StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

File System Analysis and Computers Forensics - Research Paper Example

Cite this document
Summary
The paper "File System Analysis and Computers Forensics" highlights that the File System Investigator gives the user time to see what the targeted files contained in a safe way. It can also help in avoiding normal operating system devices (Zanero, 2010). …
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER96.7% of users find it useful
File System Analysis and Computers Forensics
Read Text Preview

Extract of sample "File System Analysis and Computers Forensics"

? File System Analysis and Computers Forensics Introduction As the main storing constituent of a computer,the file system is said to be the foundation of a big pact of forensic evidence. Again, it is very crucial to underastand that forensic data has to be taken at the appropriate level of concept. For instance, the normal file system border will just access the files that are present. To imprison some information about the idle space that is there amid files, you have to make use of tools that are of little levels that can actually avoid the file system. Such kind of little level tools having an added advantage of removing false information that may be maliciously adapted by the file system code. This paper discusses the the employment of file system analysis in computer forensics, using file system analysis in different fields, as in Linux and others as well as the tools used in the file system analysis. Employing File System Analysis in Computers Forensics Computer forensics is part of numerical forensic science relating to legal indication that is found in the computers as well as digital storing means. Its main objective is to inspect digital means in a forensically way of sound with the purpose of improving, conserving, recognizing and giving facts as well as opinions around a certain info. Nelson, Phillips & Steuart, (2010) assert that even though it is mostly related with the study of corruption in computers, it may as well be used in civil records. They add that it involves alike methods and even the values of recovery of data. The indication from computer forensics inquiries is normally exposed to the similar rules and practices of other numerical indication and has been used in several cases. They argue that it is almost becoming accepted within the U.S as well as court system in Europea (Nelson, Phillips & Steuart, 2010). Nelson, Phillips & Steuart, (2010) add that there are a number of techniques used in computer forensics investigations. First, there is cross-drive analysis that relates info found on a number of drives. It can be used to classify social network and then perform anomaly discovery. Nelson, Phillips & Steuart, (2010) say that another common technique is the recorvery of deleted files. The newly used forensic software have got their individual gears for recovering data that is deleted. The inspection of PCs from the operating system with the use of sysadmin gears to get out evidence. The process is very important when you are mostly dealing with encrypting file system (Nelson, Phillips & Steuart, 2010). Using File System Analysis: Files are actually made up of two substances that are dissimilar where each and every file has got an inode linked to it that has metadata over that file. What the file contains are stored in form of datablocks. There are only 15 block pointers in the inode in Unix. If there are data blocks of 4K, then the likelihood of the file that is going to be addressed is about 60K. Linux supports a lot of dissimilar file systems, but mutual choices for these system disk on a block devices comprise ext* family (for instance the ext2, the ext3 as well as ext4), the btrfs, ReiserFS, XFS and JFS. There is also the UBIFS, JFFS2 and YAFFS between others, that can be used for raw flash that are without a Memory Technology Device (MTD) or even Flash Translation Layer (FTL). The usually compressed read only file system is the SquashFS. The SRM Windows File System collects statistics on the disk and file system properties that is connected to the machine. The data collected here is abridged through a lot of reports that may be to some extent modified with charts in the bang manager. FAT, FAT16, FAT32 as well as NTFS are some types of sytems files that can be maintained by the SRM Windows File System Agent for Windows and also supports discovery as well as discovery and analysis types of gathering data. HFS+ are said to be the most leading file systems that are found on any Macintosh. To identify the file system, someone may be left looking at a apparently data that is raw in a particular drive that is not assigned. Encase from Guidance Software as well as BBT Forensic Suite coming from BlackBagTechnologies is an example of a tool that can very well interpret the file system then give or eve display what the file contains in a maner that is user friendly. We find that the Macintosh itself knows better how to display the own file. Ubuntu can actually read as well as write disks and divider that uses the common NTFS and FAT32 formats but uses Ext4 by evasion since it is very hard for data to be lost incase of computer crash. At the same time, it can support big disks and files. Again, there is how files are arranged in Ubuntu. Here, there is only one root directory for the whole system. The root directory is known as “/” (the common slash, it is ot the same as the backslash as it is used in Windows) and all the disks as well as devices come out within this pecking order. This can simply be done practically by accessing the Ubuntu File System so that you can see the root directory. Tools used in File System Analysis The file system tools helps in investigating the file system of a machine, computer in this case, in a manner that is not invasive. Since the tools do not actually depend on the operating system so that the file system can be administered, deleted as well as the content that is secreted is exposed. It runs on Windows as well as Unix podiums. Zanero, (2010) states that there are a lot of tools that can be used in File System Analysis. AnalyzeMFT that examines an NTFS file system to MFT file and then give out the outcome accurately that will then give other tools room for more analysis. Autopsy Forensic Browser that will facilitate the line tools in the Sleuth Kit thereby letting one to see the owed files as well as erased ones, the codes of boot and divider tables and then creates a timelines of file action (Zanero, 2010). There is also the disktype that notices the gratified format of the disk. It has knowledge about the file system, boot codes as well as partition tables. There is also Explore2fs that makes it easy from inside Windows to see the contents of an Ext2FS. Other tools that can be used according to Zanero, (2010) are like the e2salvage that will tries to handle recorvery of data from ext2 file system that has been spoiled. It can take care of the spoiled files simply because it does not search data from specific places as well as not trusting the found data. Again, the Enhanced Linux Loopbackmodifies the loopback driver of the Linux core and can also add an extra purpose making the driver rival a disk drive in a certain manner. It however helps a lot in the automatic interpretation as well as partition mapping inside a hard drive. The File System Investigator also gives the user time to see what the targeted files contain in a safe way. It can also help in avoiding the normal operating system devices (Zanero, 2010). The last tool we may talk of is the SMART that takes benefit of the bigger volume of the file system that is supported by Linux. It also helps to note and filter the almanacs of a particular file, recuperate the files that are erased and also use hash databases in recognizing known files. Conclusion Generally, we find that File Sytem Analysis is very important in our lives when taken as a course. This is because it generally deals with the file system as well as the disk. At the same time, we find that is is also used to produce most of the indication in the present digital examination. We find that the file system of the computer is where a lot of the files are rather kept and at the same time, the place where a lot of indication can be established. Lastly, we also find that this is the most challenging part of the forensic analysis and therefore it needs a lot of care. Reference Nelson, B., Phillips, A., & Steuart, C. (2010). Guide to computer forensics and investigations. CengageBrain. com. Zanero, S. (2010). Open source software for digital forensics. Springer. . Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(“File System Analysis and computer forensics Research Paper”, n.d.)
Retrieved from https://studentshare.org/information-technology/1497334-file-system-analysis-and-computer-forensics
(File System Analysis and Computer Forensics Research Paper)
https://studentshare.org/information-technology/1497334-file-system-analysis-and-computer-forensics.
“File System Analysis and Computer Forensics Research Paper”, n.d. https://studentshare.org/information-technology/1497334-file-system-analysis-and-computer-forensics.
  • Cited: 0 times

CHECK THESE SAMPLES OF File System Analysis and Computers Forensics

Malware Forensic Computing

Casey, Malin and Aquilina (2008) state that “By employing techniques that thwart reverse engineering, encode and conceal network traffic, and minimize the traces left on file system, malicious code developers are making both discovery and forensic analysis both difficult.... orensic computing and malware forensics have become exceptionally significant areas in technological studies demanding special consideration so as to protect the security rights of e-consumers....
10 Pages (2500 words) Assignment

Computer Forensics

Computer forensics is commonly used to refer to the analysis and reporting of the information collected from the forensic analysis of digital-related media.... This article takes a critical analysis of computer forensics as a way of presenting evidence in courts on matters pertaining to computer crimes.... The paper focuses on the importance of computer forensics in collecting, interpreting and presenting evidence relating to cyberspace crimes....
11 Pages (2750 words) Research Paper

Computer forensics laboratory

This could be done through processes called hash analysis and signature analysis.... Logical analysis looks at the evidence from a file system perspective using system tools such as file manager, file viewer and the like.... Computer forensics is a discipline that integrates aspects of law and computer in the process of data collection and assessment from “computer systems, networks, wireless communications, and storage devices” in a manner that does not violate procedural laws on admissibility (US-CERT 2008)....
3 Pages (750 words) Essay

Computer Fraud Tools

Cell phone analysis tools These are tools that are used to read a SIM card.... Wells, 2010) This software recovers completely deleted files, lost through the following reasons; folders and files deleted from the recycle bin, deleted files from the hard disk accidentally, folders and files deleted through the shift+ delete keys command, and lastly unexpected software failure or system shutdown (Sammons, 2012).... This software works best in machines that contain 64MB or more of system memory, with a processor of Pentium II 400 MHz core or a more advanced processor than this, and lastly it can work in Vista, Windows 7, and XP, 98, 2000, 2002, and 2003 (Sammons, 2012)....
3 Pages (750 words) Essay

Characteristics of Computer Forensics

Computer forensics is relatively a new area developed in the According to US-CERT (2008), “computer forensics is the discipline that combines elements of law and computer science to collect and analyze data from computer systems, networks, wireless communications, and storage devices in a way that is admissible as evidence in a court of law” (US-CERT, 2008,p.... Computer forensics is an important tool for managers and network administrators who handle the security related issues of the computer systems....
5 Pages (1250 words) Essay

Role of Computer Forensics and Investigation Report in Criminology

From the paper "Role of Computer forensics and Investigation Report in Criminology" it is clear that whole Disk Encryption is a process in which full contents of a hard drive are converted into unique codes.... As such, it is possible to collect information concerning deleted files in a computer system hence the relevance of slack space in digital forensics.... he physical drive is another commonly used term in computer forensics.... In many computers, users partition the existing physical drive into several portions that represent 'independent' storage units (Pachghare, 2009)....
5 Pages (1250 words) Research Paper

Digital Forensics and Digital Investigation

The paper " Digital forensics and Digital Investigation" tells that with the fast growth of technology, it is not easy for law enforcement and computer experts to be ahead of the technologically knowledgeable criminals.... Usually, EEDI is a superset of the whole thing about digital forensics.... It presumes that one can take care of the forensics of a computer's hard drive and also can gather the logs from a firewall and manage all the evidence appropriately as per the standard practices, for instance, the Association of Chief Police Officers (ACPO) 'Good Practice Guide for Computer-based Evidence'....
5 Pages (1250 words) Essay

Independent Expert Witness Use of Computer Forensic

The paper "Independent Expert Witness Use of Computer Forensic" highlights that generally, now many educational institutions are offering computer forensics degrees, and related education has become a minimum requirement to stay competitive in the industry.... Computer forensics consulting firms or freelance computer forensic investigators are also hired by large corporations to test the information systems security they have in place.... This has created an increased need for individuals educated in computer forensics or computer forensic investigators....
10 Pages (2500 words) Coursework
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us