Mon premier blog

File System Forensic Analysis Brian Carrier
Publisher: Addison-Wesley Professional

The most interesting files are: ~/.local/share/ gvfs-metadata/home: I don't think the TBB can really do anything to make a system forensics proof against somebody who has physical possession of the machine. Friday, 15 March 2013 at 18:20. I feel that I have been doing more “malware analysis” lately, and not enough “traditional forensics”, so I wanted to also take a look at this sample via the file system. Using hashdeep, I compared the hashes from the tainted virtual machine against the hashes from the clean virtual machine: 68 files had a hash that did not match any of the hashes in the clean set. File System Forensic Analysis This is an advanced cookbook and reference guide for digital forensic professionals. Best Digital Forensic Book Windows Forensic Analysis (Harlan Carvey) IPhone Forensics (Jonathan Zdziarski) File System Forensic Analysis (Brian Carrier). Forensics 2: Identifying File System and Extracting it. So that's sort of how I am going to look at this. The $UsnJrnl file contains a wealth of information about file system activity which can provide more context about what occurred on a system. Many of yours (WFA/Registry/Open Source-you and Altheide), Handbook of Digital Forensics and Investigation (Casey), Iphone and iOS Forensics / Android Forensics (Hoog), File System Forensic Analysis (carrier) etc.