File System Forensic Analysis Brian Carrier
Publisher: Addison-Wesley Professional
Made a quick reference guide to DOS/GPT partitioning schemes for my File System Forensics Class. This article dealt primarily with what we term system or file system forensics. It is not the intent of this blog post to be an all-encompassing guide to the forensic analysis of an iPhone. One of my peers recently wrote an article providing a good introductory explanation of computer forensics in his review of a SANS course. I have recently seen a few listserv messages regarding determining when the Operating System was installed. At the time of choosing what to do, I was enrolled in another class focusing on file system forensics and we were doing in depth analysis of the FAT file system. Most digital evidence is stored within the computer's file system, but understanding how file systems work is one of the most technically challenging concepts for a digital investigator because there exists little documentation. The most famous ways are data encryption and steganography. Rather it is a look at some of the tools I use in my practice and how they can be applied to iPhone forensic analysis. File System Forensic Analysis This is an advanced cookbook and reference guide for digital forensic professionals. This post focuses on the two common sources of date/times that can be somewhat misleading. File system, in addition, can also be used to hide data.