Mon premier blog

File System Forensic Analysis Brian Carrier
Publisher: Addison-Wesley Professional

I'm writing this article for two main reasons. Attackers will use anti-forensic techniques to hide their tracks. Reading Brian Carrier's book "File System Forensic Analysis" [1] is essential for understanding the structures of the NTFS filesystem and this resource was heavily used in the making of this plugin. File System Forensic Analysis This is an advanced cookbook and reference guide for digital forensic professionals. First, I've got an anti-forensics class to teach, so I have to learn it anyway. Incident Responders and Digital Forensic Investigators must master a variety of operating systems, investigative techniques, incident response tactics, and even legal issues in order to combat challenging intrusion cases across the enterprise. They use rootkits, file wiping, timestamp adjustments, privacy cleaners, and complex malware to hide in plain sight and avoid detection by standard host-based security measures. Memory dump; Page or Swap File; Running Process Information; Network data such as listening ports or existing connections to other systems; System Registry (if applicable); System and Application logfiles (IIS log files, event logs etc.) Database Forensics. File System Forensic Analysis : Let's create a directory in our /root (the root user's home) directory called /root/ntfs_pract/ and place the file in there. Back when I was first figuring out how to acquire the Samsung Galaxy Camera, I did a file system dump using Cellebrite's UFED Logical. Forensically interesting spots in the Windows 7, Vista and XP file system and registry. Since activity was discovered towards the database server, it would be very interesting to execute a more in-depth investigation towards the database and it's files. Sorry if this is in the wrong place but I have tried to find articles about this topic but they all seem to be dead discussions or not directly related. Many of yours (WFA/Registry/Open Source-you and Altheide), Handbook of Digital Forensics and Investigation (Casey), Iphone and iOS Forensics / Android Forensics (Hoog), File System Forensic Analysis (carrier) etc.