Forensic corpora

From ForensicsWiki
Revision as of 17:08, 4 February 2007 by Simsong (Talk | contribs)

Jump to: navigation, search

This page describes large-scale corpora of forensically interesting information that are available for those involved in forensic research.

Disk Images

The Garfinkel Used Hard drive Collection Project. Between 1998 and 2006, Garfinkel acquired 1250+ hard drives on the secondary market. These hard drive images have proven invaluable in performing a range of studies such as the developing of new forensic techniques [13] and the sanitization practices of computer users.

Network Packets

The DARPA Intrusion Detection Evaluation. In 1998, 1999 and 2000 the Information Systems Technology Group at MIT Lincoln Laboratory created a test network complete with simulated servers, clients, clerical workers, programmers, and system managers. Baseline traffic was collected. The systems on the network were then “attacked” by simulated hackers. Some of the attacks were well-known at the time, while others were developed for the purpose of the evaluation.

Email messages

The Enron Corpus of email messages that were seized by the Federal Energy Regulatory Commission during its investigation of Enron [11].

Log files