| 
  • If you are citizen of an European Union member nation, you may not use this service unless you are at least 16 years old.

  • You already know Dokkio is an AI-powered assistant to organize & manage your digital files & messages. Very soon, Dokkio will support Outlook as well as One Drive. Check it out today!

View
 

File Systems

Page history last edited by Patrick 5 years, 1 month ago

Lecture Overview

     In these videos we discuss the FAT file system, partitions, and hashing. It's very simple but illustrates the important components of a file system.  I also demonstrate how to manually recover a file. Why? Why would we do this when we have tools to do this for us? Because it's like any complicated task. It's important to understand the structure of the file system, how files are allocated and deallocated, and how the tools recover the files.  The term 'forensics' refers to science as applied in a court of law.  Ever hear of an expert witness?  Expert witnesses need to understand the details of how things work in order to be considered an 'expert.' Imagine an 'expert witness' being grilled on the stand:

 

Attorney:  So, Ms. Smith, you consider yourself an expert in digital forensics, correct?

Ms. Smith: Yes I do!

Attorney: So Ms. Smith, you used FTK to recover deleted files on my client's computer, correct?

Ms. Smith: Yes, I did!

Attorney: So, Ms. Smith, can you tell me how FTK recovers the files?
Ms. Smith: Well, I just push the button that says "recover deleted files." It's automatic. When I push the button, the files show up.

Attorney: So, you are telling the court that you don't understand, and can't verbalize, how FTK works in order to recover deleted files, is that correct?

Ms. Smith: Uhhhhh....

Judge: You're kidding me ...

 

Well, that's not exactly how vetting an expert works, but  you can imagine the scenario.  Physicians, auto mechanics, plane mechanics, and all forensic scientists need to under stand HOW the physical and logical systems work in order to provide an accurate diagnosis or scientific interpretation. And THAT'S why we are recovering files manually!

 

Later we will use several tools to automatically recover the files, AFTER you see how to recover them manually.  And then, you'll be able to verbalize WHAT the tools are doing behind the scenes in order to recover the files. Cool!

 

Videos:

 

 

Slides:

 

Readings:

 

Additional Supporting Material:

 

 

Comments (0)

You don't have permission to comment on this page.