Mon premier blog

File System Forensic Analysis Brian Carrier
Publisher: Addison-Wesley Professional

Forensics 2: Identifying File System and Extracting it. So I decided to fire up the old hex editor and see for myself. I have recently seen a few listserv messages regarding determining when the Operating System was installed. Nazarijo writes “The field of investigative forensics has seen a huge surge in interest lately, with many looking to study it because of shows like CSI or the increasing coverage of computer-related crimes. Digital Evidence and Computer Crime, Third Edition provides the knowledge necessary to uncover and use digital evidence effectively in any kind of investigation. I had recently completed Brian Carrier's, “File System Forensic Analysis,” (also an amazing book) and was looking for something a bit less in-depth and more of a general digital forensics book. File System Forensic Analysis : Let's create a directory in our /root (the root user's home) directory called /root/ntfs_pract/ and place the file in there. No Windows/Mac/Linux file systems forensics or Cisco hardware network forensics? Fundamentals of Modern Operating Systems Introduction & Forensics Investigations Handbook of Digital Forensics and Investigation, by Eoghan Casey, Elsevier Academic Press. Understanding EXT4 (Part 1): Extents · 3 comments Posted by Hal Pomeranz Filed under artifact analysis, Computer Forensics, Evidence Analysis While I had read some of the presentations[2] related to EXT4, I was curious about how the EXT4 structures actually looked on disk and how and why the changes made in the EXT4 file system broke existing forensic tools. This post focuses on the two common sources of date/times that can be somewhat misleading.