|
|
|
|
|
Posted by Rob Slade, doting grandpa of R on August 8, 2005, 2:51 pm
If you were Registered and logged in, you could reply and use other advanced thread options
BKFSFRAN.RVW 20050608
"File System Forensic Analysis", Brian Carrier, 2005, 0-321-26817-2,
U$49.99/C$69.99
%A Brian Carrier
%C P.O. Box 520, 26 Prince Andrew Place, Don Mills, Ontario M3C 2T8
%D 2005
%G 0-321-26817-2
%I Addison-Wesley Publishing Co.
%O U$49.99/C$69.99 416-447-5101 800-822-6339 bkexpress@aw.com
%O http://www.amazon.com/exec/obidos/ASIN/0321268172/robsladesinterne
http://www.amazon.co.uk/exec/obidos/ASIN/0321268172/robsladesinte-21
%O http://www.amazon.ca/exec/obidos/ASIN/0321268172/robsladesin03-20
%O Audience a- Tech 2 Writing 1 (see revfaq.htm for explanation)
%P 569 p.
%T "File System Forensic Analysis"
The preface states, correctly, that there is little information for
the forensic investigator on the topic of file system structures and
internals that are useful for providing direction on tracing and
tracking information on the disk. The author also notes that there
are a number of worthwhile texts that address the general topic of
investigation. Therefore, the author intends to address the former
rather than the latter. At the same time, there is an implication in
the initial section that this work is only the merest introduction to
the subject of computer forensics.
Part one is aimed at providing foundational concepts. Chapter one, in
fact, does provide a quick review of the investigation process, and a
list of forensic software toolkits. A sort of "Computers 101" is in
chapter two, with a not-terribly-well structured collection of facts
about data organization, drive types, and so forth, with varying
levels of detail. Chapter three addresses different factors and
problems in hard disk data acquisition, although the inventory is
neither complete nor fully explained.
Part two deals with the analysis of drive volumes or partitions, with
chapter four outlining basic structures. DOS (FAT [File Allocation
Table] and NTFS) and Apple partition details are discussed in chapter
five. Chapter six reviews various UNIX partitions. Multi-disk
systems, such as RAID (Redundant Array of Inexpensive Disks) are
covered in chapter seven.
Part three delves into the data structures of the file system itself.
Chapter eight introduces concepts used in considering file systems.
Details of the FAT system are in chapters nine and ten. A very
detailed explanation of the disk and file structures of the NTFS
system, as well as considerations for analysis, is provided in
chapters eleven to thirteen. The Linux Ext2 and Ext3 structures are
discussed in chapters fourteen and fifteen. Chapters sixteen and
seventeen cover the UFS1 and UFS2 schemes, found primarily in BSD
(Berkeley Systems Distribution) derived versions.
This book does provide a wealth of detail, once it gets into the
specifics of partitions and structures. The introductory material,
writing, and technical level are quite uneven, which makes it
difficult to use. Still, those seriously involved with the data
recovery aspect of digital forensics should consider this work a
valuable resource.
copyright Robert M. Slade, 2005 BKFSFRAN.RVW 20050608
--
======================
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@sun.soci.niu.edu
============= for back issues:
[Base URL] site http://victoria.tc.ca/techrev/
or mirror http://sun.soci.niu.edu/~rslade/
CISSP refs: [Base URL]mnbksccd.htm
Security Dict.: [Base URL]secgloss.htm
Book reviews: [Base URL]mnbk.htm
Review mailing list: send mail to techbooks-subscribe@egroups.com
or techbooks-subscribe@topica.com
|
| Similar Threads | Posted | | REVIEW: "Spam Kings", Brian McWilliams | August 29, 2005, 9:44 pm |
| Forensic Analysis of Facial Features | April 12, 2008, 9:14 am |
| REVIEW: "Forensic Discovery", Dan Farmer/Wietse Venema | September 14, 2005, 3:11 pm |
| REVIEW: "Enterprise Information Systems Assurance and System Security", Merrill Warkentin/Rayford Vaughn | May 23, 2008, 4:44 pm |
| SSRT4726 rev.0 Carrier Grade Invalid LAN Management Configuration | April 8, 2004, 6:34 am |
| File collaboration system with encryption? | July 22, 2007, 10:49 pm |
| HPSBUX02203 SSRT071339 rev.1 - HP-UX Running Portable File System (PFS), Remote Increase in Privilege | April 17, 2007, 2:56 pm |
| Single tool for audit, compliance, penetration test and forensic | April 10, 2008, 6:44 am |
| Ciphire - Schneier Analysis | February 14, 2005, 12:01 am |
| Cisco IOS Configuration analysis | September 16, 2005, 6:15 pm |
|
|
|
XML site map