Live Data Acquisition is the process of extracting volatile information present in the registries, cache, and RAM of digital devices through its normal interface. The volatile information is dynamic in nature and changes with time, therefore, the investigators should collect the data in real time. Simple actions such as looking through the files on a running computer or booting up the computer have the potential to destroy or modify the available evidence data, as it …
Understanding Data Acquisition in this the forensic data acquisition is a process of imaging or collecting information from various media in accordance with certain standards for analyzing its forensic value. With the progress of technology, the process of data acquisition has become more accurate, simple, and versatile. It uses many types of equipment , starting from small sensors to classy computers. Data acquisition is that the process of sampling signals that measure world physical conditions …
File System Analysis Using Autopsy is a digital forensics platform and graphical interface to The Sleuth Kite and other digital forensics tools. Law enforcement, military, and corporate examiners use it to investigate what happened on a computer. You can even use it to recover photos from your camera’s memory card. Autopsy is an end-to-end platform with modules that come with it out of the box and others that are available from third-parties. Some of the …
Overview of File System Analysis in this article explain American Standard Code for Information Interchange (ASCII) and unicode diffrent computer languages which can be used in file system and also explain which of file system cannot be analysis and Hex View of Popular Image File formats. Understanding ASCII, Unicode, and Offset 1. American Standard Code for Information Interchange (ASCII) Developed from telegraph codes, ASCII is a character encoding standard used in digital devices such as …
Redundant Array of Independent Disks (RAID) may be a technology that uses multiple smaller disks simultaneously, which function as one large volume. It provides a specific method of accessing one or many separate hard disks, thereby decreasing the risk of losing all data if at all a hard disk fails or is susceptible to damages, and it also helps in improving access time. The RAID technology helps users to: Maintain a large amount of knowledge …
Learn about CD-ROM/DVD File System in this article computer systems require file systems, such as NTFS or UNIX, to exchange and access the data contained in files easily and quickly. They divide data stored on CD-ROMs into sectors, containing both user data and error correction codes, Users need not worry about which data is stored in which sector, but should have an understanding of the CD-ROM fife structure. ISO 9660 ISO (International Organization for Standardization) …
Overview of ZFS file system as well as a logical volume manager developed by Sun Microsystems. The ZFS offers features like high storage capability, data protection, data compression, volume management, copy-on-write clones, data integrity checking, and automatic repair. Features US Pooled Storage Model This file system uses the storage pool model, which defines the storage characteristics and acts as a random data store from the point of creation of file systems. The storage allows the …
Overview of Mac OS X File Systems in this article Apple’s Mac OS X uses a different approach in storing the data, when compared to the Windows and Linux. This section will make investigators aware of the file systems that different versions of Mac operating systems use. Mac OS X File Systems 1. Hierarchical File System (HFS) Apple had developed the Hierarchical File System (HFS) in September 1985 to support the MAC OS in its …
In this blog explain Linux File System Architecture, File system Hierarchy atandard (FHS), Extended File System (EXT), Second Extended File System (EXT2), Second Extended File System (EXT2) (Cont’d), Second Extended File System (EXT2) (Cont’d) etc… Linux OS uses different file systems to store the data. As the investigators may encounter the attack source or victim systems to be running on Linux, they should have comprehensive knowledge regarding the storage methods it employs. The following section …
In this blog explain The Encrypting File System | EFS is a feature of the Windows 2000 operating system that lets any file or folder be stored in encrypted form and decrypted only by an individual user and an authorized recovery agent. To protect files from mishandling and to ensure their security, the system should encrypt them. NTFS has Encrypting File System (EFS) as built-in feature. Encryption in file systems uses symmetric key encryption technology …
