hits which are in the realm of digital forensics and incident response. Depending on the artifact being researched, the search hits may result in information on the artifact, tools to extract data from the artifact, and how the artifact affected other practitioners' examinations. For example, perform a search for the keyword "link file" (include the quotes) in your favorite search engine. The first 10 hits in my search only included one digital forensics hit while the other hits were for information not beneficial to any type of forensic investigation. Run the same search in the Digital Forensic Search and it results in the majority of the hits being directly related to link files in the context of a digital forensic examination. Three of the hits on the first page were an article about the Evidentiary Value of Link Files on Forensic Focus, Richard Drinkwater's blog post Link Files in System Restore Points, and the article The Meaning of Link Files in Forensic Examinations on the Computer Forensics Miscellany website.

If anyone still isn't convinced in the value of a custom search then I recommend performing a couple of searches between *insert search engine* and Digital Forensic Search. A few potential topics to search on are: comdlg32, tool validation, evidence collection, timeline analysis, or volume shadow copies. The searches should show that Digital Forensic Search has more relevant hits related to digital forensic and incident response which results in it being one effective method to locate information.

This post is where I'm going to be maintaining the list of sites included in the Digital Forensic Search so any updates to the index will be reflected below. The repository tries to focus on sites containing information on digital forensics and incident response as opposed to tool specific sites. With this in mind, if you see any sites missing or URLs with too much noise (such as job postings) then post a comment or send me an email.

Digital Forensic Search can be found at the top of jIIr or directly at this link:

**********Sites Last Updated on 02/15/2015**********

The following is the listing of sites indexed by the Digital Forensic:

DFIR Blogs

A Geek Raised by Wolves
A Renaissance Security Professional
Adventures in Security
An Eye on Forensics
Active Security
Andrew Hay
All things time related
American Destroyer
Another Forensics Blog
Anton Chuvakin
Ball In Your Court
binary foray
Blog Matt Churchill
Bradley Schatz on the intersection of technology and the law
BriMor Labs
Browser Forensics
Cellular.Sherlock - Mobile Forensics from the front lines
Cheeky4n6Monkey - Learning About Digital Forensics
Chris Sanders
Christa Miller
CnW Recovery
Command Line Kung Fu
Computer Forensic Blog
Computer Forensic Graduate
Computer Forensic Source
Computer Forensics and IR - What's New
Computer Forensics, Malware Analysis & Digital Investigations
Computer Forensics-E-Discovery Tips-Tricks and Information
Consortium of Digital Forensic Specialists CDFS Blog
Crucial Security Forensics Blog
CSITech - Computer Forensics
Cyber Security Maven -- Techie
CyberSpeak's Podcast
Cylance Blog
Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
Default Deny
Derek Newton « Information Security Insights
DF Procedures and Musings
DFF and Open Sourse Digitial Forensics blog
Digital Forensics Solutions
Enterprise Detection & Response
Every Bit Counts

Ex Forensis
FireEye Malware Intelligence Lab
Forensic 4cast
forensic . seccure . net
Forensic Artifacts
Forensic Computing — Digital forensics from the view of a computer scientist
Forensics For the Newbs
Forensic Incident Response
Forensic interviews
Forensic Methods
Forensic Photoshop
Forensicaliente - because digital forensics is "hot"
Forensically sound(ing off)
Forensicator Of The Dead
Forensics from London
Forensics from the sausage factory
Fun with Lost Bits n Bytes
G33k G1r1 goes Binary
Geoff Black's Forensic Gremlins - Everything that gives you fits in Digital
Ghetto Forensics
Girl, Unallocated
GPS Evidence Tracking Issues
Grand Stream Dreams
Forensics and E-Discovery
Hacking Exposed Computer Forensics blog
Happy As A Monkey
Hexacorn Blog
HeX-OR Forensics
InfoSec Insights
integriography A Journal of Broken Locks, Ethics, and Computer Forensics
Internet Storm Center Diary
Journey into Incident Response
Lenny Zeltser on Information Security
Linux Sleuthing
Lowmanio (digital forensic category)
Macaroni Forensics
man allyn-blog
Matthieu Suiche’s blog ! - Happiness only real when shared.
Memory Forensics
MNIN Security
MNIN Security Blog
Mobile Device Forensics
Mobile Forensics Inc Blogger
Mobile Telephone Evidence
Post Humorous
Practical Digital Forensics
Propeller Head Forensics
Push the Red Button
RAM Slack – Random Thoughts from a Computer Forensic Examiner
Riij morf tnetnoc siht elots I
Ryan Stillions

SANs Penetration Testing Blog
Sketchymoose's Blog
Security Ripcord
Securosis Blog
Sergio Hernando
Scudette in Wonderland
Student of Security
Sucuri Blog
System Forensics
Security Braindump
The Cave
The Digital Standard
The Digital4rensics Blog
The Forensics Ferret Blog
The Last Line of Defense
Trace Evidence
trustedsignal -- blog
Unchained Forensics
Unmask Parisites blog
Volatility Advanced Memory Forensics
Windows Incident Response
Wyatt Roersma Blog
Yogesh Khatri's forensic blog

DFIR Websites

Brian Carrier Digital Investigation - Forensics and Evidence Research
CERIAS Reports and Papers Archive
Computer Crime & Intellectual Property Section US DOJ
Computer Forensics Miscellany
Craig Gall Helping Lawyers Master Technology
DFRWS (Digital Forensics Research Conference)
Digital Forensics Magazine supporting the professional computer security industry
Digital Forensics Solutions' Research
E-Evidence Information Center - Home
FIRST - Improving security together
Forensic Focus
Forensic Magazine Issues
Forensics Wiki
HolisticInfoSec toolsmith
Inside the registry
I-Sight's Investigations
International Journal of Digital Evidence on Utica College
Into The Boxes
IronGeek's InfoSec Articles
Journal of Digital Forensics, Security and Law
Lenny Zeltser
Mobile Forensics Central
National Institute of Justice Publications
National White Collar Crime Center
Network Forensics Puzzle Contest
NIST Computer Security Division Special Publications
Open Source Digital Forensics
SANs Computer Forensics
SANS InfoSec Reading Room - Forensics
SANS InfoSec Reading Room - Incident Handling
SANS InfoSec Reading Room - Malicious Code
SANS InfoSec Reading Room - Steganography
SANs Summit Archives
Small Scale Digital Device Forensics Journal
The Honeynet Project Challenges
Welcome AppleExaminer

DFIR Webpages

AuSCERT Forming an Incident Response Team searching and seizing manual
Daubert v. Merrell Dow Pharmaceuticals
Default Processes in Windows 2000
Digital Evidence: Standards and Principles
Digitalcorpora Disk Images
FileSignatures Table
Forensically interesting spots in the Windows 7, Vista and XP file system and registry (and anti-forensics)
Microsoft Windows XP - Default settings for services
QQIS Whitepapers
RFC 3227 - Guidelines for Evidence Collection and Archiving
SEI Handbook for Incident Response Teams
Windows 7 Default Services and Suggested Startup Mode

DFIR Groups

Yahoo Win4n6 Group
Yahoo Linux Forensics Group 
The Vol-users Archives

DFIR Tool Websites

Digital Forensics Framework Wiki
Jafat Archive of Forensic Analysis Tools
Joakim Schicht
Live View
md5deep and hashdeep
My SecTools
plaso - home of the super timeline
Registry Decoder
Registry Decoder Live
Rekall Memory Forensic Framework
Shadow Explorer
Volatility An advanced memory forensics framework
Windows Forensic Environment

DFIR Tool Webpages

Digital Detective - Free Tools
Forensic Control Free Computer Forensic Tools
HB Gary Free Security Tools
Mandiant Free Software
QCC Information Security Free Forensic Tools
RedWolf Computer Forensics
Sanderson Forensics Free Utilities
  1. Anonymous

    I have been using "Digital Forensics Search Engine" from for at least a couple of years now. It works great and has similar functionality as the Digital Forensic Search.


  2. I don't use search features on blogs since I just point Google at the sites using site:URL. I just assumed blogs search features either searched only that site, or that site & any links on the site. Digfor is one of the blogs I follow and I didn't know they had a Digital Forensic Search Engine since I never ran a search from their blog.

  3. HP


    I picked up your DF search from Douglas Brush's post on FF and you have a great list of sources which is very helpful to have in one place. I'll look through my bookmarks and see if I can find any to add to your list.

    Thanks for this.


  4. Kalyan


    This search engine is awesome. Thanks for your efforts. I am using it regularly

  5. Good job Corey,

    I have set up "Digital Forensics Search Engine" a while ago and haven't updated it for some time now. It's ok for my purposes but it is not as comprehensive as yours, so keep up the good work.


  6. This comment has been removed by a blog administrator.

Post a Comment