cleanup1

Author: joachimmetz

docs/academic_forensics_programs_graduate_level.md

@@ -6,7 +6,7 @@ tags:
 ## US Programs
 
 - [American InterContinental University](https://www.aiuniv.edu/degrees/criminal-justice/bachelors-forensic-science)
-- [Arizona State University](https://globalsecurity.asu.edu/cybersecurity/information-assurance-education)
+- [Arizona State University](https://globalsecurity.asu.edu/expertise/cybersecurity-and-trusted-foundations/)
 - [Boston University](https://www.bu.edu/met/degrees-certificates/digital-forensics-graduate-certificate/)
 - California Sciences Institute
 - [Carnegie Mellon University](https://csd.cmu.edu/academics/masters/overview)

docs/adf_solutions.md

@@ -4,10 +4,10 @@ tags:
 ---
 # Overview
 
-[Advanced Digital Forensic Solutions Inc.](https://www.adfsolutions.com/)
-(ADF Solutions, Inc., or ADF Solutions) is a privately held, minority-owned
-small business based in Bethesda, Maryland. The company was founded in 2005 by
-J.J. Wallia and Raphael Bousquet.
+Advanced Digital Forensic Solutions Inc. (ADF Solutions, Inc., or ADF
+Solutions) is a privately held, minority-owned small business based in
+Bethesda, Maryland. The company was founded in 2005 by J.J. Wallia and Raphael
+Bousquet.
 
 ADF Solutions develops tools for media exploitation (MEDEX) and [digital
 forensics](digital_forensics.md) triage. These tools scan
@@ -19,9 +19,7 @@ security, and other government agencies worldwide.
 
 # ADF Products
 
-ADF offers [three main
-products](https://www.adfsolutions.com//products/): Triage-G2,
-Triage-Examiner, and Triage-Responder.
+ADF offers three main products: Triage-G2, Triage-Examiner, and Triage-Responder.
 
 [Triage-G2](https://www.adfsolutions.com/triage-g2) is a media
 exploitation ([medex](medex.md) tool used by field operatives
@@ -137,31 +135,9 @@ highlighted in many different publications:
 
 * [ADF on CyberSpeak’s Podcast](https://cyberspeak.libsyn.com/cyber-speak-november-1-2010http-adfsolutions-com-)
 
-# Social Media and other Websites
+# External Links
 
-<H4>
-
-Social media
-
-</H4>
-
-[Facebook](https://www.facebook.com/adfsolutions)
-[Twitter](https://twitter.com/adfsolutions)
-[LinkedIn](http://www.linkedin.com/company/247174?goback=%2Efcs_GLHD_adf+solutions_false_*2_*2_*2_*2_*2_*2_*2_*2_*2_*2_*2_*2&trk=ncsrch_hits)
-
-<H4>
-
-Other Websites
-
-</H4>
-
-[ADF Solutions](https://www.adfsolutions.com/)
-[Forensic Triage](https://www.adfsolutions.com/free-trial-forensic-triage)
-[Media Exploitation](https://www.adfsolutions.com/free-trial-forensic-triage)
-
-# Contact
-
-ADF Solutions, Inc.
-7910 Woodmont Ave. Suite 260
-Bethesda, MD 20814
-<https://www.adfsolutions.com//>
+* [Official website](https://www.adfsolutions.com/)
+* [Facebook](https://www.facebook.com/adfsolutions)
+* [Twitter](https://twitter.com/adfsolutions)
+* [LinkedIn](http://www.linkedin.com/company/247174?goback=%2Efcs_GLHD_adf+solutions_false_*2_*2_*2_*2_*2_*2_*2_*2_*2_*2_*2_*2&trk=ncsrch_hits)

docs/cyber_threat_intelligence.md

@@ -34,68 +34,53 @@ context it can mean Trusted Third Party.
 
 ## Standards
 
-- CAPEC
-- IDMEF
-- IODEF
-- OpenIOC
-- Oval
-- Stix/Cybox/MAEC
-- Veris
-- Yara
-
-### CAPEC
-
-### IODEF
+* CAPEC
+* IDMEF
+* IODEF
+* OpenIOC
+* Oval
+* Stix/Cybox/MAEC
+* Veris
+* Yara
 
 ### OpenIOC
 
 Cons:
 
-- Highly [Mandiant](mandiant.md) product centric standard,
+* Highly [Mandiant](mandiant.md) product centric standard,
   though seems to have digressed a bit from this since version 1.1
 
-### Stix/Cybox/MAEC
-
 ## External Links
 
-- [Driving a Collectively Stronger Security Community with Microsoft
-  Interflow](https://learn.microsoft.com/en-us/archive/blogs/),
+* [Driving a Collectively Stronger Security Community with Microsoft Interflow](https://learn.microsoft.com/en-us/archive/blogs/),
   by Jerry Bryant, June 23, 2014
-- [NIST Special Publication 800-150 (Draft) - Guide to Cyber Threat 6
-  Information Sharing
-  (Draft)](https://csrc.nist.gov/csrc/media/publications/sp/800-150/archive/2016-04-21/documents/sp800_150_draft.pdf),
-  [NIST](nist.md)
+* [NIST Special Publication 800-150 (Draft) - Guide to Cyber Threat 6 Information Sharing (Draft)](https://csrc.nist.gov/csrc/media/publications/sp/800-150/archive/2016-04-21/documents/sp800_150_draft.pdf),
+  by [NIST](nist.md)
 
 ### Feeds (or equivalent)
 
-- [IOC Bucket](https://www.iocbucket.com/)
-- [Cyber Campaigns](http://www.cybercampaigns.net/)
+* [Cyber Campaigns](http://www.cybercampaigns.net/)
 
 ### CAPEC
 
-- [Common Attack Pattern Enumeration and Classification
-  (CAPEC)](https://capec.mitre.org/)
+* [Common Attack Pattern Enumeration and Classification (CAPEC)](https://capec.mitre.org/)
 
 ### IODEF
 
-- [RFC 5070 - The Incident Object Description Exchange
-  Format](https://www.rfc-editor.org/rfc/rfc5070)
+* [RFC 5070 - The Incident Object Description Exchange Format](https://www.rfc-editor.org/rfc/rfc5070)
 
 ### OpenIOC
 
-- [The OpenIOC framework](https://fireeye.market)
+* [The OpenIOC framework](https://fireeye.market)
 
 ### Stix/Cybox/MAEC
 
-- [Cyber Observable eXpression](https://cyboxproject.github.io)
-- [Structured Threat Information eXpression](https://stixproject.github.io)
-- [Malware Attribute Enumeration and Characterization
-  (MAEC)](https://maecproject.github.io)
-- [Standardizing Cyber Threat Intelligence Information with the
-  Structured Threat Information eXpression
-  (STIX™)](https://msm.mitre.org/docs/STIX-Whitepaper.pdf), by Sean
-  Barnum, 2013
+* [Cyber Observable eXpression](https://cyboxproject.github.io)
+* [Structured Threat Information eXpression](https://stixproject.github.io)
+* [Malware Attribute Enumeration and Characterization (MAEC)](https://maecproject.github.io)
+* [Standardizing Cyber Threat Intelligence Information with the Structured Threat Information eXpression (STIX™)](https://stixproject.github.io/getting-started/whitepaper/),
+  by Sean Barnum, 2014
 
 ## Tools
 
-- [Mantis](mantis.md)
+* [Mantis](mantis.md)

docs/forensic_training.md

@@ -20,7 +20,6 @@ This page lists vendors that offer various kinds of forensic training.
 * [Maresware Training](http://www.maresware.com/maresware/training/maresware.htm)
 * [Paraben Forensics Training](https://paraben.com/dfir-training-3/)
 * [Vigilar](http://www.vigilar.com/training.html)
-* [WetStone Technologies Investigator Training](https://www.wetstonetech.com/trainings.html)
 * [NetSecurity Hands-On How-To Training Courses](http://netsecurity.com/forensics/digital_computer_forensics_training.html)
 
 ## Law enforcement only

docs/malware.md

@@ -51,59 +51,58 @@ operating system.
 
 Various types of rootkits:
 
-- User mode
-- Kernel mode
-  - Bootkits
-- Hypervisor level
-- Firmware and Hardware
+* User mode
+* Kernel mode
+  * Bootkits
+* Hypervisor level
+* Firmware and Hardware
 
 ## See Also
 
-- [Malware analysis](malware_analysis.md)
-- [Windows Registry Persistence keys](windows_registry.md#persistence-keys)
+* [Malware analysis](malware_analysis.md)
+* [Windows Registry Persistence keys](windows_registry.md#persistence-keys)
 
 ## External Links
 
-- [Wikipedia: malware](https://en.wikipedia.org/wiki/Malware)
-- [Wikipedia: drive-by-download](https://en.wikipedia.org/wiki/Drive-by_download)
-- [Viruslist.com](http://www.viruslist.com/)
-- [Androguard](https://code.google.com/archive/p/androguard/wikis/DatabaseAndroidMalwares.wiki):
+* [Wikipedia: malware](https://en.wikipedia.org/wiki/Malware)
+* [Wikipedia: drive-by-download](https://en.wikipedia.org/wiki/Drive-by_download)
+* [Viruslist.com](http://www.viruslist.com/)
+* [Androguard](https://code.google.com/archive/p/androguard/wikis/DatabaseAndroidMalwares.wiki):
   A list of recognized Android malware
-- [Communities @ Risk - Targeted Digital Threats Against Civil Society](https://targetedthreats.net/index.html)
-- [botnets.fr wiki](https://www.botnets.fr/wiki/Main_Page)
-- [Vulnerability Disclosure in the Age of Social Media: Exploiting Twitter for Predicting Real-World Exploits](http://users.umiacs.umd.edu/~tdumitra/papers/USENIX-SECURITY-2015.pdf),
+* [Communities @ Risk - Targeted Digital Threats Against Civil Society](https://targetedthreats.net/index.html)
+* [Vulnerability Disclosure in the Age of Social Media: Exploiting Twitter for Predicting Real-World Exploits](http://users.umiacs.umd.edu/~tdumitra/papers/USENIX-SECURITY-2015.pdf),
   by Carl Sabottke, Octavian Suciu, Tudor Dumitras, Usenix 2015
 
 ### Analysis
 
-- [A Forensic Overview of a Linux perlbot](http://www.sempersecurus.org/2013/12/a-forensic-overview-of-linux-perlbot.html),
+* [A Forensic Overview of a Linux perlbot](http://www.sempersecurus.org/2013/12/a-forensic-overview-of-linux-perlbot.html),
   by Andre M. DiMino, December 17, 2013
-- [Probing into the Flash Zero Day Exploit (CVE-2014-0502)](https://www.zscaler.com/blogs/security-research),
+* [Probing into the Flash Zero Day Exploit (CVE-2014-0502)](https://www.zscaler.com/blogs/security-research),
   by Krishnan Subramanian, February 21, 2014
-- [Operation Windigo](https://www.welivesecurity.com/wp-content/uploads/2014/03/operation_windigo.pdf),
+* [Operation Windigo](https://www.welivesecurity.com/wp-content/uploads/2014/03/operation_windigo.pdf),
   by Olivier Bilodeau, Pierre-Marc Bureau, Joan Calvet, Alexis
   Dorais-Joncas, Marc-Étienne M.Léveillé, Benjamin Vanheuverzwijn,
   March, 2014
-- [Security Advisory 2953095: recommendation to stay protected and for detections](https://learn.microsoft.com/en-us/archive/blogs/),
+* [Security Advisory 2953095: recommendation to stay protected and for detections](https://learn.microsoft.com/en-us/archive/blogs/),
   by Chengyun Chu, Elia Florio, March 24, 2014
 
 ### Exploit Kit
 
-- [What Are Exploit Kits?](https://zeltser.com/what-is-an-exploit-kit/),
+* [What Are Exploit Kits?](https://zeltser.com/what-is-an-exploit-kit/),
   by Lenny Zeltser, October 26, 2010
-- [The four seasons of Glazunov: digging further into Sibhost and Flimkit](https://nakedsecurity.sophos.com/2013/07/02/the-four-seasons-of-glazunov-digging-further-into-sibhost-and-flimkit/),
+* [The four seasons of Glazunov: digging further into Sibhost and Flimkit](https://nakedsecurity.sophos.com/2013/07/02/the-four-seasons-of-glazunov-digging-further-into-sibhost-and-flimkit/),
   by Fraser Howard, July 2, 2013
-- [Exploit Kits 2014-2015](http://contagiodata.blogspot.com/2014/12/exploit-kits-2014.html)
+* [Exploit Kits 2014-2015](http://contagiodata.blogspot.com/2014/12/exploit-kits-2014.html)
 
 ### Persistence
 
-- [Many ways of malware persistence (that you were always afraid to ask)](https://jumpespjump.blogspot.com/2015/05/many-ways-of-malware-persistence-that.html),
+* [Many ways of malware persistence (that you were always afraid to ask)](https://jumpespjump.blogspot.com/2015/05/many-ways-of-malware-persistence-that.html),
   May 5, 2015
 
 ### Rootkit
 
-- [Wikipedia: Rootkit](https://en.wikipedia.org/wiki/Rootkit)
-- [Understanding Rootkits: Using Memory Dump Analysis for Rootkit Detection](https://forensicfocus.com/articles/understanding-rootkits/),
+* [Wikipedia: Rootkit](https://en.wikipedia.org/wiki/Rootkit)
+* [Understanding Rootkits: Using Memory Dump Analysis for Rootkit Detection](https://forensicfocus.com/articles/understanding-rootkits/),
   by Dmitry Korolev, Yuri Gubanov, Oleg Afonin, November 22, 2013
-- [Turning USB peripherals into BadUSB](https://opensource.srlabs.de/projects/badusb)
-- [Phison 2251-03 (2303) Custom Firmware & Existing Firmware Patches](https://github.com/brandonlw/Psychson)
+* [Turning USB peripherals into BadUSB](https://opensource.srlabs.de/projects/badusb)
+* [Phison 2251-03 (2303) Custom Firmware & Existing Firmware Patches](https://github.com/brandonlw/Psychson)

docs/national_computer_forensic_institute.md

@@ -1,6 +1,6 @@
 ---
 tags:
-  - No Category
+  - Organizations
 ---
 The National Computer Forensic Institute (NCFI) opened in 2008 and is
 located in Hoover, Alabama.
@@ -9,8 +9,3 @@ The NCFI is operated by US Secret Service’s Criminal Investigative
 Division and the Alabama Office of Prosecution Services. It strives to
 provide digital evidence training to local and state law enforcement
 officers.
-
-## External Links
-
-[National Computer Forensic Institute home
-page](https://www.ncfi.usss.gov/)

docs/network_forensics.md

@@ -60,13 +60,12 @@ available.
 
 - [Argus](argus.md)
 - [Bulk Extractor](bulk_extractor.md)
-  [1](https://github.com/simsong/bulk_extractor)
 - [Chaosreader](chaosreader.md) is a session reconstruction tool
   (supports both live or captured network traffic)
 - [FlowGREP](https://www.monkey.org/~jose/software/flowgrep/) is a basic IDS/IPS tool written in
   Python
 - [KisMAC](kismac.md) is a free, open source wireless stumbling
-  and security tool for Mac OS X. [3](https://kismac-ng.org/)
+  and security tool for Mac OS X.
 - [Kismet](kismet.md)
 - [logstash](http://logstash.net/) is a tool for managing events and
   logs. You can use it to collect logs, parse them, and store them for
@@ -80,7 +79,6 @@ available.
   tool to parse various log files and artifacts found on suspect systems
   (and supporting systems, such as network equipment) and produce a
   timeline that can be analysed by forensic investigators/analysts.
-  [5](https://code.google.com/archive/p/log2timeline)
 - [NetFSE](netfse.md) is a web-based search and analysis
   application for high-volume network data [available at
   NetFSE.org](http://www.netfse.org)
@@ -102,51 +100,43 @@ available.
 - [RegRipper](regripper.md) is an open source tool, written in
   Perl, for extracting/parsing information (keys, values, data) from the
   Registry and presenting it for analysis
-  [8](https://regripper.wordpress.com/)
 - [Snort](snort.md)
 - [Wireshark](wireshark.md)
 - [Xplico](xplico.md).
-  Protocols supported: [HTTP, SIP, FTP, IMAP, POP, SMTP, TCP, UDP, IPv4,
-  IPv6, ...](https://www.xplico.org/status.html)
 
 ### Commercial Network Forensics
 
 #### Deep-Analysis Systems
 
-- Code Green Networks [Content Inspection
-  Appliance](http://www.codegreennetworks.com) - Passive monitoring and
-  mandatory proxy mode. Easy to use Web GUI. Linux platform. Uses
-  Stellent Outside In to access document content and metadata.
-- E-Detective [9](https://www.edecision4u.com/)
+- Code Green Networks [Content Inspection Appliance](http://www.codegreennetworks.com) -
+  Passive monitoring and mandatory proxy mode. Easy to use Web GUI. Linux
+  platform. Uses Stellent Outside In to access document content and metadata.
+- [E-Detective](https://www.edecision4u.com/)
 - [InfoWatch Traffic Monitor](https://infowatch.com/)
 - Mera Systems [NetBeholder](https://videonadzor.net/)
 - MFI Soft [SORMovich](http://sormovich.ru/) (in Russian)
-- NETRESEC [NetworkMiner Professional (portable network forensic
-  analysis tool for
-  Windows)](https://www.netresec.com/?page=NetworkMiner)
+- NETRESEC [NetworkMiner Professional (portable network forensic analysis tool for Windows)](https://www.netresec.com/?page=NetworkMiner)
 - NetWitness Corporation - Freeware/Commercial, Enterprise-Wide,
   Real-Time Network Forensics [NetWitness](https://www.netwitness.com/)
-- Network Instruments [11](https://www.viavisolutions.com/en-us/ptv/solutions/performance-management-and-security)
+- [Network Instruments](https://www.viavisolutions.com/en-us/ptv/solutions/performance-management-and-security)
 - NIKSUN's NetDetector
-- PacketMotion [12](https://www.vmware.com/company/acquisitions.html)
+- [PacketMotion](https://www.vmware.com/company/acquisitions.html)
 - WildPackets [OmniPeek](omnipeek.md)
-  [13](http://www.wildpackets.com/solutions/it_solutions/network_forensics)
-  [14](http://www.wildpackets.com/products/distributed_network_analysis/omnipeek_network_analyzer/forensics_search)
-- [Xplico](xplico.md) [15](https://www.xplico.org/)
-- Expert Team - 3i System [16](http://expert-team.net/home/)
+- [Xplico](xplico.md)
+- [Expert Team - 3i System](http://expert-team.net/home/)
 
 #### Flow-Based Systems
 
 * Arbor Networks
-* CapAnalysis [17](https://www.capanalysis.net/ca/)
+* [CapAnalysis](https://www.capanalysis.net/ca/)
 * GraniteEdge Networks
-* Lancope <https://www.cisco.com/site/us/en/products/security/security-analytics/secure-network-analytics/index.html>
-* Mantaro Product Development Services <https://www.mantaro.com>
-* Mazu Networks <https://www.riverbed.com/en-gb>
+* [Lancope](https://www.cisco.com/site/us/en/products/security/security-analytics/secure-network-analytics/index.html)
+* [Mantaro Product Development Services](https://www.mantaro.com)
+* [Mazu Networks](https://www.riverbed.com/en-gb)
 
 #### Hybrid Systems
 
 These systems combine flow analysis, deep analysis, and security event
 monitoring and reporting.
 
-* Q1 Labs <http://www.q1labs.com/>
+* [Q1 Labs](http://www.q1labs.com/)

docs/plaso.md

@@ -268,7 +268,7 @@ File System Format support is provided by [dfVFS](dfvfs.md).
 * Windows boot verification Registry data
 * Windows drivers and services Registry data
 * Windows Explorer mount points Registry data
-* [Windows Explorer Programs Cache](https://github.com/libyal/winreg-kb/blob/master/documentation/Programs%20Cache%20values.asciidoc)
+* [Windows Explorer Programs Cache](https://winreg-kb.readthedocs.io/en/latest/sources/explorer-keys/Program-cache.html)
   Registry data
 * Windows Explorer typed URLs Registry data
 * Windows last shutdown Registry data

docs/powershell.md

@@ -1,20 +1,18 @@
 ---
 tags:
-  -  Articles that need to be expanded
+  - Articles that need to be expanded
 ---
 ## See Also
 
 - [Windows](windows.md)
 
 ## External Links
 
-- [Wikipedia:
-  PowerShell](https://en.wikipedia.org/wiki/Windows_PowerShell)
+- [Wikipedia: PowerShell](https://en.wikipedia.org/wiki/Windows_PowerShell)
 
 ### Exploitation
 
-- [empire](http://www.powershellempire.com/), post-exploitation agent
+- [empire](https://github.com/EmpireProject/Empire), post-exploitation agent
   built in PowerShell.
-- [Securing PowerShell in the
-  Enterprise](http://www.asd.gov.au/publications/protect/Securing_PowerShell.pdf),
-  by Australian Cyber Security Centre, March 2016
+- [Securing PowerShell in the Enterprise](http://www.asd.gov.au/publications/protect/Securing_PowerShell.pdf),
+  by Australian Cyber Security Centre, March 2016