File System Forensic Analysis
File System Forensic Analysis

Author: Brian Carrier

Publisher: Addison-Wesley Professional

Published: 2005-03-17

Total Pages: 895

ISBN-13: 0134439546

DOWNLOAD EBOOK

The Definitive Guide to File System Analysis: Key Concepts and Hands-on Techniques Most digital evidence is stored within the computer's file system, but understanding how file systems work is one of the most technically challenging concepts for a digital investigator because there exists little documentation. Now, security expert Brian Carrier has written the definitive reference for everyone who wants to understand and be able to testify about how file system analysis is performed. Carrier begins with an overview of investigation and computer foundations and then gives an authoritative, comprehensive, and illustrated overview of contemporary volume and file systems: Crucial information for discovering hidden evidence, recovering deleted data, and validating your tools. Along the way, he describes data structures, analyzes example disk images, provides advanced investigation scenarios, and uses today's most valuable open source file system analysis tools—including tools he personally developed. Coverage includes Preserving the digital crime scene and duplicating hard disks for "dead analysis" Identifying hidden data on a disk's Host Protected Area (HPA) Reading source data: Direct versus BIOS access, dead versus live acquisition, error handling, and more Analyzing DOS, Apple, and GPT partitions; BSD disk labels; and Sun Volume Table of Contents using key concepts, data structures, and specific techniques Analyzing the contents of multiple disk volumes, such as RAID and disk spanning Analyzing FAT, NTFS, Ext2, Ext3, UFS1, and UFS2 file systems using key concepts, data structures, and specific techniques Finding evidence: File metadata, recovery of deleted files, data hiding locations, and more Using The Sleuth Kit (TSK), Autopsy Forensic Browser, and related open source tools When it comes to file system analysis, no other book offers this much detail or expertise. Whether you're a digital forensics specialist, incident response team member, law enforcement officer, corporate security specialist, or auditor, this book will become an indispensable resource for forensic investigations, no matter what analysis tools you use.

The Dewey Decimal System
The Dewey Decimal System

Author: Nathan Larson

Publisher: Akashic Books

Published: 2011-04-19

Total Pages: 257

ISBN-13: 1617750409

DOWNLOAD EBOOK

This tale of a book-loving tough guy in a decimated Manhattan is “like Motherless Brooklyn dosed with Charlie Huston . . . Delirious and haunting” (Megan Abbott, author of Give Me Your Hand). After a flu pandemic, a large-scale terrorist attack, and the total collapse of Wall Street, New York City is reduced to a shadow of its former self. As the city struggles to dig itself out of the wreckage, a nameless, obsessive-compulsive veteran with a spotty memory, a love for literature, and a strong if complex moral code (that doesn’t preclude acts of extreme violence) has taken up residence at the main branch of the New York Public Library on Forty-second Street. Dubbed “Dewey Decimal” for his desire to reorganize the library’s stock, he gets by as bagman and muscle for New York City’s unscrupulous district attorney. He takes no pleasure in this kind of civic dirty work. He’d be perfectly content alone amongst his books. But this is not in the cards, as the DA calls on Dewey for a seemingly straightforward union-busting job. What unfolds throws Dewey into a mess of danger, shifting allegiances, and old vendettas, forcing him to face the darkness of his own past and the question of his buried identity . . . “The Dewey Decimal System is proof positive that the private detective will remain a serious and seriously enjoyable literary archetype.” —PopMatters

Forensic Examination of Windows-Supported File Systems
Forensic Examination of Windows-Supported File Systems

Author: Doug Elrick

Publisher: Lulu.com

Published: 2019-03-21

Total Pages: 394

ISBN-13: 0359370721

DOWNLOAD EBOOK

Understanding the underlying system of how files are stored, what happens when they are deleted, and how to potentially recover them is essential to the digital forensic examiner. Today's computer forensic tools automate the process of file recovery, but understanding what those tools are accomplishing and knowing whether they are providing accurate results requires an understanding of the information provided in this text. The FAT and NTFS file systems are the most commonly utilized information storage methods and while there are many other methods available, concentrating on these two lays the foundation for learning the others in the future. A brief introduction of ExFAT is included, as it is a relatively new file system used with larger flash drives. Forensic Examination of Windows-Supported File Systems will provide the basis for this knowledge and the practical expertise to begin the journey of becoming a digital forensic scientist.