Forensic Analysis of Disk-based Evidence

by Ric Messier

Released December 2017

Publisher(s): O'Reilly Media, Inc.

ISBN: 9781492029113

Start your free trial

Video description

Today, our information- and knowledge-based economy generates vast amounts of data that is at some point saved to storage devices, such as hard drives or solid-state drives or chips, or portable devices like USB sticks. Still and video cameras also contain cards to store images. Understanding how all of these devices are formatted and how to get data from them is critical to a forensic investigator. Both law enforcement and corporate investigators need to understand the value and techniques of searching for evidence of crime or intrusions on computer systems.

Designed for people with entry- to intermediate-level knowledge of computer systems and data storage systems, this course benefits those without much practical experience in regard to digital forensics and includes instruction and demonstrations. In it, you’ll see how to use SleuthKit, an open source collection of command-line tools and a C library with which you can analyze disk images. You’ll learn about the main file storage architectures such as File Allocation Table (FAT), NT File System (NTFS), and ext2/3. You’ll learn how to conduct basic forensic procedures to extract valuable information that could be crucial in uncovering illegal activities or revealing whether a device has been the target of an attack.