Starting organizing my forensics material

st0pli · Nov 26, 2015 · f4c88cb · f4c88cb
1 parent 2507cfc
commit f4c88cb
Show file tree

Hide file tree

Showing 16 changed files with 53 additions and 21 deletions.
diff --git a/Forensics/README.md b/Forensics/README.md
@@ -1,22 +1,60 @@
 # Forensics
 
+## Disk Forensics
 
-## Tools
+### dd
 
-### Scripts:
+### strings
+
+```shell
+$ strings /tmp/mem.dump | grep BOOT_
+$ BOOT_IMAGE=/vmlinuz-3.5.0-23-generic
+```
+
+### scalpel
+
+### TrID
+
+### binwalk
+
+### foremost
+
+### ExifTool
+
+### Hex editors
+
+### dff
+
+### CAINE
+
+### The Sleuth Kit
+
+
+----------
+
+## Memory Forensics
+
+### memdump
+
+
+
+### Volatility: Analysing Dumps
+
+* [I have a lot of material on Volatility and Memory Forensics here](volatility.md)
+* I highly reccomend their training.
+
+---------------
+### Scripts
+
+#### PDFs
+Tools to test a PDF file:
 
-- memdump
 - pdfid
 - pdf-parser
-- dd
-- strings
-- scalpel
-- TrID
-- binwalk
-- foremost
-- ExifTool
-- Hex editors
-- DFF
-- CAINE
-- The Sleuth Kit
-- Volability
+
+
+-----------
+## References
+
+* [File system analysis](http:https://wiki.sleuthkit.org/index.php?title=FS_Analysis)
+* [TSK Tool Overview](http:https://wiki.sleuthkit.org/index.php?title=Mactime)
diff --git a/Forensics/memdump.md b/Forensics/memdump.md
diff --git a/Forensics/readings/DFRWS-EU-2015-short-presentation-1.pdf b/Forensics/readings/DFRWS-EU-2015-short-presentation-1.pdf
diff --git a/Forensics/readings/DFRWS-EU-2015-short-presentation-2.pdf b/Forensics/readings/DFRWS-EU-2015-short-presentation-2.pdf
diff --git a/Forensics/readings/DFRWS2014-p1.pdf b/Forensics/readings/DFRWS2014-p1.pdf
diff --git a/Forensics/readings/DFRWS2015-5.pdf b/Forensics/readings/DFRWS2015-5.pdf
diff --git a/Forensics/readings/Detect_Malware_w_Memory_Forensics.pdf b/Forensics/readings/Detect_Malware_w_Memory_Forensics.pdf
diff --git a/Forensics/readings/ELF_Format.pdf b/Forensics/readings/ELF_Format.pdf
diff --git a/Forensics/readings/Facilitating-Fluffy-Forensics-Andrew-Hay.pdf b/Forensics/readings/Facilitating-Fluffy-Forensics-Andrew-Hay.pdf
diff --git a/Forensics/readings/THA-Deep-Dive-Analyzing-Malware-in-Memory.pdf b/Forensics/readings/THA-Deep-Dive-Analyzing-Malware-in-Memory.pdf
diff --git a/Forensics/readings/hta-f01-hunting-mac-malware-with-memory-forensics.pdf b/Forensics/readings/hta-f01-hunting-mac-malware-with-memory-forensics.pdf
diff --git a/Forensics/readings/sift_cheat_sheet.pdf b/Forensics/readings/sift_cheat_sheet.pdf
diff --git a/Forensics/readings/tmc_sjennings_linuxcon2013.pdf b/Forensics/readings/tmc_sjennings_linuxcon2013.pdf
diff --git a/Forensics/pdf-parser.py → Forensics/scripts/pdf-parser.py b/Forensics/pdf-parser.py → Forensics/scripts/pdf-parser.py
diff --git a/Forensics/pdfid.py → Forensics/scripts/pdfid.py b/Forensics/pdfid.py → Forensics/scripts/pdfid.py
diff --git a/Forensics/volatility.md b/Forensics/volatility.md