left4code.neocities.org/courses/digital_forensics.html

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Left4Code - (Digital Forensics)</title>
    <link rel="icon" type="image/x-icon" href="../favicon/favicon.ico">
    <link rel="stylesheet" type="text/css" href='../style.css'>
</head>
<body>
    <header>
        <span>Left4Code</span>
    </header>

    <nav>
        <div>
            <a href="../index.html">Home</a>
            <a href="../blog.html">Blog / Courses</a>
        </div>
    </nav>

    <div class="container">
        <section>
	    <h1 class="blog-header">Digital Forensics Using Linux</h1>
          
	    <p>This whole page is currently subject to change, I'm figuring things out.</p>
	    <p>This "Course" will be formatted in such a way where you can view any section you want, I'll provide what you need to know at the top of it, and it's up to you if you want to follow that advice or not.</p>
	    <dl>
	      <hr>
		      <p>[*Note*] This course got it's list of tools from <a href="https://tsurugi-linux.org/documentation_tsurugi_linux_tools_listing_2024.php">this Tsurugi Linux page</a> if this course ever becomes outdated (probably will unless I do community-submitted git integration) you can always find an updated list of tools there.</p>
		      <hr>
		      <p>[*Also Note*] Everything with a "[&#x2705;]" means the section exists and "[&#x274C;]" means it does not. [🛠️] means I'm currently working on it and [⚔️] denotes a challenge CTF for that specific section.</p>
		      <hr>
	    </dl>

	    <h3 class="blog-header">Filesystem Imaging & hashing</h3>
	    <ul>
		<li><a href="filesystem_imaging_forensics/dd.html">dd  &#8212; [&#x2705;]</a></li>
		<li><a href="filesystem_imaging_forensics/dc3dd.html">dc3dd  &#8212;[&#x2705;]</a></li>
		<li><a href="itscoming.html">Guymager  &#8212; [&#x274C;]</a></li>
		<li><a href="itscoming.html">Cyclone  &#8212; [&#x274C;]</a></li>
                <li><a href="itscoming.html">ddrescue  &#8212; [&#x274C;]</a></li>
		<li><a href="itscoming.html">ftkimager  &#8212; [&#x274C;]</a></li>
		<hr>
		<li><a href="hash_forensics/gtkhash.html">GtkHash  &#8212; [&#x2705;]</a></li>
                <li><a href="hash_forensics/shasum.html">sha*sum  &#8212; [&#x2705;]</a></li>
                <li><a href="hash_forensics/hashid.html">hashid  &#8212; [&#x2705;]</a></li>
		<li><a href="hash_forensics/hashcat.html">hashcat  &#8212; [&#x2705;]</a></li>
		<hr>
                <li><a href="https://git.qwik.space/left4code/L4C_Forensics_CTF/src/branch/master/Filesystem%20Imaging%20&%20hashing/hashing/CTF_HashMash">(HashMash)  &#8212; [⚔️]</a></li>
		<hr>
	    </ul>	
            <h3 class="blog-header">Data Acquisition</h3>
	    <ul>
		<li><a href="itscoming.html">Acquire &#8212; [&#x274C;]</a></li>
		<li><a href="itscoming.html">artifactcollector &#8212; [&#x274C;]</a></li>
    		<li><a href="itscoming.html">AVML &#8212; [&#x274C;]</a></li>
    		<li><a href="itscoming.html">unix_collector &#8212; [&#x274C;]</a></li>
    		<li><a href="itscoming.html">velociraptor &#8212; [&#x274C;]</a></li>
	    </ul>
	    <h3 class="blog-header">Logfile Locations on Win & Lin, & Reading Logfiles</h3>

	    <ul>
                <li><a href="itscoming.html">Windows CommonLog &#8212; [&#x274C;]</a></li>
		<li><a href="itscoming.html">Linux CommonLog &#8212; [&#x274C;]</a></li>
		<li><a href="itscoming.html">Reading logfiles&#8212; [&#x274C;]</a></li>
            </ul>


	    <h3 class="blog-header">Memory Analysis</h3>
	    <ul>

    		<li><a href="itscoming.html">LiME &#8212; [&#x274C;]</a></li>
                <li><a href="itscoming.html">Rekall &#8212; [&#x274C;]</a></li>
                <li><a href="itscoming.html">volatility &#8212; [🛠️]</a></li>
                <li><a href="itscoming.html">volUtility &#8212; [&#x274C;]</a></li>
            </ul>
	    <h3 class="blog-header">Common Types of Steganography & Detection</h3>

	    <ul>
                <li><a href="itscoming.html">StegHide &#8212; [&#x274C;]</a></li>
            </ul>
	    <h3 class="blog-header">Network Forensics</h3>
	    <ul>
                <li><a href="itscoming.html">SNORT &#8212; [&#x274C;]</a></li>
                <li><a href="itscoming.html">Wireshark &#8212; [&#x274C;]</a></li>
                <li><a href="itscoming.html">Kismet &#8212; [&#x274C;]</a></li>
                <li><a href="itscoming.html">NetworkMiner &#8212; [&#x274C;]</a></li>
                <li><a href="itscoming.html">Squery &#8212; [&#x274C;]</a></li>
            </ul>
	    <h3 class="blog-header">Blockchain Forensics</h3>

	    <ul>
                <li><a href="itscoming.html">etherscan &#8212; [&#x274C;]</a></li>
                <li><a href="itscoming.html">blockchair &#8212; [&#x274C;]</a></li>
                <li><a href="itscoming.html">OpenTimestamps  &#8212; [&#x274C;]</a></li>
                <li><a href="itscoming.html">WalletSleuth &#8212; [&#x274C;]</a></li>
            </ul>

	    <h3 class="blog-header">Metadata forensics</h3>

	    <ul>
                <li><a href="metadata_forensics/mat2.html">mat2 &#8212; [&#x2705;]</a></li>
                <li><a href="metadata_forensics/exiftool.html">ExifTool &#8212; [&#x2705;]</a></li>
		<hr>
                <li><a href="https://git.qwik.space/left4code/L4C_Forensics_CTF/src/branch/master/Metadata%20Forensics">(BKFLAG) &#8212; [⚔️]</a></li>
		<hr>
            </ul>

	    <h3 class="blog-header">Putting Together a Timeline & Report</h3>

	    <ul>
                <li><a href="itscoming.html">plaso &#8212; [&#x274C;]</a></li>
                <li><a href="itscoming.html">Timeline Explorer &#8212; [&#x274C;]</a></li>
                <li><a href="itscoming.html">timeliner &#8212; [&#x274C;]</a></li>
                <li><a href="itscoming.html">timesketch &#8212; [&#x274C;]</a></li>
		<li><a href="itscoming.html">DFTimewolf &#8212; [&#x274C;]</a></li>
            </ul>


        </section>
    </div>

</body>
<footer>
	<h5>This entire site and it's material are licensed under a Creative Commons Attribution-NonCommercial 4.0 International License</h5> 
                <h5>and is not allowed to be used for Commercial purposes or educational purposes which require tuition (or any money at all) to access.</h5>
<p><a href="https://creativecommons.org/licenses/by-nc/4.0/">https://creativecommons.org/licenses/by-nc/4.0/</a></p>

</footer>

</html>