Forensics Intro

Last updated Mar 9, 2023 Edit Source

Forensics is the art of recovering the digital trail left on a computer. There are plently of methods to find data which is seemingly deleted, not stored, or worse, covertly recorded.

It can be difficult to figure out how to navigate evidence. Here are some questions you can ask as you come across new evidence.

An important part of Forensics is having the right tools, as well as being familair with the following topics:

• What is a hex editor?
• What is memory forensics?
• What are File Formats?
• What is Metadata?
• What is Wireshark?
• What is Steganography?
• What is Disk Imaging?

For more tools and information about forensics, check out these resources:

• https://trailofbits.github.io/ctf/forensics/
  • Great introduction
• Awesome Forensics
  • A wide collection of different tools to look at