Название: File System Forensics Автор: Fergus Toolan Издательство: Wiley Год: 2025 Страниц: 489 Язык: английский Формат: pdf (true), epub Размер: 37.2 MB
Comprehensive forensic reference explaining how file systems function and how forensic tools might work on particular file systems.
File System Forensics delivers comprehensive knowledge of how file systems function and, more importantly, how digital forensic tools might function in relation to specific file systems. It provides a step-by-step approach for file content and metadata recovery to allow the reader to manually recreate and validate results from file system forensic tools. The book includes a supporting website that shares all of the data (i.e. sample file systems) used for demonstration in the text and provides teaching resources such as instructor guides, extra material, and more.
Written by a highly qualified associate professor and consultant in the field,File System Forensics includes information on: The necessary concepts required to understand file system forensics for anyone with basic computing experience File systems specific to Windows, Linux, and macOS, with coverage of FAT, ExFAT, and NTFS Advanced topics such as deleted file recovery, fragmented file recovery, searching for particular files, links, checkpoints, snapshots, and RAID Issues facing file system forensics today and various issues that might evolve in the field in the coming years
This book is organised in five distinct parts. Part I provides the preliminaries that all digital forensic experts require. Parts II–IV provide the technical meat of the title. These parts focus on the common file systems for each of the most popular operating systems (Windows, Linux and macOS). Part V discusses the future of file system forensics and what new (and some old) challenges are ahead for the discipline.
Part I, Preliminaries, begins with an introduction to digital forensics in general and discusses some of the principles that govern the area. This chapter also introduces the reader to digital forensic methodologies and how they are used to streamline investigation. Chapter 2 describes the Linux operating system and how it can be used for file system forensics. Throughout the remainder of the text the examples will be given using the Linux command line, but there is no requirement for readers to follow this. Chapter 2 provides an introduction to Linux for those that wish to use it going forward. For those who do not intend to use (or already use) it, this chapter can be skipped. Chapter 3 discusses the topic of information representation. Computers are capable of processing and storing only binary data (ones and zeros). How these ones and zeros are interpreted as meaningful information is of vital importance. This chapter shows how numbers, text and time are represented in computing systems and how we interpret the raw hex data that we will encounter during file system forensics. The final chapter in this part introduces the reader to disk storage, partitions and file systems...
File System Forensics is an essential, up-to-date reference on the subject for graduate and senior undergraduate students in digital forensics, as well as digital forensic analysts and other law enforcement professionals.
Preface Acknowledgements Part I: Preliminaries Part II: Windows File Systems Part III: Linux File Systems Part IV: Apple File Systems Part V: The Future Index
Навигация
Вход на сайт
Реклама
File System Forensics 
