Forensic Examination of Windows-Supported File Systems

Title:      Forensic Examination of Windows-Supported File Systems
Categories:      DFIR
BookID:      103
Authors:      Doug Elrick
ISBN-10(13):      1497358353
Publisher:      CreateSpace Independent Publishing Platform
Publication date:      2014-04-07
Edition:      1
Number of pages:      392
Language:      Not specified
Price:      81.00 USD
Rating:      0  
Picture:      cover           Button Buy now Buy now
Description:      Product Description
Understanding the underlying system of how files are stored, what happens when they are deleted, and how to potentially recover them is essential to the digital forensic examiner. Today’s computer forensic tools automate the process of file recovery, but understanding what those tools are accomplishing and knowing whether they are providing accurate results requires an understanding of the information provided in this text. The FAT and NTFS file systems are the most commonly utilized information storage methods and while there are many other methods available, concentrating on these two lays the foundation for learning the others in the future. A brief introduction of ExFAT is included, as it is a relatively new file system used with larger flash drives. Forensic Examination of Windows-Supported File Systems will provide the basis for this knowledge and the practical expertise to begin the journey of becoming a digital forensic scientist.


Please past text to modal