======Pré-requis ======  
  - Procédure forensique [[https://www.ncjrs.gov/pdffiles1/nij/199408.pdf|lien1]] [[http://www.ncfs.ucf.edu/craiger.forensics.methods.procedures.final.pdf|lien2]]
  - Architecture disques durs [[http://www.pixelbeat.org/docs/disk/|lien1]]
  - Processus de boot [[http://www.thegeekstuff.com/2011/02/linux-boot-process/|lien1]]
  - MBR [[http://en.wikipedia.org/wiki/Master_boot_record|lien1]] [[http://doc.ubuntu-fr.org/mbr|lien2]]
  - Live memory [[http://resources.infosecinstitute.com/memory-forensics-and-analysis-using-volatility/|lien1]] [[https://web.archive.org/web/20200117183302/http://www.lestutosdenico.com/tutos-de-nico/forensique-analyse-memoire-volatility|lien2]]
  - Analyse de logs [[http://www.securinets.com/sites/default/files/tuto_pdf/Analyse%20des%20LOG%20des%20FW.pdf|lien1]]

======Windows ======
  - Windows file systems (FAT, NTFS) [[https://www.priscilla.com/wp-content/uploads/2021/08/FileSystemForensics.pdf|lien1]] [[https://www.dfsee.com/present/fsystems.pdf|lien2]]
  - Registres [[http://support.microsoft.com/kb/256986|lien1]]

======Linux ======
  - Linux file systems (ext2/3) [[http://www.nongnu.org/ext2-doc/ext2.html|lien1]] [[http://perl.plover.com/yak/ext2fs/|lien2]] [[https://www.dfsee.com/present/fsystems.pdf|lien3]]

======Mac ======
  - Mac file systems (UFS) [[http://ptgmedia.pearsoncmg.com/images/0131482092/samplechapter/mcdougall_ch15.pdf|lien1]]

======Lectures conseillées ======
  - The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory [[http://www.amazon.com/The-Art-Memory-Forensics-Detecting/dp/1118825098/ref=pd_sim_b_3?ie=UTF8&amp;refRID=0XR1DPVES9WNFGXSNSW1|lien1]]
  - Computer Forensics JumpStart [[http://www.amazon.com/Computer-Forensics-JumpStart-Michael-Solomon/dp/0470931663/ref=sr_1_1?ie=UTF8&amp;qid=1379427922&amp;sr=8-1&amp;keywords=Computer+Forensics+JumpStart|lien1]]
  - Digital Forensics for Legal Professionals: Understanding Digital Evidence From The Warrant To The Courtroom [[http://www.amazon.com/Digital-Forensics-Legal-Professionals-Understanding/dp/159749643X/ref=sr_1_1?ie=UTF8&amp;qid=1379428073&amp;sr=8-1&amp;keywords=Digital+Forensics+for+Legal+Professionals%3A+Understanding+Digital+&#8203;​Evidence+From+The+Warrant+To+The+Courtroom|lien1]]
  - Digital Forensics with Open Source Tools [[http://www.amazon.com/Digital-Forensics-Open-Source-Tools/dp/1597495867/ref=sr_1_1?ie=UTF8&amp;qid=1379428007&amp;sr=8-1&amp;keywords=Digital+Forensics+with+Open+Source+Tools|lien1]]
  - Windows Registry Forensics: Advanced Digital Forensic Analysis of the Windows Registry [[http://www.amazon.com/Windows-Registry-Forensics-Advanced-Forensic/dp/1597495808/ref=sr_1_1?ie=UTF8&amp;qid=1379428112&amp;sr=8-1&amp;keywords=Windows+Registry+Forensics%3A+Advanced+Digital+Forensic+Analysis+of&#8203;​+the+Windows+Registry|lien1]]
  - File System Forensic Analysis [[http://www.amazon.com/System-Forensic-Analysis-Brian-Carrier/dp/0321268172/ref=sr_1_1?ie=UTF8&amp;qid=1379428132&amp;sr=8-1&amp;keywords=File+System+Forensic+Analysis|lien1]]
  - Hacking Exposed Computer Forensics, Second Edition: Computer Forensics Secrets &amp; Solutions [[http://www.amazon.com/Hacking-Exposed-Computer-Forensics-Edition/dp/0071626778/ref=sr_1_1?ie=UTF8&amp;qid=1379428153&amp;sr=8-1&amp;keywords=Hacking+Exposed+Computer+Forensics%2C+Second+Edition%3A+Computer+Fo&#8203;​rensics+Secrets+%26+Solutions|lien1]]
  - The Lure: The True Story of How the Department of Justice Brought Down Two of the World's Most Dangerous Cyber Criminals [Livre] [[http://www.amazon.fr/The-Lure-Department-Dangerous-Criminals/dp/1435457129/|lien1]]

======Outils ======
  - Helix
  - Caine
  - Encase
  - FTK + FTK Imager
  - TSK + Autopsy
  - Volatility
  - Rekall Memory Forensic Framework
  - Memoryze
  - Liste -> [[http://forensiccontrol.com/resources/free-software/|http://forensiccontrol.com/resources/free-software/]]

======Cheat sheet ======
  - [[https://blogs.sans.org/computer-forensics/files/2011/12/digital-forensics-incident-response-log2timeline-timeline-cheatsheet.pdf|Forensic Process Cheatsheet]]
  - [[http://acme-labs.org.uk/galleries/47/0000/2345/forensic_cheatsheet.pdf|Linux Forensic Cheatsheet]]
  - [[http://forensicmethods.com/wp-content/uploads/2012/04/Memory-Forensics-Cheat-Sheet-v1.pdf|Volatility Cheatsheet]]

======Blogs ======
  - [[http://digiforensics.blogspot.fr/|http://digiforensics.blogspot.fr/]]
  - [[http://journeyintoir.blogspot.fr/|http://journeyintoir.blogspot.fr/]]
  - [[http://www.forensickb.com/|http://www.forensickb.com/]]
  - [[http://forensicsfromthesausagefactory.blogspot.fr/|http://forensicsfromthesausagefactory.blogspot.fr/]]
  - [[http://sysforensics.org/|http://sysforensics.org/]]
  - [[http://forensicsource.blogspot.fr/|http://forensicsource.blogspot.fr/]]
  - [[http://girlunallocated.blogspot.fr/|http://girlunallocated.blogspot.fr/]]
  - [[http://dfsforensics.blogspot.fr/|http://dfsforensics.blogspot.fr/]]
  - [[http://whereismydata.wordpress.com/|http://whereismydata.wordpress.com/]]

======Ressources ======
  - [[http://www.filesignatures.net/|File signatures]]
  - [[http://acme-labs.org.uk/teaching/huddersfield/2010-2011/chs2580|Cours1]]
  - [[http://www.cse.scu.edu/~tschwarz/coen252_07Fall/ln.html|Cours2]]
  - [[http://www.forensicswiki.org/wiki/Main_Page|Forensic wiki]]