file

Understanding-EProcess-Structure

Understanding EProcess Structure

CHFI / By

Understanding EProcess Structure in Each process on the Windows operating system is associated with an executive process or Eprocess block. It is the basic data structure that stores various attributes of the process and the pointer to the other attributes and data structures related to the process. The investigator can read this data structure. The data structure is essentially a sequence of bytes, with each sequence having a particular meaning. The size and even the …

Understanding EProcess Structure Read More »

Collecting-Hidden-Partition-Information

Collecting Hidden Partition Information

Leave a Comment / CHFI, Knowledge Base / By

In this article explain Collecting Hidden Partition Information and diffrent types of hard disk partition and file formates. 1. Partition Logic Partition Logic is a hard disk partitioning and data management tool. It can create, delete, erase, format, defragment, resize, copy, and move partitions and modify their attributes. It can copy entire hard disks from one to another. 2. Partition Find & Mount Partition Find & Mount implements a new concept of deleted or lost …

Collecting Hidden Partition Information Read More »

Understand-Microsoft-Authentication

Understand Microsoft Authentication

1 Comment / CHFI, Knowledge Base / By

Understand Microsoft Authentication in this article When users log in to the Windows pc, a series of steps is performed for user authentication. The Windows OS authenticates its users with the help of 3 mechanisms (protocols) provided by the Microsoft. SAM database Windows uses the sam info to manage user accounts and passwords within the hashed format (one-way hash). The system doesn’t store the passwords in plaintext format however stores them in hashed format in …

Understand Microsoft Authentication Read More »

Understand-Anti-forensics-and-their-goals

Understand Anti-forensics and their goals

Leave a Comment / CHFI, Knowledge Base / By

Understand Anti-forensics and their goals, also referred to as counter forensics, may be a set of techniques that attackers or perpetrators use so as to avert or sidetrack the forensic investigation process or attempt to make it much harder. These techniques negatively impact the number and quality of evidence from a criminal offense scene, thereby making the forensic investigation process difficult. Therefore, the investigator may need to conduct a few more additional steps so as …

Understand Anti-forensics and their goals Read More »

Understand-Linux-Standard-Tools

Understand Linux Standard Tools

Leave a Comment / CHFI, Knowledge Base / By

Understand Linux Standard Tools in this the forensic investigators use built-in Linux command dd to copy data from a disk drive. This command can create a bit-stream disk-to-disk copy and a disk-to-image file. It can copy any disk data that Linux can mount and access. Forensic tools like AccessData FTC and Hook, can read dd image files. In Linux, the advantage of dd command is its independence on any additional computer resources. The dd command …

Understand Linux Standard Tools Read More »

File-System-Analysis-Using-Autopsy

File System Analysis Using Autopsy

1 Comment / CHFI / By

File System Analysis Using Autopsy is a digital forensics platform and graphical interface to The Sleuth Kite and other digital forensics tools. Law enforcement, military, and corporate examiners use it to investigate what happened on a computer. You can even use it to recover photos from your camera’s memory card. Autopsy is an end-to-end platform with modules that come with it out of the box and others that are available from third-parties. Some of the …

File System Analysis Using Autopsy Read More »

Overview-of-File-System-Analysis

Overview of File System Analysis

Leave a Comment / CHFI / By

Overview of File System Analysis in this article explain American Standard Code for Information Interchange (ASCII) and unicode diffrent computer languages which can be used in file system and also explain which of file system cannot be analysis and Hex View of Popular Image File formats. Understanding ASCII, Unicode, and Offset 1. American Standard Code for Information Interchange (ASCII) Developed from telegraph codes, ASCII is a character encoding standard used in digital devices such as …

Overview of File System Analysis Read More »

Learn-about-CD-ROMDVD-File-System

Learn about CD-ROM/DVD File System

Leave a Comment / CHFI / By

Learn about CD-ROM/DVD File System in this article computer systems require file systems, such as NTFS or UNIX, to exchange and access the data contained in files easily and quickly. They divide data stored on CD-ROMs into sectors, containing both user data and error correction codes, Users need not worry about which data is stored in which sector, but should have an understanding of the CD-ROM fife structure. ISO 9660 ISO (International Organization for Standardization) …

Learn about CD-ROM/DVD File System Read More »

Overview-of-ZFS-file-system

Overview of ZFS file system

Leave a Comment / CHFI, Knowledge Base / By

Overview of ZFS file system as well as a logical volume manager developed by Sun Microsystems. The ZFS offers features like high storage capability, data protection, data compression, volume management, copy-on-write clones, data integrity checking, and automatic repair. Features US Pooled Storage Model This file system uses the storage pool model, which defines the storage characteristics and acts as a random data store from the point of creation of file systems. The storage allows the …

Overview of ZFS file system Read More »

Overview-of-Mac-OS-X-File-Systems

Overview of Mac OS X File Systems

Leave a Comment / CHFI / By

Overview of Mac OS X File Systems in this article Apple’s Mac OS X uses a different approach in storing the data, when compared to the Windows and Linux. This section will make investigators aware of the file systems that different versions of Mac operating systems use. Mac OS X File Systems 1. Hierarchical File System (HFS) Apple had developed the Hierarchical File System (HFS) in September 1985 to support the MAC OS in its …

Overview of Mac OS X File Systems Read More »