CHAPTER        5


In this chapter, we begin by addressing the aftermath of a security incident and follow this to the problem of file storage. Specifically, we examine the following:

•  Phase six of the security process: recovering from an attack

•  Fundamentals of evidence collection and preservation

•  Basics of hard drives and other large-capacity devices

•  Hard drive formatting

•  File storage on hard drives, flash drives, and other devices

•  Features of major file systems used in operating systems and for removable storage

5.1 Phase Six: Recovery

The sixth and last phase of our security process is to Recover from an Attack. Consider the following:

Bob and Tina occasionally use a USB drive to copy their ...

Get Elementary Information Security now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.