Risks of live digital forensic analysis
Communications of the ACM - Next-generation cyber forensics
Live forensics: diagnosing your system without killing it first
Communications of the ACM - Next-generation cyber forensics
A computer forensics minor curriculum proposal
Journal of Computing Sciences in Colleges
Threats to privacy in the forensic analysis of database systems
Proceedings of the 2007 ACM SIGMOD international conference on Management of data
A methodology for the repeatable forensic analysis of encrypted drives
Proceedings of the 1st European Workshop on System Security
Timestamp evidence correlation by model based clock hypothesis testing
Proceedings of the 1st international conference on Forensic applications and techniques in telecommunications, information, and multimedia and workshop
Proceedings of the 1st international conference on Forensic applications and techniques in telecommunications, information, and multimedia and workshop
High speed search for large-scale digital forensic investigation
Proceedings of the 1st international conference on Forensic applications and techniques in telecommunications, information, and multimedia and workshop
A program behavior matching architecture for probabilistic file system forensics
ACM SIGOPS Operating Systems Review
Computer forensics in forensis
ACM SIGOPS Operating Systems Review
Forensic Artifacts of Microsoft Windows Vista System
PAISI, PACCF and SOCO '08 Proceedings of the IEEE ISI 2008 PAISI, PACCF, and SOCO international workshops on Intelligence and Security Informatics
Windows® Directory Entries for 8.3 Names in VFAT File Systems
Journal of Digital Forensic Practice
XFT: a forensic toolkit for the original Xbox game console
International Journal of Electronic Security and Digital Forensics
A Swedish IT forensics course – expert opinions
International Journal of Electronic Security and Digital Forensics
Customized file systems: an investigator's approach
Proceedings of the 46th Annual Southeast Regional Conference on XX
A File Carving Algorithm for Digital Forensics
ICCSA '09 Proceedings of the International Conference on Computational Science and Its Applications: Part I
Evaluating Data Handling Performance of ISSEI Data Management Method
Proceedings of the 2009 conference on New Trends in Software Methodologies, Tools and Techniques: Proceedings of the Eighth SoMeT_09
Effective whitelisting for filesystem forensics
ISI'09 Proceedings of the 2009 IEEE international conference on Intelligence and security informatics
Hiding in a virtual world: using unconventionally installed operating systems
ISI'09 Proceedings of the 2009 IEEE international conference on Intelligence and security informatics
SMC'09 Proceedings of the 2009 IEEE international conference on Systems, Man and Cybernetics
Making sense of unstructured flash-memory dumps
Proceedings of the 2010 ACM Symposium on Applied Computing
Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research
A Study of Building a Database System based on ISSEI Data Management Method
Proceedings of the 2010 conference on New Trends in Software Methodologies, Tools and Techniques: Proceedings of the 9th SoMeT_10
A file-system-aware FTL design for flash-memory storage systems
Proceedings of the Conference on Design, Automation and Test in Europe
Computer forensics curriculum in security education
2009 Information Security Curriculum Development Conference
A driver-layer caching policy for removable storage devices
ACM Transactions on Storage (TOS)
Time based data forensic and cross-reference analysis
Proceedings of the 2011 ACM Symposium on Applied Computing
Floguard: cost-aware systemwide intrusion defense via online forensics and on-demand IDS deployment
SAFECOMP'11 Proceedings of the 30th international conference on Computer safety, reliability, and security
Social snapshots: digital forensics for online social networks
Proceedings of the 27th Annual Computer Security Applications Conference
A caching-oriented management design for the performance enhancement of solid-state drives
ACM Transactions on Storage (TOS)
Using the structure of B+-trees for enhancing logging mechanisms of databases
Proceedings of the 13th International Conference on Information Integration and Web-based Applications and Services
Vis: virtualization enhanced live acquisition for native system
Proceedings of the Second Asia-Pacific Workshop on Systems
An adaptive file-system-oriented FTL mechanism for flash-memory storage systems
ACM Transactions on Embedded Computing Systems (TECS)
Detecting hidden encrypted volumes
CMS'10 Proceedings of the 11th IFIP TC 6/TC 11 international conference on Communications and Multimedia Security
Windows Vista and digital investigations
Digital Investigation: The International Journal of Digital Forensics & Incident Response
FACE: Automated digital evidence discovery and correlation
Digital Investigation: The International Journal of Digital Forensics & Incident Response
Different interpretations of ISO9660 file systems
Digital Investigation: The International Journal of Digital Forensics & Incident Response
Digital Investigation: The International Journal of Digital Forensics & Incident Response
On metadata context in Database Forensics
Digital Investigation: The International Journal of Digital Forensics & Incident Response
Analysis of changes in file time attributes with file manipulation
Digital Investigation: The International Journal of Digital Forensics & Incident Response
Forensic investigation of Microsoft PowerPoint files
Digital Investigation: The International Journal of Digital Forensics & Incident Response
Forensic analysis of GPT disks and GUID partition tables
Digital Investigation: The International Journal of Digital Forensics & Incident Response
Digital forensic implications of ZFS
Digital Investigation: The International Journal of Digital Forensics & Incident Response
Teleporter: An analytically and forensically sound duplicate transfer system
Digital Investigation: The International Journal of Digital Forensics & Incident Response
DEX: Digital evidence provenance supporting reproducibility and comparison
Digital Investigation: The International Journal of Digital Forensics & Incident Response
Computer forensic timeline visualization tool
Digital Investigation: The International Journal of Digital Forensics & Incident Response
A system for the proactive, continuous, and efficient collection of digital forensic evidence
Digital Investigation: The International Journal of Digital Forensics & Incident Response
Digital Investigation: The International Journal of Digital Forensics & Incident Response
Data hiding in the NTFS file system
Digital Investigation: The International Journal of Digital Forensics & Incident Response
Digital Investigation: The International Journal of Digital Forensics & Incident Response
Digital Investigation: The International Journal of Digital Forensics & Incident Response
Volume analysis of disk spanning logical volumes
Digital Investigation: The International Journal of Digital Forensics & Incident Response
Classification and Recovery of Fragmented Multimedia Files using the File Carving Approach
International Journal of Mobile Computing and Multimedia Communications
Damaged backup data recovery method for Windows mobile
The Journal of Supercomputing
Test-driven forensic analysis of satellite automotive navigation systems
Journal of Intelligent Manufacturing
Hi-index | 0.00 |
The Definitive Guide to File System Analysis: Key Concepts and Hands-on TechniquesMost digital evidence is stored within the computer's file system, but understanding how file systems work is one of the most technically challenging concepts for a digital investigator because there exists little documentation. Now, security expert Brian Carrier has written the definitive reference for everyone who wants to understand and be able to testify about how file system analysis is performed.Carrier begins with an overview of investigation and computer foundations and then gives an authoritative, comprehensive, and illustrated overview of contemporary volume and file systems: Crucial information for discovering hidden evidence, recovering deleted data, and validating your tools. Along the way, he describes data structures, analyzes example disk images, provides advanced investigation scenarios, and uses today's most valuable open source file system analysis tools-including tools he personally developed. Coverage includes Preserving the digital crime scene and duplicating hard disks for "dead analysis" Identifying hidden data on a disk's Host Protected Area (HPA) Reading source data: Direct versus BIOS access, dead versus live acquisition, error handling, and more Analyzing DOS, Apple, and GPT partitions; BSD disk labels; and Sun Volume Table of Contents using key concepts, data structures, and specific techniques Analyzing the contents of multiple disk volumes, such as RAID and disk spanning Analyzing FAT, NTFS, Ext2, Ext3, UFS1, and UFS2 file systems using key concepts, data structures, and specific techniques Finding evidence: File metadata, recovery of deleted files, data hiding locations, and more Using The Sleuth Kit (TSK), Autopsy Forensic Browser, and related open source toolsWhen it comes to file system analysis, no other book offers this much detail or expertise. Whether you're a digital forensics specialist, incident response team member, law enforcement officer, corporate security specialist, or auditor, this book will become an indispensable resource for forensic investigations, no matter what analysis tools you use.Brian Carrier has authored several leading computer forensic tools, including The Sleuth Kit (formerly The @stake Sleuth Kit) and the Autopsy Forensic Browser. He has authored several peer-reviewed conference and journal papers and has created publicly available testing images for forensic tools. Currently pursuing a Ph.D. in Computer Science and Digital Forensics at Purdue University, he is also a research assistant at the Center for Education and Research in Information Assurance and Security (CERIAS) there. He formerly served as a research scientist at @stake and as the lead for the @stake Response Team and Digital Forensic Labs. Carrier has taught forensics, incident response, and file systems at SANS, FIRST, the @stake Academy, and SEARCH.Brian Carrier's http://www.digital-evidence.org contains book updates and up-to-date URLs from the book's references.© Copyright Pearson Education. All rights reserved.