Getting started
¿What is this documentation repository?
This is a technical documentation repository whose main objective is to establish a baseline of proven, flexible and accessible knowledge to boost consensual forensic analysis in support of civil society across the globe. To organize the contents, we use the technical documentation framework Diátaxis.
Digital forensics makes possible the discovery and examination of digital data and media with the goal of identifying, documenting and interpreting data to construct and present reproducible evidence of digital attacks. In this repository we describe standard procedures, aligned with industry best practices, to generate evidence that can be used to to promote accountability actions, in order to reduce and expose the impunity with which digital attacks are carried out.
¿Who is this repository for?
The information included in this repository can be useful to individuals with different profiles, including:
- Contact points and intermediaries (individuals with basic technical competences)
- Security incident handlers for civil society
- Threat lab analysts
- Managers and coordinators of threat labs
We expect that any person with a basic technical capacity can follow resources in this repository to understand key concepts of consensual forensic analysis, as well as procedures to identify and acquire forensic evidence.
The resources focused on the analysis of evidence and presentation of results are geared towards forensic analysts, specially those within emerging or established threat labs, since they require additional technical competencies and a well-thought risk management plan.
¿How is this repository organized?
To organize this repository we follow the technical documentation framework Diataxis, that defines four different types of resources: tutorials, how-to’s, explainers and references.
-
Explainers
Explainers deepen and broaden the reader’s understanding of a subject. It brings clarity, light and context. Explainers intention is to be theoric learning resources, to improve the understanding of a given subject. They focus on a defined scope of a larger topic, and usually help understand the “why”.
For example, the first explainer included in this documentation repository presents information about the larger forensic science field, and how consensual digital forensics for civil society fit in the larger scheme of things while also touching on the importance as a mechanism for accountability.
-
How-To Guides
How-to’s are all about executing a task and achieving a goal through step-by-step instructions. It assumes that the reader already has the baseline skills and knowledge necessary to complete the task, and hence, focuses on the steps necessary to achieve the desired outcome in a correct way and aligned to best practices.
A good example is a cooking recipe, where the focus is to achieve a result, in this case preparing a specific dish in a repeatable way. It assumes the person already has basic knowledge on aspects like cutting and measuring the ingredients, setting the oven temperature, etc.
-
Tutorials
Tutorials are all about learning through guided practical exercises. In other words, it's learning by doing. Tutorials allow the reader to acquire skills and knowledge, and are focused on learning and not on completing a specific task.
An example of a tutorial is a car driving lesson. Usually, in a good driving lesson students familiarize themselves with the vehicle, the controls, and learn as they go. The objective is not getting from going A to point B, instead is the skills you learn in the way.
-
References
LReference material describes the machinery. It should be austere. One hardly reads reference material; one consults it. There should be no doubt or ambiguity in reference; it should be wholly authoritative. Reference contains technical knowledge that can be helpful when executing a task.
A good example of a reference is a map. It is a clear, neutral and precise resource that serves as support when completing a task, in this case getting from point A to point B.
¿How to navigate this documentation repository?
In alignment with Diataxis, we should first identify the need or the goal we have when consulting the documentation, so that we are pointed to the right type of resource to respond to that need.
More concretely:
- If the objective is to acquire skills and knowledge, then check the tutorials.
- If the objective is to improve the understanding of a given subject, check the explainers.
- If the objective is to apply skills to achieve a specific task, then check the how-to guides.
- If the objective is to obtain descriptive information of concepts or tools when trying to complete a task, check the references.
As we continue to include content in this repository, we will define learning pathways that allow readers to obtain the necessary knowledge and skills to complete tasks across the different phases of a forensic investigation.
¿How to collaborate with this repository?
All materials published in this repository are part of a collective effort to support the civil society forensic analysis community. As such, we are thankful for any effort from individuals or organizations to share, improve and contribute to the development of this resource, including through actions like replicating, verifying and extending resources and methodologies.
If you are interested in collaborating, or believe there are additional resources that can be added to this repository to strengthen the forensic practice of civil society, please let us know. You can find more information in the community page of this repository.