Forensic Examination of Windows-Supported File Systems

Understanding the underlying system of how files are stored, what happens when they are deleted, and how to potentially recover them is essential to the digital forensic examiner. Today's computer forensic tools automate the process of file recovery, but understanding what those tools are accomplishing and knowing whether they are providing accurate results requires an understanding of the information provided in this text. The FAT and NTFS file systems are the most commonly utilized information storage methods and while there are many other methods available, concentrating on these two lays the foundation for learning the others in the future. A brief introduction of ExFAT is included, as it is a relatively new file system used with larger flash drives. Forensic Examination of Windows-Supported File Systems will provide the basis for this knowledge and the practical expertise to begin the journey of becoming a digital forensic scientist.

Author: Drew Elrick
Publisher: Createspace Independent Publishing Platform
Published: 04/07/2014
Pages: 392
Binding Type: Paperback
Weight: 2.65lbs
Size: 10.90h x 8.40w x 1.00d
ISBN13: 9781497358355
ISBN10: 1497358353
BISAC Categories:
- Computers | Computer Science

About the Author
Doug Elrick has worked in the area of digital forensics for over twenty years. He instructs law enforcement and corporate security investigators in proper forensic methodologies and in the use of common computer forensic applications. Doug holds a Master's of Science in Digital Forensics from the University of Central Florida and has obtained the following digital forensic certifications: CFCE and CAWFE from IACIS, EnCE from Guidance Software, and ACE from AccessData.

This title is not returnable