Talk:Computer forensics

From Wikipedia, the free encyclopedia

This article is within the scope of the Law Enforcement WikiProject, a wikiproject dedicated to improving wikipedia's coverage of law enforcement. If you would like to participate, please visit the project page, where you can join the project and see a list of open tasks.
??? This article has not yet received a rating on the quality scale.

Contents

[edit] Plagurism alert

[1]

So, who's ripped off who here? The copyright date suggests he's ripped off us.

[edit] Reworking article

Something drastic should be done with this article, even if it means working from a clean slate, IMO. There's very little that's retainable and relevant to the wiki focus. Here's what I envision:

Bag and Tag

  • _Brief_ search and seizure information. This is 90% of the current article. Trim down each paragraph into a single direct sentence.

Media forensics (hard drives, floppies, usb devices, flash cards)

  • deleted files, internet browser cache and history, frequently accessed files, MAC time analysis

Data forensics

  • Determing file type and content, reading metadata (BTK case is a GREAT example of this), understanding binary data

Internet Data forensics

  • E-mails, IM chat, etc. The current E-mail section can be integrated into this, and then drawn out to include subpeonas to providers and services (myspace, eBay, etc).

Network intrusions

  • Live forensics on running servers, define volatile data, define full capture logs, explain why cracker would jump box to box and what network traces there'd be. There are a lot of possibilities with this section (placing network sniffers, etc).

Forensic Tools

  • On the fence on this one. There's a very finite number of popular tools out there for computer forensics: EnCase, FTK, iLook, Autopsy/Sleuthkit, SMART Maybe a brief one paragraph blurb on commercial tools, and free tools.

And get this article down to less than two pages of content. It'd be a grand undertaking, but doable if there's a consensus and effort. Rurik 14:40, 27 August 2006 (UTC)


Have added an article to the subpage as the main one is off line at the moment let me know what you think. --Moodini 09:15, 16 August 2006 (UTC)


should we incorporate forensics software 1 into this article? Goodralph 20:29, 14 Jun 2004 (UTC)

Or at least some software that actually helps the examiner examine the data...

[edit] Chassis to Case

Would anyone care if chassis is changed to case or maybe terminal? I can't say I've ever heard a computer case called a chassis.

worldtravller

I wouldn't call it a terminal - too ambiguous. If chassis is not acceptable, then case would be ok imo, but what's wrong with chassis - it's perfectly clear.

Try BaseUnit or data store 82.33.11.157 20:53, 11 June 2006 (UTC)jago25_98

Not that it matters much since the current iteration of this article is in question, however, I think using "chassis" is perfectly fine. Thomas Matthews 05:48, 16 August 2006 (UTC)

[edit] Informative article or guide?

This entry reads more like a how-to guide for the aspiring forensic analyst then an explanatory article about the subject. There's no background, history, examples of where such issues have arisen and been applied, etc.

That was exactly my thought- this is not an encylopedia article. It is also very PC centric, with no mention of Mac, Linux, servers or printers. The forensics sections of Laser printer and Computer printer should be moved here, expanded and compared to the section in Typewriter. Scanners should also be mentioned. --Gadget850 19:22, 19 October 2005 (UTC)
Agreed. This needs editing by someone who knows the subject in a way that keeps the content, which is great, but adjusts the tone to make it more encyclopedic. Are the original editors still hanging around the article I wonder? Coyote-37 14:31, 21 October 2005 (UTC)

It's not encyclopedia material at all, it should be moved to wikibooks. A wikibook howto on computer forensics would be perfect for this material. Night Gyr 09:51, 5 November 2005 (UTC)

I concurr --Gadget850 11:19, 5 November 2005 (UTC)

[edit] Prevention

How about information about how to make it as difficult as possible for someone to recover such information.

   I would recommend creating a seperate article under the title Anti-Forensics, and providing a link.

[edit] External links

Many seem to confuse WP with a web directory. I checked the external links section, and here's my opinion. These are commercial link and pretty useless in this context (some disguise that fact better than others).

  • www.sectorforensics.co.uk Computer Forensics Investigators
  • www.infosecinstitute.com/courses/computer_forensics_training.html InfoSec Institute Computer Forensics Training Hands on training and certification
  • df.intelysis.com Intelysis Corp. Canada's Leading Digital Forensics Firm
  • www.tkmtechnologies.com TKM Technologies Computer forensics company with news and articles
  • www.data-recovery-reviews.com/computer-forensics-training.htm Computer forensics training What is computer forensics?
  • www.ibasuk.com Ibas UK Computer Forensics Computer forensics company
  • www.securestandard.com/Incident_Handling/Forensics SecureStandard Directory of forensics whitepapers.
  • www.ecodatarecovery.com/forensic.html Forensic Investigation: Who needs forensics?
  • www.forensical.com Computer Forensics Investigations
  • www.securityuniversity.net/classes_anti-hacking_forensics.php Anti-Hacking for Computer Forensics
  • www.krollontrack.com/ Kroll Ontrack (Computer Forensics company)
  • www.t3i.com/services/Information-Forensics/infoforensics.asp T3i (Computer Forensics company)
  • www.silverseal.net/computerForensics.htm SilverSEAL Corporation Computer Forensics Investigations

Here's a bunch that could be useful if the sites were not way too small:

  • www.forensicfocus.com Forensic Focus Computer forensics news, information and community
  • www.computerforensicsworld.com Computer Forensics World Community of computer forensic professionals
  • computer-forensics.safemode.org Computer Forensics Wiki

These could be sort of useful, but neither looks like a must-have:

  • www.bleepingcomputer.com/forums/tutorial24.html Windows Forensics: Have I been Hacked?
  • www.forensics.nl Forensics.nl Forensics Research, Tools and Presentations

So I basically nuked the complete external links section and renamed "Other Sources of Reading" to "External links". Algae 17:18, 20 December 2005 (UTC)

[edit] Unreferenced

I've slapped an unreferenced tag in the article because it reads like a DIY manual, and there is only one reference - to an article about breaking hash functions. Please cite your sources. Thanks. -- zzuuzz (talk) 23:01, 4 April 2006 (UTC)


[edit] =

This is one of the most dreadful articles I have ever read on Wikipedia. Is is factually incorrect and misleading.

It would be useful if you could briefly explain which parts are inaccurate/misleading, so that they can be properly checked and removed if neccessary. 66.227.95.240 18:52, 8 November 2006 (UTC)


[edit] Software

Moved to discussion. There are COUNTLESS software products for CF. Every vendor that pops along is now adding their product in here. It is getting way out of hand, and wiki is NOT a directory of software.

I have therefore shifted the current ruck of product to this page. If we left it, it would get longer and longer and longer, and eventually consume the article, becoming a random directory of questionable commercial tools.

Retrieved from "http://en.wikipedia.org../../../c/o/m/Talk%7EComputer_forensics_f3b9.html"