Today, our information- and knowledge-based economy generates vast amounts of data that is at some point saved to storage devices, such as hard drives or solid-state drives or chips, or portable devices like USB sticks. Still and video cameras also contain cards to store images. Understanding how all of these devices are formatted and how to get data from them is critical to a forensic investigator. Both law enforcement and corporate investigators need to understand the value and techniques of searching for evidence of crime or intrusions on computer systems.
Designed for people with entry- to intermediate-level knowledge of computer systems and data storage systems, this course benefits those without much practical experience in regard to digital forensics and includes instruction and demonstrations. In it, you’ll see how to use SleuthKit, an open source collection of command-line tools and a C library with which you can analyze disk images. You’ll learn about the main file storage architectures such as File Allocation Table (FAT), NT File System (NTFS), and ext2/3. You’ll learn how to conduct basic forensic procedures to extract valuable information that could be crucial in uncovering illegal activities or revealing whether a device has been the target of an attack.
Table of contents
- File Systems
- What Is The Sleuth Kit?
- Getting Image Information
- Partition Analysis With mmls
- Volume Analysis With mmstat
- File System Analysis with fsstat (NTFS)
- File System Analysis With fsstate (EXT)
- Directory Listings With fls
- Metadata Analysis With ils
- Block Analysis With blkstat
- Getting A Timeline
- Slack Space
- Converting Disk Images
- Importing To Autopsy
- Browsing In Autopsy
- Disk Analysis With Commercial Tools
- Data Extraction
- Title: Forensic Analysis of Disk-based Evidence
- Release date: December 2017
- Publisher(s): O'Reilly Media, Inc.
- ISBN: 9781492029113
You might also like
Capture and Analysis of Network-based Evidence
In our globally connected and online world today, massive amounts of data flow across countless networks. …
Forensic Analysis of Computer Memory
Our connected world today generates unimaginable volumes of data, and sometimes that information can be the …
Investigation of Hidden Data in Digital Files
Digital files store a lot of information beyond the data that makes up the primary file …
Scene of the Cybercrime: Computer Forensics Handbook
"Cybercrime and cyber-terrorism represent a serious challenge to society as a whole." - Hans Christian Krüger, …