Outils d'utilisateurs
les_pre-requis_forensic
Différences
Cette page vous donne les différences entre la révision choisie et la version actuelle de la page.
|
les_pre-requis_forensic [2014/02/26 20:26] 127.0.0.1 modification externe |
les_pre-requis_forensic [2022/04/10 00:31] (Version actuelle) Vixepti |
||
|---|---|---|---|
| Ligne 1: | Ligne 1: | ||
| - | Outils Forensics : | + | ======Pré-requis ====== |
| + | - Procédure forensique [[https://www.ncjrs.gov/pdffiles1/nij/199408.pdf|lien1]] [[http://www.ncfs.ucf.edu/craiger.forensics.methods.procedures.final.pdf|lien2]] | ||
| + | - Architecture disques durs [[http://www.pixelbeat.org/docs/disk/|lien1]] | ||
| + | - Processus de boot [[http://www.thegeekstuff.com/2011/02/linux-boot-process/|lien1]] | ||
| + | - MBR [[http://en.wikipedia.org/wiki/Master_boot_record|lien1]] [[http://doc.ubuntu-fr.org/mbr|lien2]] | ||
| + | - Live memory [[http://resources.infosecinstitute.com/memory-forensics-and-analysis-using-volatility/|lien1]] [[https://web.archive.org/web/20200117183302/http://www.lestutosdenico.com/tutos-de-nico/forensique-analyse-memoire-volatility|lien2]] | ||
| + | - Analyse de logs [[http://www.securinets.com/sites/default/files/tuto_pdf/Analyse%20des%20LOG%20des%20FW.pdf|lien1]] | ||
| - | - [[ http://www.lestutosdenico.com/outils/analyse-forensique-completement-sick | Liste de tools et leur description]] | + | ======Windows ====== |
| - | - [[ http://www.baudline.com/what_is_baudline.html| Baudline pour les spectres ]] | + | - Windows file systems (FAT, NTFS) [[https://www.priscilla.com/wp-content/uploads/2021/08/FileSystemForensics.pdf|lien1]] [[https://www.dfsee.com/present/fsystems.pdf|lien2]] |
| - | - [[ http://foremost.sourceforge.net/| Foremost]] | + | - Registres [[http://support.microsoft.com/kb/256986|lien1]] |
| - | - [[ http://www.crark.net/cRARk.html| Rar-cracker]] | + | |
| - | - [[ http://www.cgsecurity.org/wiki/PhotoRec| PhotoRec]] | + | ======Linux ====== |
| - | - [[ http://www.digitalforensicssolutions.com/Scalpel/| Scalpel]] | + | - Linux file systems (ext2/3) [[http://www.nongnu.org/ext2-doc/ext2.html|lien1]] [[http://perl.plover.com/yak/ext2fs/|lien2]] [[https://www.dfsee.com/present/fsystems.pdf|lien3]] |
| + | |||
| + | ======Mac ====== | ||
| + | - Mac file systems (UFS) [[http://ptgmedia.pearsoncmg.com/images/0131482092/samplechapter/mcdougall_ch15.pdf|lien1]] | ||
| + | |||
| + | ======Lectures conseillées ====== | ||
| + | - The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory [[http://www.amazon.com/The-Art-Memory-Forensics-Detecting/dp/1118825098/ref=pd_sim_b_3?ie=UTF8&refRID=0XR1DPVES9WNFGXSNSW1|lien1]] | ||
| + | - Computer Forensics JumpStart [[http://www.amazon.com/Computer-Forensics-JumpStart-Michael-Solomon/dp/0470931663/ref=sr_1_1?ie=UTF8&qid=1379427922&sr=8-1&keywords=Computer+Forensics+JumpStart|lien1]] | ||
| + | - Digital Forensics for Legal Professionals: Understanding Digital Evidence From The Warrant To The Courtroom [[http://www.amazon.com/Digital-Forensics-Legal-Professionals-Understanding/dp/159749643X/ref=sr_1_1?ie=UTF8&qid=1379428073&sr=8-1&keywords=Digital+Forensics+for+Legal+Professionals%3A+Understanding+Digital+​Evidence+From+The+Warrant+To+The+Courtroom|lien1]] | ||
| + | - Digital Forensics with Open Source Tools [[http://www.amazon.com/Digital-Forensics-Open-Source-Tools/dp/1597495867/ref=sr_1_1?ie=UTF8&qid=1379428007&sr=8-1&keywords=Digital+Forensics+with+Open+Source+Tools|lien1]] | ||
| + | - Windows Registry Forensics: Advanced Digital Forensic Analysis of the Windows Registry [[http://www.amazon.com/Windows-Registry-Forensics-Advanced-Forensic/dp/1597495808/ref=sr_1_1?ie=UTF8&qid=1379428112&sr=8-1&keywords=Windows+Registry+Forensics%3A+Advanced+Digital+Forensic+Analysis+of​+the+Windows+Registry|lien1]] | ||
| + | - File System Forensic Analysis [[http://www.amazon.com/System-Forensic-Analysis-Brian-Carrier/dp/0321268172/ref=sr_1_1?ie=UTF8&qid=1379428132&sr=8-1&keywords=File+System+Forensic+Analysis|lien1]] | ||
| + | - Hacking Exposed Computer Forensics, Second Edition: Computer Forensics Secrets & Solutions [[http://www.amazon.com/Hacking-Exposed-Computer-Forensics-Edition/dp/0071626778/ref=sr_1_1?ie=UTF8&qid=1379428153&sr=8-1&keywords=Hacking+Exposed+Computer+Forensics%2C+Second+Edition%3A+Computer+Fo​rensics+Secrets+%26+Solutions|lien1]] | ||
| + | - The Lure: The True Story of How the Department of Justice Brought Down Two of the World's Most Dangerous Cyber Criminals [Livre] [[http://www.amazon.fr/The-Lure-Department-Dangerous-Criminals/dp/1435457129/|lien1]] | ||
| + | |||
| + | ======Outils ====== | ||
| + | - Helix | ||
| + | - Caine | ||
| + | - Encase | ||
| + | - FTK + FTK Imager | ||
| + | - TSK + Autopsy | ||
| + | - Volatility | ||
| + | - Rekall Memory Forensic Framework | ||
| + | - Memoryze | ||
| + | - Liste -> [[http://forensiccontrol.com/resources/free-software/|http://forensiccontrol.com/resources/free-software/]] | ||
| + | |||
| + | ======Cheat sheet ====== | ||
| + | - [[https://blogs.sans.org/computer-forensics/files/2011/12/digital-forensics-incident-response-log2timeline-timeline-cheatsheet.pdf|Forensic Process Cheatsheet]] | ||
| + | - [[http://acme-labs.org.uk/galleries/47/0000/2345/forensic_cheatsheet.pdf|Linux Forensic Cheatsheet]] | ||
| + | - [[http://forensicmethods.com/wp-content/uploads/2012/04/Memory-Forensics-Cheat-Sheet-v1.pdf|Volatility Cheatsheet]] | ||
| + | |||
| + | ======Blogs ====== | ||
| + | - [[http://digiforensics.blogspot.fr/|http://digiforensics.blogspot.fr/]] | ||
| + | - [[http://journeyintoir.blogspot.fr/|http://journeyintoir.blogspot.fr/]] | ||
| + | - [[http://www.forensickb.com/|http://www.forensickb.com/]] | ||
| + | - [[http://forensicsfromthesausagefactory.blogspot.fr/|http://forensicsfromthesausagefactory.blogspot.fr/]] | ||
| + | - [[http://sysforensics.org/|http://sysforensics.org/]] | ||
| + | - [[http://forensicsource.blogspot.fr/|http://forensicsource.blogspot.fr/]] | ||
| + | - [[http://girlunallocated.blogspot.fr/|http://girlunallocated.blogspot.fr/]] | ||
| + | - [[http://dfsforensics.blogspot.fr/|http://dfsforensics.blogspot.fr/]] | ||
| + | - [[http://whereismydata.wordpress.com/|http://whereismydata.wordpress.com/]] | ||
| + | |||
| + | ======Ressources ====== | ||
| + | - [[http://www.filesignatures.net/|File signatures]] | ||
| + | - [[http://acme-labs.org.uk/teaching/huddersfield/2010-2011/chs2580|Cours1]] | ||
| + | - [[http://www.cse.scu.edu/~tschwarz/coen252_07Fall/ln.html|Cours2]] | ||
| + | - [[http://www.forensicswiki.org/wiki/Main_Page|Forensic wiki]] | ||
les_pre-requis_forensic.txt · Dernière modification: 2022/04/10 00:31 par Vixepti
Outils de la Page
Sauf mention contraire, le contenu de ce wiki est placé sous la licence suivante : CC Attribution-Share Alike 3.0 Unported
