Mon premier blog

File System Forensic Analysis Brian Carrier
Publisher: Addison-Wesley Professional

Using hashdeep, I compared the hashes from the tainted virtual machine against the hashes from the clean virtual machine: 68 files had a hash that did not match any of the hashes in the clean set. As forensic analysts, we are providing someone with our account of a real person's actions and events. Rather it is a look at some of the tools I use in my practice and how they can be applied to iPhone forensic analysis. I had recently completed Brian Carrier's, “File System Forensic Analysis,” (also an amazing book) and was looking for something a bit less in-depth and more of a general digital forensics book. This article dealt primarily with what we term system or file system forensics. One of my peers recently wrote an article providing a good introductory explanation of computer forensics in his review of a SANS course. I feel that I have been doing more “malware analysis” lately, and not enough “traditional forensics”, so I wanted to also take a look at this sample via the file system. I'm pretty sure this dude dreams in binary. It is not the intent of this blog post to be an all-encompassing guide to the forensic analysis of an iPhone. I was asked to speak on the topic of “Linux Filesystems”, and I have chosen to focus on the ext2 and ext3 filesystem data structures. The most interesting files are: ~/.local/share/ gvfs-metadata/home: I don't think the TBB can really do anything to make a system forensics proof against somebody who has physical possession of the machine. So that's sort of how I am going to look at this. This new file system is proprietary and requires licensing from Microsoft and little has been published about. This week, we have a wealth of File System information, new and old, updates to the popular and versatile RegRipper program, and some very promising research in the area of memory forensics. We are telling people through our discoveries what someone did or didn't do on a particular system. Here's a starter list: File System Forensic Analysis, Brian Carrier.