Mon premier blog

File System Forensic Analysis Brian Carrier
Publisher: Addison-Wesley Professional

Most digital forensics evidence is stored within the computer's file system, but working with file systems is the most technically challenging aspect of forensic analysis. This new file system is proprietary and requires licensing from Microsoft and little has been published about. File system tunneling is a somewhat obscure feature of Windows that some examiners may not be familiar with. Computer Forensics, Computer Forensics and Forensic Science, Internet Forensic,Computer Crime Scene Investigaions,File System Forensic Analysis. I have recently seen a few listserv messages regarding determining when the Operating System was installed. The author of the " Sleuth Kit " is Brian Carrier which happens to also be the author of a wonderful book called "File System Forensic Analysis" that is a must read for any serious file system analyst. The $UsnJrnl file contains a wealth of information about file system activity which can provide more context about what occurred on a system. Since activity was discovered towards the database server, it would be very interesting to execute a more in-depth investigation towards the database and it's files. Finally, we will cover the emerging intersection of digital forensics and traditional security, specifically mobile app security and continuous forensic monitoring of key systems. This post focuses on the two common sources of date/times that can be somewhat misleading. Fundamentals of Modern Operating Systems Introduction & Forensics Investigations Handbook of Digital Forensics and Investigation, by Eoghan Casey, Elsevier Academic Press. As forensic analysts, we are providing someone with our account of a real person's actions and events. We published a Technical-Report with id CS-2011-06 (ISSN 2191-5008) named Reverse Engineering of the Android File System (YAFFS2) today. We are telling people through our discoveries what someone did or didn't do on a particular system. Backup files are provided from the “custodian”. Memory dump; Page or Swap File; Running Process Information; Network data such as listening ports or existing connections to other systems; System Registry (if applicable); System and Application logfiles (IIS log files, event logs etc.) Database Forensics. With modules for file system analysis, e-mail, keyword search, registry, and bookmarking, Forensic Explorer has the essentials.