Mon premier blog

File System Forensic Analysis Brian Carrier
Publisher: Addison-Wesley Professional

Back when I was first figuring out how to acquire the Samsung Galaxy Camera, I did a file system dump using Cellebrite's UFED Logical. As forensic analysts, we are providing someone with our account of a real person's actions and events. File system, in addition, can also be used to hide data. The guys at X-Ways Forensics introduced the ability to traverse for and process previously existing files from Volume Shadow Copies and System Volume Information files. For example, chapter 4 is dedicated to the HFS+ file system used by Macintosh computers and drills down to disk level file system forensics. The most famous ways are data encryption and steganography. File System Forensic Analysis : Let's create a directory in our /root (the root user's home) directory called /root/ntfs_pract/ and place the file in there. We are telling people through our discoveries what someone did or didn't do on a particular system. Most digital forensics evidence is stored within the computer's file system, but working with file systems is the most technically challenging aspect of forensic analysis. The key to forensics is freezing the environment as close to the point of compromise as possible.