File System Forensic Analysis

File System Forensic Analysis
by Brian Carrier

File System Forensic Analysis
List Price: $69.99
Our Price: $36.12
You Save: $33.87 (48%)
Availability: Usually ships in 24 hours
Buy Used: from $19.99 (click here)
Category: Book
See more book details and other editions


or
Compare Prices for File System Forensic Analysis

Book Summary Information

Author: Brian Carrier
Edition: Paperback
Audio: English (Unknown); English (Original Language); English (Published)
Published: 2005-03-27
ISBN: 0321268172
Number of pages: 600
Publisher: Addison-Wesley Professional

Book Reviews of File System Forensic Analysis

Book Review: excellent coverage of the area, high quality writing
Summary: 5 Stars

It's easy to think that computer filesystems are relatively simple things. After all, if 'dir' or 'ls' don't show what you're looking for, maybe an undelete program will work. Or will it? To be a decent, trustworthy expert in forensics (a requirement if you plan to participate in any criminal investigations), you'll have to learn how filesystems really operate, how tools like undelete and lazarus work, and how they can be defeated.

Carrier's book isn't a legal book at all, and it doesn't pretend to offer much insight into the law surrounding forensics. Instead it focuses on technical matters, and is sure to be the gold standard in its field. This is important, because it comes at you expecting you to have some knowledge, even if only informal, of what a filesystem contains. With a basic understanding of data structures, you'll get a wealth of information out of this book, and it will be a good reference long after you've first studied it.

File System Forensic Analysis is divided into three sections. These are arranged in the order that you'll want to study them to maximize the benefit you can hope to achieve, namely an understanding of how to examine filesystems for hidden or previously stored data. The first three chapters cover a fundamental series of topics: Digital Investigation Foundations, Computer Foundations, and an introduction to Hard Disk Data Acquisition. While they start at a basic level (e.g. what hexadecimal is), they quickly progress to more developed topics, such as the types of interfaces (SATA, SCSI, IDE), the relationship of the disk to the computer system as a whole, and how data is stored in a file and filesystem at a basic level. A lot of examples given use Linux, due to the raw, accessible nature of UNIX and UNIX-like systems, and the availability of tools like 'dd' to gather data.

Part 2 covers "Volume Analysis," or the organization of files into a storage system. This introduces the basics of things like partition tables (including how to read one). The next few chapters cover PC-based partitions (DOS and Apple), server-based partitions (BSD, Solaris and GPT partitions), and then multiple disk volumes like RAID and logical volumes. With this introduction, the final chapter of the section covers how to use these filesystem descriptions in practice to look for data during analysis. Filesystem layouts, organization, and things like journals and consistency checks are covered with a clarity and exactness that's refreshing for such a detailed topic.

Having covered the basics of filesystems, Part 3 covers the bulk of the book and material. Several chapters follow that specifically show you how to analyze particular filesystems by using their data structures to direct your reads. A range of filesystems are covered, including FAT, NTFS, EXT2 and EXT3, and the BSD types UFS1 and UFS2. Each filesystem has two chapters, one devoted to concepts and analysis, another entirely about data structures. Dividing each filesystem type like this lets Carrier focus first on the theory of each filesystem and its design, and then the practical use of its design to actually understand how to pull data off of it.

The real strength of File System Forensic Analysis lies in Carrier's direct and clear descriptions of the concepts, the completeness of his coverage, and the detail he provides. For example, a number of clear, well-ordered and simple diagrams are peppered throughout the book, explaining everything from allocation algorithms to NTFS alternative data streams. This use of simple diagrams makes the topics more easily understood, so the book's full value can be appreciated. This is the kind of thing that sets a book apart from its peers and makes it a valuable resource for a long time.

Finally, Carrier brings it all together and shows us how many aspects of filesystems can be examined using his "sleuth kit" tools, freely available and easy to use. Without appearing to hawk this tool at the expense of other valuable resources, you get to see how simple and direct filesystem manipulations can be done using a direct approach. This kind of presentation is what makes File System Forensic Analysis a great foundation.

Overall I'm pleased with File System Forensic Analysis, I think that Carrier has achieved what few technical authors do, namely a clear explanation of highly technical topics which retains a level of detail that makes it valuable for the long term. For anyone looking seriously at electronic forensics, this is a must have. I suspect people who are working on filesystem implementations will also want to study it for its practical information about NTFS. Overall, a great technical resource.
Write your own review
More File System Forensic Analysis reviews:
1 2 3 4 5 6

Summary of File System Forensic Analysis

This is an advanced cookbook and reference guide for digital forensic practitioners. File System Forensic Analysis focuses on the file system and disk. The file system of a computer is where most files are stored and where most evidence is found; it also the most technically challenging part of forensic analysis. This book offers an overview and detailed knowledge of the file system and disc layout. The overview will allow an investigator to more easily find evidence, recover deleted data, and validate his tools. The cookbook section will show how to use the many open source tools for analysis, many of which Brian Carrier has developed himself.

Privacy Books
Book Subjects
Most talked about in Privacy Books
Cryptography Decrypted ImageCryptography Decrypted
by H. X. Mel, Doris M. Baker
Addison-Wesley Professional; Published: 2000-12-31; Paperback; Book
Best price: $30.00
Price in other shops: $54.99
The Law of Copyright and the Internet: The 1996 WIPO Treaties, Their Interpretation and Implementation ImageThe Law of Copyright and the Internet: The 1996 WIPO Treaties, Their Interpretation and Implementation
by Mihï¿1/2ly Ficsor
Oxford University Press, USA; Published: 2002-05-16; Hardcover; Book
Best price: $157.11
Price in other shops: $510.00
Network Security for Government and Corporate Executives ImageNetwork Security for Government and Corporate Executives
by Rand Morimoto, Chris Amaris, Andrew Abbate, Mark Weinhardt
Prentice Hall; Published: 2006-10-01; Paperback; Book
Best price: $70.00
Price in other shops: $73.33
Myspace: Safe Online Networking for Your Kids ImageMyspace: Safe Online Networking for Your Kids
by Larry Magid, Anne Collier
Prentice Hall; Published: 2006-12-07; Paperback; Book
Using Set for Secure Electronic Commerce with CDROM ImageUsing Set for Secure Electronic Commerce with CDROM
by Grady Drew
Prentice Hall PTR; Published: 1998-11-30; Paperback; Book
Best price: $3.80
Price in other shops: $44.99
Network Security: Private Communication in a Public World (2nd Edition) ImageNetwork Security: Private Communication in a Public World (2nd Edition)
by Charlie Kaufman, Radia Perlman, Mike Speciner
Prentice Hall; Published: 2002-05-02; Hardcover; Book
Best price: $54.99
Price in other shops: $84.99
Windows Internet Security: Protecting Your Critical Data ImageWindows Internet Security: Protecting Your Critical Data
by Seth Fogie, Cyrus Peikari
Prentice Hall; Published: 2001-10-07; Paperback; Book
Best price: $6.99
Price in other shops: $39.99
Administrating Web Servers, Security, & Maintenance Interactive Workbook ImageAdministrating Web Servers, Security, & Maintenance Interactive Workbook
by Eric Larson, Brian Stephens
Prentice Hall; Published: 2000-01-09; Paperback; Book
Best price: $12.99
Price in other shops: $65.32
Keeping Found Things Found: The Study and Practice of Personal Information Management (Interactive Technologies) ImageKeeping Found Things Found: The Study and Practice of Personal Information Management (Interactive Technologies)
by William Jones
Morgan Kaufmann; Published: 2007-11-15; Paperback; Book
Best price: $34.00
Price in other shops: $57.95
Upgrade Your Life: The Lifehacker Guide to Working Smarter, Faster, Better ImageUpgrade Your Life: The Lifehacker Guide to Working Smarter, Faster, Better
by Gina Trapani
Wiley; Published: 2008-03-17; Paperback; Book
Best price: $5.99
Price in other shops: $29.99
Similar Books and other products
Digital Evidence and Computer Crime, Third Edition: Forensic Science, Computers, and the Internet ImageDigital Evidence and Computer Crime, Third Edition: Forensic Science, Computers, and the Internet
by Eoghan Casey BS MA
Academic Press; Published: 2011-05-04; Hardcover; Book
Best price: $29.01
Price in other shops: $69.95
Computer Forensics: Hard Disk and Operating Systems (Ec-Council Press Series : Computer Forensics) ImageComputer Forensics: Hard Disk and Operating Systems (Ec-Council Press Series : Computer Forensics)
by EC-Council
Course Technology; Published: 2009-09-17; Paperback; Book
Best price: $34.60
Price in other shops: $64.95
Incident Response and Computer Forensics, Second Edition ImageIncident Response and Computer Forensics, Second Edition
by Chris Prosise, Kevin Mandia, Matt Pepe
McGraw-Hill/Osborne; Published: 2003-07-17; Paperback; Book
Best price: $24.49
Price in other shops: $52.99
Guide to Computer Forensics and Investigations ImageGuide to Computer Forensics and Investigations
by Bill Nelson, Amelia Phillips, Christopher Steuart
Course Technology; Published: 2009-09-28; Paperback; Book
Best price: $70.11
Price in other shops: $129.95
EnCase Computer Forensics, includes DVD: The Official EnCE: EnCase Certified Examiner Study Guide ImageEnCase Computer Forensics, includes DVD: The Official EnCE: EnCase Certified Examiner Study Guide
by Steve Bunting
Sybex; Published: 2007-12-05; Paperback; Book
Best price: $37.18
Price in other shops: $69.99
Handbook of Digital Forensics and Investigation ImageHandbook of Digital Forensics and Investigation
by Eoghan Casey
Academic Press; Published: 2009-11-09; Paperback; Book
Best price: $35.20
Price in other shops: $51.95
Real Digital Forensics: Computer Security and Incident Response ImageReal Digital Forensics: Computer Security and Incident Response
by Keith J. Jones, Richard Bejtlich, Curtis W. Rose
Addison-Wesley Professional; Published: 2005-10-03; Paperback; Book
Best price: $37.27
Price in other shops: $69.99
Windows Registry Forensics: Advanced Digital Forensic Analysis of the Windows Registry ImageWindows Registry Forensics: Advanced Digital Forensic Analysis of the Windows Registry
by Harlan Carvey
Syngress; Published: 2011-02-07; Paperback; Book
Best price: $31.57
Price in other shops: $69.95
Digital Forensics with Open Source Tools ImageDigital Forensics with Open Source Tools
by Cory Altheide, Harlan Carvey
Syngress; Published: 2011-04-28; Paperback; Book
Best price: $35.34
Price in other shops: $59.95
Windows Forensic Analysis DVD Toolkit, Second Edition ImageWindows Forensic Analysis DVD Toolkit, Second Edition
by Harlan Carvey
Syngress; Published: 2009-06-11; Paperback; Book
Best price: $46.73
Price in other shops: $69.95
DVD Video | VHS Video | Music CDs | Health and Personal Care | Digital Cameras and Photo | Kitchen and Housewares | Tools and Hardware | Sports Equipment | Dresses shirts shoes apparel pants
Copyright © 2005-2007 booknear.com
Google
 
Web booknear.com

Booknear.com