did-you-know? rent-now

Amazon no longer offers textbook rentals. We do!

did-you-know? rent-now

Amazon no longer offers textbook rentals. We do!

We're the #1 textbook rental company. Let us show you why.

9780321268174

File System Forensic Analysis

by
  • ISBN13:

    9780321268174

  • ISBN10:

    0321268172

  • Edition: 1st
  • Format: Paperback
  • Copyright: 2005-03-17
  • Publisher: Addison-Wesley Professional

Note: Supplemental materials are not guaranteed with Rental or Used book purchases.

Purchase Benefits

  • Free Shipping Icon Free Shipping On Orders Over $35!
    Your order must be $35 or more to qualify for free economy shipping. Bulk sales, PO's, Marketplace items, eBooks and apparel do not qualify for this offer.
  • eCampus.com Logo Get Rewarded for Ordering Your Textbooks! Enroll Now
  • Write a Review Icon Write a Review
  • Complimentary 7-Day eTextbook Access - Read more
    When you rent or buy this book, you will receive complimentary 7-day online access to the eTextbook version from your PC, Mac, tablet, or smartphone. Feature not included on Marketplace Items.
List Price: $84.99 Save up to $22.00
  • Digital
    $62.99
    Add to Cart

    DURATION
    PRICE

Supplemental Materials

What is included with this book?

Summary

Moves beyond the basics and shows how to use tools to recover and analyse forensic evidence.

Author Biography

Brian Carrier has authored several leading computer forensic tools, including The Sleuth Kit (formerly The @stake Sleuth Kit) and the Autopsy Forensic Browser. He has authored several peer-reviewed conference and journal papers and has created publicly available testing images for forensic tools. Currently pursuing a Ph.D. in Computer Science and Digital Forensics at Purdue University, he is also a research assistant at the Center for Education and Research in Information Assurance and Security (CERIAS) there. He formerly served as a research scientist at @stake and as the lead for the @stake Response Team and Digital Forensic Labs. Carrier has taught forensics, incident response, and file systems at SANS, FIRST, the @stake Academy, and SEARCH.

Brian Carrier's http://www.digital-evidence.org contains book updates and up-to-date URLs from the book's references.


© Copyright Pearson Education. All rights reserved.

Table of Contents

Foreword xiii
Preface xv
Acknowledgments xix
Part I Foundations
Digital Investigation Foundations
3(14)
Digital Investigations and Evidence
3(2)
Digital Crime Scene Investigation Process
5(5)
Data Analysis
10(3)
Overview of Toolkits
13(2)
Summary
15(1)
Bibliography
16(1)
Computer Foundations
17(30)
Data Organization
17(10)
Booting Process
27(2)
Hard Disk Technology
29(15)
Summary
44(1)
Bibliography
45(2)
Hard Disk Data Acquisition
47(22)
Introduction
47(2)
Reading the Source Data
49(7)
Writing the Output Data
56(4)
A Case Study Using dd
60(6)
Summary
66(1)
Bibliography
66(3)
Part II Volume Analysis
Volume Analysis
69(12)
Introduction
69(1)
Background
70(5)
Analysis Basics
75(5)
Summary
80(1)
PC-based Partitions
81(30)
DOS Partitions
81(19)
Analysis Considerations
100(1)
Apple Partitions
101(6)
Removable Media
107(2)
Bibliography
109(2)
Server-based Partitions
111(36)
BSD Partitions
111(16)
Sun Solaris Slices
127(12)
GPT Partitions
139(6)
Summary
145(1)
Bibliography
145(2)
Multiple Disk Volumes
147(26)
Raid
147(9)
Disk Spanning
156(14)
Bibliography
170(3)
Part III File System Analysis
File System Analysis
173(38)
What Is a File System?
173(4)
File System Category
177(1)
Content Category
178(8)
Metadata Category
186(12)
File Name Category
198(7)
Application Category
205(1)
Application-level Search Techniques
206(1)
Specific File Systems
207(1)
Summary
208(1)
Bibliography
209(2)
FAT Concepts and Analysis
211(42)
Introduction
211(2)
File System Category
213(8)
Content Category
221(6)
Metadata Category
227(12)
File Name Category
239(5)
The Big Picture
244(3)
Other Topics
247(3)
Summary
250(1)
Bibliography
251(2)
FAT Data Structures
253(20)
Boot Sector
253(6)
FAT32 FSINFO
259(1)
FAT
260(1)
Directory Entries
261(6)
Long File Name Directory Entries
267(4)
Summary
271(1)
Bibliography
271(2)
NTFS Concepts
273(28)
Introduction
273(1)
Everything is a File
274(1)
MFT Concepts
274(5)
MFT Entry Attribute Concepts
279(5)
Other Attribute Concepts
284(6)
Indexes
290(6)
Analysis Tools
296(1)
Summary
297(1)
Bibliography
297(4)
NTFS Analysis
301(50)
File System Category
301(10)
Content Category
311(5)
Metadata Category
316(17)
File Name Category
333(6)
Application Category
339(5)
The Big Picture
344(4)
Other Topics
348(1)
Summary
349(1)
Bibliography
350(1)
NTFS Data Structures
351(46)
Basic Concepts
351(8)
Standard File Attributes
359(10)
Index Attributes and Data Structures
369(9)
File System Metadata Files
378(17)
Summary
395(1)
Bibliography
396(1)
Ext2 and Ext3 Concepts and Analysis
397(52)
Introduction
397(2)
File System Category
399(9)
Content Category
408(4)
Metadata Category
412(11)
File Name Category
423(14)
Application Category
437(4)
The Big Picture
441(4)
Other Topics
445(2)
Summary
447(1)
Bibliography
447(2)
Ext2 and Ext3 Data Structures
449(30)
Superblock
449(6)
Group Descriptor Tables
455(1)
Block Bitmap
456(1)
Inodes
457(5)
Extended Attributes
462(5)
Directory Entry
467(3)
Symbolic Link
470(1)
Hash Trees
470(2)
Journal Data Structures
472(6)
Summary
478(1)
Bibliography
478(1)
UFS1 and UFS2 Concepts and Analysis
479(30)
Introduction
479(2)
File System Category
481(7)
Content Category
488(4)
Metadata Category
492(5)
File Name Category
497(3)
The Big Picture
500(4)
Other Topics
504(2)
Summary
506(1)
Bibliography
506(3)
UFS1 and UFS2 Data Structures
509(28)
UFS1 Superblock
509(6)
UFS2 Superblock
515(5)
Cylinder Group Summary
520(1)
UFS1 Group Descriptor
521(3)
UFS2 Group Descriptor
524(1)
Block and Fragment Bitmaps
525(2)
UFS1 Inodes
527(3)
UFS2 Inodes
530(2)
UFS2 Extended Attributes
532(2)
Directory Entries
534(2)
Summary
536(1)
Bibliography
536(1)
Appendix A The Sleuth Kit and Autopsy
537(10)
The Sleuth Kit
537(7)
Autopsy
544(1)
Bibliography
545(2)
Index 547

Supplemental Materials

What is included with this book?

The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.

The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.

Excerpts

Foreword Foreword Computer forensics is a relatively new field, and over the years it has been called many things: "computer forensics," "digital forensics," and "media analysis" to name a few. It has only been in the past few years that we have begun to recognize that all of our digital devices leave digital breadcrumbs and that these breadcrumbs are valuable evidence in a wide range of inquiries. While criminal justice professionals were some of the first to take an interest in this digital evidence, the intelligence, information security, and civil law fields have enthusiastically adopted this new source of information. Digital forensics has joined the mainstream. In 2003, the American Society of Crime Laboratory Directors-Laboratory Accreditation Board (ASCLD-LAB) recognized digital evidence as a full-fledged forensic discipline. Along with this acceptance came increased interest in training and education in this field. The Computer Forensic Educator's Working Group (now known as the Digital Forensic Working Group) was formed to assist educators in developing programs in this field. There are now over three-dozen colleges and universities that have, or are, developing programs in this field. More join their ranks each month. I have had the pleasure of working with many law enforcement agencies, training organizations, colleges, and universities to develop digital forensic programs. One of first questions that I am asked is if I can recommend a good textbook for their course or courses. There have been many books written about this field. Most take a targeted approach to a particular investigative approach, such as incident response or criminal investigation. Some tend to be how-to manuals for specific tools. It has been hard to find a book that provides a solid technical and process foundation for the field...That is, until now. This book is the foundational book for file system analysis. It is thorough, complete, and well organized.Brian Carrier has done what needed to be done for this field. This book provides a solid understanding of both the structures that make up different file systems and how these structures work. Carrier has written this book in such a way that the reader can use what they know about one file system to learn another. This book will be invaluable as a textbook and as a reference and needs to be on the shelf of every digital forensic practitioner and educator. It will also provide accessible reading for those who want to understand subjects such as data recovery. When I was first approached about writing this Foreword, I was excited! I have know Brian Carrier for a number of years and I have always been impressed with his wonderful balance of incredible technical expertise and his ability to clearly explain not just what he knows but, more importantly, what you need to know. Brian's work on Autopsy and The Sleuth Kit (TSK) has demonstrated his command of this field--his name is a household name in the digital forensic community. I have been privileged to work with Brian in his current role at Purdue University, and he is helping to do for the academic community what he did for the commercial sector: He set a high standard. So, it is without reservation that I recommend this book to you. It will provide you with a solid foundation in digital media. Mark M. Pollitt Former Director of the FBI's Regional Computer Forensic Laboratory Program Copyright Pearson Education. All rights reserved.

Rewards Program