# Forensics

## Disk Forensics

### dd

### strings

```shell
$ strings /tmp/mem.dump | grep BOOT_
$ BOOT_IMAGE=/vmlinuz-3.5.0-23-generic
```

### scalpel

### TrID

### binwalk

### foremost

### ExifTool

### Hex editors

### dff

### CAINE

### The Sleuth Kit


----------

## Memory Forensics

### memdump



### Volatility: Analysing Dumps

* [I have a lot of material on Volatility and Memory Forensics here](volatility.md)
* I highly reccomend their training.

---------------
### Scripts

#### PDFs
Tools to test a PDF file:

- pdfid
- pdf-parser


-----------
## References

* [File system analysis](http://wiki.sleuthkit.org/index.php?title=FS_Analysis)
* [TSK Tool Overview](http://wiki.sleuthkit.org/index.php?title=Mactime)