Introducing the Digital Forensics Search
Saturday, April 9, 2011
Have you ever run a *insert search engine* search to locate information about an artifact only to find a listing of mostly irrelevant hits? A lot of time is wasted going through the irrelevant hits to locate the few websites with information that helps you better see how the artifacts fit into your forensic examination. Wouldn't it be better if the majority of the search hits were in the context of digital forensics or incident response, thereby making the hits more relevant to your forensic examination? Here is the formal introduction of the Digital Forensic Search engine.
The combination of the Yahoo Win4n6 group's discussion about David Kovar's post The Fragmentation of the digital forensics community, hooked-on-mnemonics blog post Malware Analysis Search, and writing my last post on searching RSS feeds inspired me to want to search for information a different way. A more effective way is to use a custom search engine that's configured to only search blogs, groups, forums, or any other sites related to digital forensics and incident response. Digital Forensic Search is a custom Google search and in a way I think it harnesses the collective knowledge and research of the people/organizations who share information back to the forensics community.
Digital Forensic Search results in more search hits which are in the realm of digital forensics and incident response. Depending on the artifact being researched, the search hits may result in information on the artifact, tools to extract data from the artifact, and how the artifact affected other practitioners' examinations. For example, perform a search for the keyword "link file" (include the quotes) in your favorite search engine. The first 10 hits in my search only included one digital forensics hit while the other hits were for information not beneficial to any type of forensic investigation. Run the same search in the Digital Forensic Search and it results in the majority of the hits being directly related to link files in the context of a digital forensic examination. Three of the hits on the first page were an article about the Evidentiary Value of Link Files on Forensic Focus, Richard Drinkwater's blog post Link Files in System Restore Points, and the article The Meaning of Link Files in Forensic Examinations on the Computer Forensics Miscellany website.
If anyone still isn't convinced in the value of a custom search then I recommend performing a couple of searches between *insert search engine*and Digital Forensic Search. A few potential topics to search on are: comdlg32, tool validation, evidence collection, timeline analysis, or volume shadow copies. The searches should show that Digital Forensic Search has more relevant hits related to digital forensic and incident response which results in it being one effective method to locate information.
This post is where I'm going to be maintaining the list of sites included in the Digital Forensic Search so any updates to the index will be reflected below.The repository tries to focus on sites containing information on digital forensics and incident response as opposed to tool specific sites. With this in mind, if you see any sites missing or URLs with too much noise (such as job postings) then post a comment or send me an email.
Digital Forensic Search can be found at the top of jIIr or directly at this link:
http://www.google.com/cse/home?cx=011905220571137173365:7eskxxzhjj8
DFIR Websites
Digital Forensics Magazine supporting the professional computer security industry http://www.digitalforensicsmagazine.com/
Digital Forensics Solutions' Research http://www.digitalforensicssolutions.com/research.shtml
ENSIA CERT http://www.enisa.europa.eu/act/cert/
E-Evidence Information Center - Home http://www.e-evidence.info/
FIRST - Improving security together http://www.first.org/
Forensic Focus www.forensicfocus.com/
Forensic Magazine Issues http://www.forensicmag.com/
Forensics Wiki http://www.forensicswiki.org/
HolisticInfoSec toolsmith http://holisticinfosec.org/toolsmith
Inside the registry http://www.insidetheregistry.com/regdatabase/
I-Sight's Investigations http://i-sight.com/investigation/
International Journal of Digital Evidence on Utica College http://www.utica.edu/academic/institutes/ecii/ijde/
Into The Boxes http://intotheboxes.wordpress.com/
IronGeek's InfoSec Articles http://www.irongeek.com/i.php?page=security/
Journal of Digital Forensics, Security and Law http://www.jdfsl.org/
Lenny Zeltser http://zeltser.com/
log2timeline http://log2timeline.net/
mnin.org http://www.mnin.org/
Mobile Forensics Central http://www.mobileforensicscentral.com/
National Institute of Justice Publications http://nij.gov/nij/pubs-sum/
National White Collar Crime Center http://www.nw3c.org/
Network Forensics Puzzle Contest http://forensicscontest.com/
NIST Computer Security Division Special Publications http://csrc.nist.gov/publications/nistpubs/
Open Source Digital Forensics http://www2.opensourceforensics.org/
SANs Computer Forensics http://computer-forensics.sans.org/
SANS InfoSec Reading Room - Forensics http://www.sans.org/reading_room/whitepapers/forensics/
SANS InfoSec Reading Room - Incident Handling http://www.sans.org/reading_room/whitepapers/incident/
SANS InfoSec Reading Room - Malicious Code http://www.sans.org/reading_room/whitepapers/malicious/
SANS InfoSec Reading Room - Steganography http://www.sans.org/reading_room/whitepapers/stenganography/
SANs Summit Archives http://digital-forensics.sans.org/summit-archives
Small Scale Digital Device Forensics Journal http://www.ssddfj.org/
SWGDE http://www.swgde.org/
The Honeynet Project Challenges https://www.honeynet.org/challenges/
Welcome AppleExaminer http://www.appleexaminer.com/
Williballenthin.com http://williballenthin.com
DFIR Webpages
AuSCERT Forming an Incident Response Team http://www.auscert.org.au/render.html?it=2252&cid=1938
Cybercrime.gov searching and seizing manual http://www.cybercrime.gov/ssmanual/index.html
Daubert v. Merrell Dow Pharmaceuticals http://www.law.cornell.edu/supct/html/92-102.ZS.html
Default Processes in Windows 2000 http://support.microsoft.com/kb/263201
Digital Evidence: Standards and Principles http://www.fbi.gov/about-us/lab/forensic-science-communications/fsc/april2000/swgde.htm
Digitalcorpora Disk Images http://digitalcorpora.org/corpora/disk-images/
FileSignatures Table http://www.garykessler.net/library/file_sigs.html
Forensically interesting spots in the Windows 7, Vista and XP file system and registry (and anti-forensics) http://www.irongeek.com/i.php?page=security/windows-forensics-registry-and-file-system-spots
Microsoft Windows XP - Default settings for services http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/sys_srv_default_settings.mspx?mfr=true
QQIS Whitepapers http://qccis.com/resources/publications/
RFC 3227 - Guidelines for Evidence Collection and Archiving http://www.rfc-archive.org/getrfc.php?rfc=3227
SEI Handbook for Incident Response Teams http://www.sei.cmu.edu/library/abstracts/reports/03hb002.cfm
Windows 7 Default Services and Suggested Startup Mode http://www.windowsnetworking.com/articles_tutorials/Windows-7-Default-Services-Suggested-Startup-Mode.html
DFIR Groups
Yahoo Win4n6 Group http://tech.groups.yahoo.com/group/win4n6/
Yahoo Linux Forensics Group http://tech.groups.yahoo.com/group/linux_forensics/
The Vol-users Archives http://lists.volatilesystems.com/pipermail/vol-users/
The combination of the Yahoo Win4n6 group's discussion about David Kovar's post The Fragmentation of the digital forensics community, hooked-on-mnemonics blog post Malware Analysis Search, and writing my last post on searching RSS feeds inspired me to want to search for information a different way. A more effective way is to use a custom search engine that's configured to only search blogs, groups, forums, or any other sites related to digital forensics and incident response. Digital Forensic Search is a custom Google search and in a way I think it harnesses the collective knowledge and research of the people/organizations who share information back to the forensics community.
Digital Forensic Search results in more search hits which are in the realm of digital forensics and incident response. Depending on the artifact being researched, the search hits may result in information on the artifact, tools to extract data from the artifact, and how the artifact affected other practitioners' examinations. For example, perform a search for the keyword "link file" (include the quotes) in your favorite search engine. The first 10 hits in my search only included one digital forensics hit while the other hits were for information not beneficial to any type of forensic investigation. Run the same search in the Digital Forensic Search and it results in the majority of the hits being directly related to link files in the context of a digital forensic examination. Three of the hits on the first page were an article about the Evidentiary Value of Link Files on Forensic Focus, Richard Drinkwater's blog post Link Files in System Restore Points, and the article The Meaning of Link Files in Forensic Examinations on the Computer Forensics Miscellany website.
If anyone still isn't convinced in the value of a custom search then I recommend performing a couple of searches between *insert search engine*
This post is where I'm going to be maintaining the list of sites included in the Digital Forensic Search so any updates to the index will be reflected below.
Digital Forensic Search can be found at the top of jIIr or directly at this link:
http://www.google.com/cse/home?cx=011905220571137173365:7eskxxzhjj8
**********Sites Last Updated on 02/15/2015**********
The following is the listing of sites indexed by the Digital Forensic:
DFIR Blogs
4ensics.net http://www.4ensics.net
4n6k http://4n6k.blogspot.com/
505Forensics http://www.505forensics.com
A Blog On Fire http://ablogonfire.com
A Fistful of Dongles http://ericjhuber.blogspot.com/
4n6k http://4n6k.blogspot.com/
505Forensics http://www.505forensics.com
A Blog On Fire http://ablogonfire.com
A Fistful of Dongles http://ericjhuber.blogspot.com/
A Geek Raised by Wolves http://jessekornblum.livejournal.com/
A Renaissance Security Professional http://renaissancesecurity.blogspot.com/
Adventures in Security http://securitykitten.github.io/
An Eye on Forensics http://eyeonforensics.blogspot.com/
Adventures in Security http://securitykitten.github.io/
An Eye on Forensics http://eyeonforensics.blogspot.com/
Active Security http://active-security.blogspot.com/
Andrew Hay http://www.andrewhay.ca
All things time related http://blog.kiddaland.net/
American Destroyer http://megadeus.com/
Another Forensics Blog http://az4n6.blogspot.com/
Anton Chuvakin http://blogs.gartner.com/anton-chuvakin
appointments-uk http://appointments-uk.blogspot.com/
Andrew Hay http://www.andrewhay.ca
All things time related http://blog.kiddaland.net/
American Destroyer http://megadeus.com/
Another Forensics Blog http://az4n6.blogspot.com/
Anton Chuvakin http://blogs.gartner.com/anton-chuvakin
appointments-uk http://appointments-uk.blogspot.com/
Ball In Your Court http://ballinyourcourt.wordpress.com/
binary foray http://binaryforay.blogspot.com/
Blog Matt Churchill http://mattchurchill.net/blog/
Bradley Schatz on the intersection of technology and the law http://blog.schatzforensic.com.au/
BriMor Labs http://brimorlabs.blogspot.com
Browser Forensics http://www.browserforensics.com/
c-APT-ure http://c-apt-ure.blogspot.com/
cci http://takahiroharuyama.github.io/
Cellular.Sherlock - Mobile Forensics from the front lines http://blog.csvance.com/
binary foray http://binaryforay.blogspot.com/
Blog Matt Churchill http://mattchurchill.net/blog/
Bradley Schatz on the intersection of technology and the law http://blog.schatzforensic.com.au/
BriMor Labs http://brimorlabs.blogspot.com
Browser Forensics http://www.browserforensics.com/
c-APT-ure http://c-apt-ure.blogspot.com/
cci http://takahiroharuyama.github.io/
Cellular.Sherlock - Mobile Forensics from the front lines http://blog.csvance.com/
Cheeky4n6Monkey - Learning About Digital Forensics http://cheeky4n6monkey.blogspot.com/
Chip_DFIR http://chip-dfir.techanarchy.net/
Chris Sanders http://chrissanders.org/
Christa Miller http://christammiller.com/
CnW Recovery http://cnwrecovery.blogspot.com/
Codeslack http://codeslack.blogspot.com/
Chip_DFIR http://chip-dfir.techanarchy.net/
Chris Sanders http://chrissanders.org/
Christa Miller http://christammiller.com/
CnW Recovery http://cnwrecovery.blogspot.com/
Codeslack http://codeslack.blogspot.com/
Command Line Kung Fu http://blog.commandlinekungfu.com/
Computer Forensic Blog http://computer.forensikblog.de/en/
Computer Forensic Graduate http://computerforensicgraduate.wordpress.com
Computer Forensic Blog http://computer.forensikblog.de/en/
Computer Forensic Graduate http://computerforensicgraduate.wordpress.com
Computer Forensic Source http://forensicsource.blogspot.com/
Computer Forensics and IR - What's New http://newinforensics.blogspot.com/
Computer Forensics Forums - Recent Blogs Posts - Blogs http://www.computer-forensics.co.uk/computer-forensics-forums/blog.php?s=88da0ba9705c1f3b0a6e0ff5168ac75b
Computer Forensics, Malware Analysis & Digital Investigations http://www.forensickb.com/
Computer Forensics-E-Discovery Tips-Tricks and Information http://cfed-ttf.blogspot.com/
ComputerForensicSource.com http://www.computerforensicsource.com/
Consortium of Digital Forensic Specialists CDFS Blog http://www.cdfs.org/blog/
Consortium of Digital Forensic Specialists CDFS Blog http://www.cdfs.org/blog/
contagio http://contagiodump.blogspot.com/
copgeek018 http://copgeek018.wordpress.com/
Crucial Security Forensics Blog http://crucialsecurityblog.harris.com/
CSITech - Computer Forensics http://nickfurneaux.blogspot.com/
Crucial Security Forensics Blog http://crucialsecurityblog.harris.com/
CSITech - Computer Forensics http://nickfurneaux.blogspot.com/
CYB3RCRIM3 http://cyb3rcrim3.blogspot.com/
Cyber Crime 101 http://www.cybercrime101.com/
Cyber Security Maven -- Techie http://cybersecuritymave-techie.blogspot.com
CyberSpeak's Podcast http://cyberspeak.libsyn.com/
CyberSpeak's Podcast http://cyberspeak.libsyn.com/
Cylance Blog http://blog.cylance.com
Dancho Danchev's Blog - Mind Streams of Information Security Knowledge http://ddanchev.blogspot.com/
Dancho Danchev's Blog - Mind Streams of Information Security Knowledge http://ddanchev.blogspot.com/
Default Deny http://kurtaubuchon.blogspot.com/
Derek Newton « Information Security Insights http://dereknewton.com/
DF Procedures and Musings http://dfprocedures.blogspot.com
DFF and Open Sourse Digitial Forensics blog http://www.digital-forensic.org/blog/
Derek Newton « Information Security Insights http://dereknewton.com/
DF Procedures and Musings http://dfprocedures.blogspot.com
DFF and Open Sourse Digitial Forensics blog http://www.digital-forensic.org/blog/
Digital Detective http://www.digital-detective.net/blog/
Digital Forensic Source http://www.digitalforensicsource.com/
Digital Forensic Source http://www.digitalforensicsource.com/
Digital Forensics Stream http://dfstream.blogspot.com/
Digital Forensics Today http://encase-forensic-blog.guidancesoftware.com/
don't blink http://gutterchurl.blogspot.com/
dougee http://dougee652.blogspot.com/
Digital Forensics Blog http://digiforensics.blogspot.com/
Digital Forensics Today http://encase-forensic-blog.guidancesoftware.com/
don't blink http://gutterchurl.blogspot.com/
dougee http://dougee652.blogspot.com/
Digital Forensics Blog http://digiforensics.blogspot.com/
Digital Forensics Solutions http://dfsforensics.blogspot.com/
EDD and Forensics http://eddandforensics.blogspot.com/
edd blog online http://eddblogonline.blogspot.com
edd blog online http://eddblogonline.blogspot.com
Enterprise Detection & Response http://detect-respond.blogspot.com
Every Bit Counts http://forensicmatt.blogspot.com
Ex Forensis http://exforensis.blogspot.com/
FireEye Malware Intelligence Lab http://blog.fireeye.com/research/
Forensic 4cast http://www.forensic4cast.com/
Every Bit Counts http://forensicmatt.blogspot.com
Ex Forensis http://exforensis.blogspot.com/
FireEye Malware Intelligence Lab http://blog.fireeye.com/research/
Forensic 4cast http://www.forensic4cast.com/
forensic . seccure . net http://seccure.blogspot.com/
Forensic Artifacts http://forensicartifacts.com/
Forensic Computing — Digital forensics from the view of a computer scientist http://www.forensicblog.org/
Forensics For the Newbs http://forensicnewbs.wordpress.com/
Forensic Incident Response http://forensicir.blogspot.com/
Forensic Incident Response http://forensicir.blogspot.com/
Forensic interviews http://f-interviews.com/
Forensic Methods http://forensicmethods.com/
Forensic Photoshop http://forensicphotoshop.blogspot.com/
Forensicaliente - because digital forensics is "hot" http://forensicaliente.blogspot.com/
Forensically sound(ing off) http://marshalla99.wordpress.com/
Forensicator Of The Dead http://forensicotd.blogspot.com/
Forensics from London http://forensiccontrol.blogspot.com/
Forensics from the sausage factory http://forensicsfromthesausagefactory.blogspot.com/
Forensic Methods http://forensicmethods.com/
Forensic Photoshop http://forensicphotoshop.blogspot.com/
Forensicaliente - because digital forensics is "hot" http://forensicaliente.blogspot.com/
Forensically sound(ing off) http://marshalla99.wordpress.com/
Forensicator Of The Dead http://forensicotd.blogspot.com/
Forensics from London http://forensiccontrol.blogspot.com/
Forensics from the sausage factory http://forensicsfromthesausagefactory.blogspot.com/
ForensicZone http://forensiczone.blogspot.com/
Fun with Lost Bits n Bytes http://blog.roberthaist.com
G33k G1r1 goes Binary http://g33k-g1rl.blogspot.com/
Fun with Lost Bits n Bytes http://blog.roberthaist.com
G33k G1r1 goes Binary http://g33k-g1rl.blogspot.com/
Geoff Black's Forensic Gremlins - Everything that gives you fits in Digital
Ghetto Forensics http://www.ghettoforensics.com
Girl, Unallocated http://girlunallocated.blogspot.com/
GPS Evidence Tracking Issues http://gpsevidence.blogspot.com/
Grand Stream Dreams http://grandstreamdreams.blogspot.com/
Forensics and E-Discovery http://www.geoffblack.com/
Ghetto Forensics http://www.ghettoforensics.com
Girl, Unallocated http://girlunallocated.blogspot.com/
GPS Evidence Tracking Issues http://gpsevidence.blogspot.com/
Grand Stream Dreams http://grandstreamdreams.blogspot.com/
Forensics and E-Discovery http://www.geoffblack.com/
Hacking Exposed Computer Forensics blog http://hackingexposedcomputerforensicsblog.blogspot.com/
HandlerDiaries http://blog.handlerdiaries.com
Happy As A Monkey http://happyasamonkey.wordpress.com/
Hexacorn Blog http://www.hexacorn.com/blog/
HeX-OR Forensics http://nicoleibrahim.com
HolisticInfoSec http://holisticinfosec.blogspot.com/
InfoSec Insights http://www.seanmason.com
integriography A Journal of Broken Locks, Ethics, and Computer Forensics http://integriography.wordpress.com/
Happy As A Monkey http://happyasamonkey.wordpress.com/
Hexacorn Blog http://www.hexacorn.com/blog/
HeX-OR Forensics http://nicoleibrahim.com
HolisticInfoSec http://holisticinfosec.blogspot.com/
InfoSec Insights http://www.seanmason.com
integriography A Journal of Broken Locks, Ethics, and Computer Forensics http://integriography.wordpress.com/
Internet Storm Center Diary http://isc.sans.edu/
JL's stuff http://gleeda.blogspot.com/
JonRajewski http://www.jonrajewski.com/cyberblog/
Journey into Incident Response http://journeyintoir.blogspot.com/
Journey into Incident Response http://journeyintoir.blogspot.com/
JustAskWeg http://justaskweg.com
Lenny Zeltser on Information Security http://blog.zeltser.com
Linux Sleuthing http://linuxsleuthing.blogspot.com/
Lowmanio (digital forensic category) http://www.lowmanio.co.uk/blog/categories/digital-forensics/
Macaroni Forensics http://macaroniforensics.blogspot.com/
Lenny Zeltser on Information Security http://blog.zeltser.com
Linux Sleuthing http://linuxsleuthing.blogspot.com/
Lowmanio (digital forensic category) http://www.lowmanio.co.uk/blog/categories/digital-forensics/
Macaroni Forensics http://macaroniforensics.blogspot.com/
man allyn-blog http://allynstott.blogspot.com/
Matthieu Suiche’s blog ! - Happiness only real when shared. http://www.msuiche.net/
Matthieu Suiche’s blog ! - Happiness only real when shared. http://www.msuiche.net/
Malware Analysis Blog http://www.malanalysis.com/blog/
Mash That Key http://mashthatkey.blogspot.com/
Mark Russinovich's Blog http://blogs.technet.com/b/markrussinovich/
McGrew Security Blog http://www.mcgrewsecurity.com/
Mash That Key http://mashthatkey.blogspot.com/
Mark Russinovich's Blog http://blogs.technet.com/b/markrussinovich/
McGrew Security Blog http://www.mcgrewsecurity.com/
Memory Forensics http://memoryforensics.blogspot.com/
MetaDatum http://metadatum.me
MNIN Security http://www.malwarecookbook.com/
MNIN Security Blog http://mnin.blogspot.com/
Mobile Device Forensics http://mobileforensics.wordpress.com/
MetaDatum http://metadatum.me
MNIN Security http://www.malwarecookbook.com/
MNIN Security Blog http://mnin.blogspot.com/
Mobile Device Forensics http://mobileforensics.wordpress.com/
Mobile Forensics Inc Blogger http://blog.mobileforensicsinc.com/
Mobile Telephone Evidence http://trewmte.blogspot.com/
Multimedia Forensics http://multimediaforensics.com/
My open-source toolbox http://opensecgeek.blogspot.com
My Stupid Forensic Blog http://marksforensicblog.wordpress.com/
M-unition http://blog.mandiant.com/
nerdiosity http://www.nerdiosity.com/
Nibble on DAV NADS http://www.davnads.blogspot.com/
Notes http://msvetlik.wordpress.com/
Open Security Research http://blog.opensecurityresearch.com/
OS X Forensics Blog http://osxforensics.wordpress.com/
Overhack http://overhack.wordpress.com/
Phil Hagen's Scratch Pad http://stuffphilwrites.com
My open-source toolbox http://opensecgeek.blogspot.com
My Stupid Forensic Blog http://marksforensicblog.wordpress.com/
M-unition http://blog.mandiant.com/
nerdiosity http://www.nerdiosity.com/
Nibble on DAV NADS http://www.davnads.blogspot.com/
Notes http://msvetlik.wordpress.com/
Open Security Research http://blog.opensecurityresearch.com/
OS X Forensics Blog http://osxforensics.wordpress.com/
Overhack http://overhack.wordpress.com/
Phil Hagen's Scratch Pad http://stuffphilwrites.com
Post Humorous http://www.posthumorous.com/
Practical Digital Forensics http://practicaldigitalforensics.blogspot.com/
Propeller Head Forensics http://propellerheadforensics.com/
Push the Red Button http://moyix.blogspot.com/
Practical Digital Forensics http://practicaldigitalforensics.blogspot.com/
Propeller Head Forensics http://propellerheadforensics.com/
Push the Red Button http://moyix.blogspot.com/
RAM Slack – Random Thoughts from a Computer Forensic Examiner http://ramslack.wordpress.com/
Random Thoughts of Forensics http://randomthoughtsofforensics.blogspot.com/
Reversing Malware http://internetopenurla.blogspot.com/
Reversing Malware http://internetopenurla.blogspot.com/
Riij morf tnetnoc siht elots I http://journeyintoir.blogspot.com
Ryan Stillions http://ryanstillions.blogspot.com
SANs Penetration Testing Blog http://pen-testing.sans.org/blog
Sketchymoose's Blog http://sketchymoose.blogspot.com/
Security Ripcord http://www.cutawaysecurity.com/blog/
Securosis Blog https://securosis.com/blog
Sempersecurus http://sempersecurus.blogspot.com/
Sergio Hernando http://www.sahw.com/wp/
Scudette in Wonderland http://scudette.blogspot.com/
Student of Security http://mikeahrendt.blogspot.com/
Sucuri Blog http://blog.sucuri.net
System Forensics http://www.sysforensics.org/
Seculert http://blog.seculert.com/
Secureartisan http://secureartisan.wordpress.com/
Security Braindump http://securitybraindump.blogspot.com/
TaoSecurity http://taosecurity.blogspot.com/
Ryan Stillions http://ryanstillions.blogspot.com
SANs Penetration Testing Blog http://pen-testing.sans.org/blog
Sketchymoose's Blog http://sketchymoose.blogspot.com/
Security Ripcord http://www.cutawaysecurity.com/blog/
Securosis Blog https://securosis.com/blog
Sempersecurus http://sempersecurus.blogspot.com/
Sergio Hernando http://www.sahw.com/wp/
Scudette in Wonderland http://scudette.blogspot.com/
Student of Security http://mikeahrendt.blogspot.com/
Sucuri Blog http://blog.sucuri.net
System Forensics http://www.sysforensics.org/
Seculert http://blog.seculert.com/
Secureartisan http://secureartisan.wordpress.com/
Security Braindump http://securitybraindump.blogspot.com/
TaoSecurity http://taosecurity.blogspot.com/
Taksati http://www.taksati.org/
The Cave http://cyb3rdaw6.harpermountain.net/
The Digital Standard http://thedigitalstandard.blogspot.com/
The Digital4rensics Blog http://www.digital4rensics.com/
The Forensics Ferret Blog http://forensicsferret.wordpress.com/
The Last Line of Defense http://blog.tllod.com/
Trace Evidence http://traceevidence.blogspot.com
trustedsignal -- blog http://trustedsignal.blogspot.com/
Unchained Forensics http://unchainedforensics.blogspot.com/
Unmask Parisites blog http://blog.unmaskparasites.com/
ViaForensics https://viaforensics.com/blog/
Volatility Advanced Memory Forensics http://volatility.tumblr.com/
The Cave http://cyb3rdaw6.harpermountain.net/
The Digital Standard http://thedigitalstandard.blogspot.com/
The Digital4rensics Blog http://www.digital4rensics.com/
The Forensics Ferret Blog http://forensicsferret.wordpress.com/
The Last Line of Defense http://blog.tllod.com/
Trace Evidence http://traceevidence.blogspot.com
trustedsignal -- blog http://trustedsignal.blogspot.com/
Unchained Forensics http://unchainedforensics.blogspot.com/
Unmask Parisites blog http://blog.unmaskparasites.com/
ViaForensics https://viaforensics.com/blog/
Volatility Advanced Memory Forensics http://volatility.tumblr.com/
Volatility Labs http://volatility-labs.blogspot.com/
Webcase Weblog http://veresoftware.com/blog/
Websense Security Labs http://community.websense.com/blogs/securitylabs/
Windows Forensic Environment http://winfe.wordpress.com/
Webcase Weblog http://veresoftware.com/blog/
Websense Security Labs http://community.websense.com/blogs/securitylabs/
Windows Forensic Environment http://winfe.wordpress.com/
Windows Incident Response http://windowsir.blogspot.com/
WriteBlocked http://writeblocked.org/
Wyatt Roersma Blog http://www.wyattroersma.com/
Yogesh Khatri's forensic blog http://www.swiftforensics.com/
Zena Forensics http://blog.digital-forensics.it/
Zscaler http://research.zscaler.com/
@sroberts http://sroberts.github.io/
DFIR Websites
Brian Carrier Digital Investigation - Forensics and Evidence Research http://www.digital-evidence.org/
CERIAS Reports and Papers Archive https://www.cerias.purdue.edu/apps/reports_and_papers/
Cert http://www.cert.org/
Computer Crime & Intellectual Property Section US DOJ http://www.justice.gov/criminal/cybercrime/
Computer Forensics Miscellany http://computerforensics.parsonage.co.uk/
Craig Gall Helping Lawyers Master Technology http://www.craigball.com/
DFI News http://www.dfinews.com/
DFRWS (Digital Forensics Research Conference) http://www.dfrws.org/Digital Forensics Magazine supporting the professional computer security industry http://www.digitalforensicsmagazine.com/
Digital Forensics Solutions' Research http://www.digitalforensicssolutions.com/research.shtml
ENSIA CERT http://www.enisa.europa.eu/act/cert/
E-Evidence Information Center - Home http://www.e-evidence.info/
FIRST - Improving security together http://www.first.org/
Forensic Focus www.forensicfocus.com/
Forensic Magazine Issues http://www.forensicmag.com/
Forensics Wiki http://www.forensicswiki.org/
HolisticInfoSec toolsmith http://holisticinfosec.org/toolsmith
Inside the registry http://www.insidetheregistry.com/regdatabase/
I-Sight's Investigations http://i-sight.com/investigation/
International Journal of Digital Evidence on Utica College http://www.utica.edu/academic/institutes/ecii/ijde/
Into The Boxes http://intotheboxes.wordpress.com/
IronGeek's InfoSec Articles http://www.irongeek.com/i.php?page=security/
Journal of Digital Forensics, Security and Law http://www.jdfsl.org/
Lenny Zeltser http://zeltser.com/
log2timeline http://log2timeline.net/
mnin.org http://www.mnin.org/
Mobile Forensics Central http://www.mobileforensicscentral.com/
National Institute of Justice Publications http://nij.gov/nij/pubs-sum/
National White Collar Crime Center http://www.nw3c.org/
Network Forensics Puzzle Contest http://forensicscontest.com/
NIST Computer Security Division Special Publications http://csrc.nist.gov/publications/nistpubs/
Open Source Digital Forensics http://www2.opensourceforensics.org/
SANs Computer Forensics http://computer-forensics.sans.org/
SANS InfoSec Reading Room - Forensics http://www.sans.org/reading_room/whitepapers/forensics/
SANS InfoSec Reading Room - Incident Handling http://www.sans.org/reading_room/whitepapers/incident/
SANS InfoSec Reading Room - Malicious Code http://www.sans.org/reading_room/whitepapers/malicious/
SANS InfoSec Reading Room - Steganography http://www.sans.org/reading_room/whitepapers/stenganography/
SANs Summit Archives http://digital-forensics.sans.org/summit-archives
Small Scale Digital Device Forensics Journal http://www.ssddfj.org/
SWGDE http://www.swgde.org/
The Honeynet Project Challenges https://www.honeynet.org/challenges/
Welcome AppleExaminer http://www.appleexaminer.com/
Williballenthin.com http://williballenthin.com
DFIR Webpages
AuSCERT Forming an Incident Response Team http://www.auscert.org.au/render.html?it=2252&cid=1938
Cybercrime.gov searching and seizing manual http://www.cybercrime.gov/ssmanual/index.html
Daubert v. Merrell Dow Pharmaceuticals http://www.law.cornell.edu/supct/html/92-102.ZS.html
Default Processes in Windows 2000 http://support.microsoft.com/kb/263201
Digital Evidence: Standards and Principles http://www.fbi.gov/about-us/lab/forensic-science-communications/fsc/april2000/swgde.htm
Digitalcorpora Disk Images http://digitalcorpora.org/corpora/disk-images/
FileSignatures Table http://www.garykessler.net/library/file_sigs.html
Forensically interesting spots in the Windows 7, Vista and XP file system and registry (and anti-forensics) http://www.irongeek.com/i.php?page=security/windows-forensics-registry-and-file-system-spots
Microsoft Windows XP - Default settings for services http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/sys_srv_default_settings.mspx?mfr=true
QQIS Whitepapers http://qccis.com/resources/publications/
RFC 3227 - Guidelines for Evidence Collection and Archiving http://www.rfc-archive.org/getrfc.php?rfc=3227
SEI Handbook for Incident Response Teams http://www.sei.cmu.edu/library/abstracts/reports/03hb002.cfm
Windows 7 Default Services and Suggested Startup Mode http://www.windowsnetworking.com/articles_tutorials/Windows-7-Default-Services-Suggested-Startup-Mode.html
DFIR Groups
Yahoo Win4n6 Group http://tech.groups.yahoo.com/group/win4n6/
Yahoo Linux Forensics Group http://tech.groups.yahoo.com/group/linux_forensics/
The Vol-users Archives http://lists.volatilesystems.com/pipermail/vol-users/
DFIR Tool Websites
Digital Forensics Framework Wiki http://wiki.digital-forensic.org/
Jafat Archive of Forensic Analysis Tools http://jafat.sourceforge.net/
Joakim Schicht https://github.com/jschicht
Live View http://liveview.sourceforge.net/
md5deep and hashdeep http://md5deep.sourceforge.net/
mft2csv http://code.google.com/p/mft2csv
MiTec http://www.mitec.cz/
My SecTools http://www.mysectools.com/
NirSoft http://www.nirsoft.net/
OpenSourceForensics http://code.google.com/p/opensourceforensics/
plaso - home of the super timeline http://plaso.kiddaland.net
pydetective http://code.google.com/p/pydetective/
Registry Decoder http://code.google.com/p/registrydecoder/
Registry Decoder Live http://code.google.com/p/regdecoderlive/
RegRipper http://regripper.wordpress.com/
Rekall Memory Forensic Framework http://www.rekall-forensic.com
Shadow Explorer http://www.shadowexplorer.com/
Sleuthkit http://www.sleuthkit.org/
TZWorks LLC http://www.tzworks.net/
Volatility An advanced memory forensics framework http://code.google.com/p/volatility/
Winforensicaanalysis http://code.google.com/p/winforensicaanalysis/
Windows Forensic Environment http://winfe.wordpress.com/
Woanware http://www.woanware.co.uk/
DFIR Tool Webpages
Digital Detective - Free Tools http://www.digital-detective.net/digital-forensic-software/free-tools/
Forensic Control Free Computer Forensic Tools http://forensiccontrol.com/resources/free-software/
HB Gary Free Security Tools http://www.hbgary.com/free-tools
Mandiant Free Software http://www.mandiant.com/products/free_software
QCC Information Security Free Forensic Tools http://www.qccis.com/forensic-tools
RedWolf Computer Forensics http://redwolfcomputerforensics.com/index.php?option=com_content&task=view&id=42&Itemid=55
Sanderson Forensics Free Utilities http://www.sandersonforensics.com/content.asp?page=15
Digital Forensics Framework Wiki http://wiki.digital-forensic.org/
Jafat Archive of Forensic Analysis Tools http://jafat.sourceforge.net/
Joakim Schicht https://github.com/jschicht
Live View http://liveview.sourceforge.net/
md5deep and hashdeep http://md5deep.sourceforge.net/
mft2csv http://code.google.com/p/mft2csv
MiTec http://www.mitec.cz/
My SecTools http://www.mysectools.com/
NirSoft http://www.nirsoft.net/
OpenSourceForensics http://code.google.com/p/opensourceforensics/
plaso - home of the super timeline http://plaso.kiddaland.net
pydetective http://code.google.com/p/pydetective/
Registry Decoder http://code.google.com/p/registrydecoder/
Registry Decoder Live http://code.google.com/p/regdecoderlive/
RegRipper http://regripper.wordpress.com/
Rekall Memory Forensic Framework http://www.rekall-forensic.com
Shadow Explorer http://www.shadowexplorer.com/
Sleuthkit http://www.sleuthkit.org/
TZWorks LLC http://www.tzworks.net/
Volatility An advanced memory forensics framework http://code.google.com/p/volatility/
Winforensicaanalysis http://code.google.com/p/winforensicaanalysis/
Windows Forensic Environment http://winfe.wordpress.com/
Woanware http://www.woanware.co.uk/
DFIR Tool Webpages
Digital Detective - Free Tools http://www.digital-detective.net/digital-forensic-software/free-tools/
Forensic Control Free Computer Forensic Tools http://forensiccontrol.com/resources/free-software/
HB Gary Free Security Tools http://www.hbgary.com/free-tools
Mandiant Free Software http://www.mandiant.com/products/free_software
QCC Information Security Free Forensic Tools http://www.qccis.com/forensic-tools
RedWolf Computer Forensics http://redwolfcomputerforensics.com/index.php?option=com_content&task=view&id=42&Itemid=55
Sanderson Forensics Free Utilities http://www.sandersonforensics.com/content.asp?page=15
Labels:
digital forensics search,
links
Posts
I have been using "Digital Forensics Search Engine" from http://digfor.blogspot.com for at least a couple of years now. It works great and has similar functionality as the Digital Forensic Search.
Giant
I don't use search features on blogs since I just point Google at the sites using site:URL. I just assumed blogs search features either searched only that site, or that site & any links on the site. Digfor is one of the blogs I follow and I didn't know they had a Digital Forensic Search Engine since I never ran a search from their blog.
Corey
I picked up your DF search from Douglas Brush's post on FF and you have a great list of sources which is very helpful to have in one place. I'll look through my bookmarks and see if I can find any to add to your list.
Thanks for this.
H
Corey
This search engine is awesome. Thanks for your efforts. I am using it regularly
Good job Corey,
I have set up "Digital Forensics Search Engine" a while ago and haven't updated it for some time now. It's ok for my purposes but it is not as comprehensive as yours, so keep up the good work.
Best,
ecophobia
Hi! Great collection of Digital Forensics related resources. I read a very informative article about Forensics and Bendfords law and i think should be included in the above list.
Check this http://eventlogxp.com/blog/forensics-and-benfords-law/
Otherwise Great work. Thanks