| 
  • If you are citizen of an European Union member nation, you may not use this service unless you are at least 16 years old.

  • Stop wasting time looking for files and revisions. Connect your Gmail, DriveDropbox, and Slack accounts and in less than 2 minutes, Dokkio will automatically organize all your file attachments. Learn more and claim your free account.

View
 

File Systems

Page history last edited by Patrick 1 year, 7 months ago

Lecture Overview

     In these videos we discuss the FAT file system, partitions, and hashing. It's very simple but illustrates the important components of a file system.  I also demonstrate how to manually recover a file. Why? Why would we do this when we have tools to do this for us? Because it's like any complicated task. It's important to understand the structure of the file system, how files are allocated and deallocated, and how the tools recover the files.  The term 'forensics' refers to science as applied in a court of law.  Ever hear of an expert witness?  Expert witnesses need to understand the details of how things work in order to be considered an 'expert.' Imagine an 'expert witness' being grilled on the stand:

 

Attorney:  So, Ms. Smith, you consider yourself an expert in digital forensics, correct?

Ms. Smith: Yes I do!

Attorney: So Ms. Smith, you used FTK to recover deleted files on my client's computer, correct?

Ms. Smith: Yes, I did!

Attorney: So, Ms. Smith, can you tell me how FTK recovers the files?
Ms. Smith: Well, I just push the button that says "recover deleted files." It's automatic. When I push the button, the files show up.

Attorney: So, you are telling the court that you don't understand, and can't verbalize, how FTK works in order to recover deleted files, is that correct?

Ms. Smith: Uhhhhh....

Judge: You're kidding me ...

 

Well, that's not exactly how vetting an expert works, but  you can imagine the scenario.  Physicians, auto mechanics, plane mechanics, and all forensic scientists need to under stand HOW the physical and logical systems work in order to provide an accurate diagnosis or scientific interpretation. And THAT'S why we are recovering files manually!

 

Later we will use several tools to automatically recover the files, AFTER you see how to recover them manually.  And then, you'll be able to verbalize WHAT the tools are doing behind the scenes in order to recover the files. Cool!

 

Videos:

 

 

Slides:

 

Readings:

 

Additional Supporting Material:

 

 

Comments (0)

You don't have permission to comment on this page.