Skip to content

Documentation repository on consensual digital forensics for the defense of Human Rights

¿What is this documentation repository?

This is a technical documentation repository whose main objective is to establish a baseline of proven, flexible and accessible knowledge to boost consensual forensic analysis in support of civil society across the globe. To organize the contents, we use the technical documentation framework Diátaxis.

Digital forensics makes possible the discovery and examination of digital data and media with the goal of identifying, documenting and interpreting data to construct and present reproducible evidence of digital attacks. In this repository we describe standard procedures, aligned with industry best practices, to generate evidence that can be used to to promote accountability actions, in order to reduce and expose the impunity with which digital attacks are carried out.

¿Who is this repository for?

The information included in this repository can be useful to individuals with different profiles, including:

  • Contact points and intermediaries (individuals with basic technical competences)
  • Security incident handlers for civil society
  • Threat lab analysts
  • Managers and coordinators of threat labs

We expect that any person with a basic technical capacity can follow resources in this repository to understand key concepts of consensual forensic analysis, as well as procedures to identify and acquire forensic evidence.

The resources focused on the analysis of evidence and presentation of results are geared towards forensic analysts, specially those within emerging or established threat labs, since they require additional technical competencies and a well-thought risk management plan.

¿How is this repository organized?

To organize this repository we follow the technical documentation framework Diataxis, that defines four different types of resources: tutorials, how-to’s, explainers and references.

Explainers

Explainers deepen and broaden the reader’s understanding of a subject. It brings clarity, light and context. Explainers intention is to be theoric learning resources, to improve the understanding of a given subject. They focus on a defined scope of a larger topic, and usually help understand the “why”.

For example, the first explainer included in this documentation repository presents information about the larger forensic science field, and how consensual digital forensics for civil society fit in the larger scheme of things while also touching on the importance as a mechanism for accountability.

Tutorials

Tutorials are all about learning through guided practical exercises. In other words, it's learning by doing. Tutorials allow the reader to acquire skills and knowledge, and are focused on learning and not on completing a specific task.

An example of a tutorial is a car driving lesson. Usually, in a good driving lesson students familiarize themselves with the vehicle, the controls, and learn as they go. The objective is not getting from going A to point B, instead is the skills you learn in the way.

How-to guides

How-to’s are all about executing a task and achieving a goal through step-by-step instructions. It assumes that the reader already has the baseline skills and knowledge necessary to complete the task, and hence, focuses on the steps necessary to achieve the desired outcome in a correct way and aligned to best practices.

A good example is a cooking recipe, where the focus is to achieve a result, in this case preparing a specific dish in a repeatable way. It assumes the person already has basic knowledge on aspects like cutting and measuring the ingredients, setting the oven temperature, etc.

References

Reference material describes the machinery. It should be austere. One hardly reads reference material; one consults it. There should be no doubt or ambiguity in reference; it should be wholly authoritative. Reference contains technical knowledge that can be helpful when executing a task.

A good example of a reference is a map. It is a clear, neutral and precise resource that serves as support when completing a task, in this case getting from point A to point B.

¿How to navigate this documentation repository?

In alignment with Diataxis, we should first identify the need or the goal we have when consulting the documentation, so that we are pointed to the right type of resource to respond to that need.

More concretely:

  • If the objective is to acquire skills and knowledge, then check the tutorials.
  • If the objective is to improve the understanding of a given subject, check the explainers.
  • If the objective is to apply skills to achieve a specific task, then check the how-to guides.
  • If the objective is to obtain descriptive information of concepts or tools when trying to complete a task, check the references.

As we continue to include content in this repository, we will define learning pathways that allow readers to obtain the necessary knowledge and skills to complete tasks across the different phases of a forensic investigation. As a starting point, we recommend you have a look at the indroductory explainer on digital forensics

¿How to collaborate with this repository?

All materials published in this repository are part of a collective effort to support the civil society forensic analysis community. As such, we are thankful for any effort from individuals or organizations to share, improve and contribute to the development of this resource, including through actions like replicating, verifying and extending resources and methodologies.

All contents are published under an attribution-ShareAlike licence. Contents are also published on a Github repository, and we appreciate any comment or suggestions as issues directly on issue section of the repository. For other type of collaborations, questions and comments we can be reached at seguridad@socialtic.org.

If you think there are additional resources that can be added to this repository to strengthen the forensic practice of civil society, please let us know. It doesn’t matter if it doesn’t follow the structure presented before, we are happy to adapt and be flexible as needed.

Style guide for English

Please follow the guidelines below when writing or adding resources to this repository:

  • Use markdown descriptive language for document writing
  • Page names should be set in low caps and with hyphen instead of spaces. Do not use special characters for file names.

To highlight informative elements, warnings, errors or confirmation messages please use text blocks as follow:

Best practice

Confirmation blocks in green should be used to highlight best practices.

Alternative

Yellow warning blocks should be used to mention a different route to achieve a similar result (this is especially helpful for how-to guides)

Error

Error blocks in red should be used to explain troubleshooting hints or alternative paths to follow to overcome an error.

Legal consideration

Information blocks in blue are used to highlight blocks with legal considerations.