There always seems to be common questions asked on forensic mailing lists, forums, and blogs. One of the common questions is, "Does anyone have contact information for ABC company?" Another question commonly seen is, "Has anyone dealt with ABC program or have a whitepaper for it?" The first question is solved by the ISP list at Search.org. The second question didn't have a unified source of information — until now.
The website ForensicArtifacts.com was recently launched to provide a reference database for forensic examiners looking for specific information on artifacts of operating systems, programs, and user activity. The website was set up in blog format allowing examiners to subscribe to the RSS feed or simply visit the site and use the global search functions. There is also a Twitter feed that will keep examiners up to date with the latest submissions.
The main goal for this site is to become a useful resource for the forensic community. As such, we also rely on the community for submissions. Please take a look at our submit page and consider donating some of your time and expertise to populating the website.
Once Forensic Artifacts has a significant following, several other goals will be accomplished. We will be able to provide a monthly report of user activity including the most viewed artifacts and the most searched for items. This should give examiners insight into rising activity of popular programs or newly circulated malware. The site will also be able to feed forensic triage programs (mainly WindowsRipper) by providing intelligence and common artifacts to look for.
As this is truly meant to become a community resource, we welcome any and all input from the forensic community. Please feel free to let us know if you think something should be added or changed. You can leave a comment here or send an email to Matt Churchill or Joe Garcia.
Matt Churchill currently manages the digital forensics practice at Continuum Worldwide and has earned the GCFA, CFCE, CCE, and CISSP certifications. You can follow him on Twitter at @matt_churchill.
Joe Garcia is a Law Enforcement Officer with over 16 years of experience, the last 4 of which he has been assigned to conduct computer crime investigations and digital forensics. He holds the GIAC GSEC Gold, GCIH Silver and AccessData ACE certifications. You can follow Joe on Twitter at @jgarcia62. Joe is also the host of the Cyber Crime 101 podcast, which can be found at www.cybercrime101.com and @cybercrime101 on Twitter.
.png "Anastasia Sentsova")
