Web Online Help

File System Forensic AnalysisTable of ContentsCopyrightForewordPrefaceRoadmapScope of BookResourcesAcknowledgmentsPart I: FoundationsChapter 1. Digital Investigation FoundationsDigital Investigations and EvidenceDigital Crime Scene Investigation ProcessData AnalysisOverview of ToolkitsSummaryBibliographyChapter 2. Computer FoundationsData OrganizationBooting ProcessHard Disk TechnologySummaryBibliographyChapter 3. Hard Disk Data AcquisitionIntroductionReading the Source DataWriting the Output DataA Case Study Using ddSummaryBibliographyPart II: Volume AnalysisChapter 4. Volume AnalysisIntroductionBackgroundAnalysis BasicsSummaryChapter 5. PC-based PartitionsDOS PartitionsAnalysis ConsiderationsApple PartitionsRemovable MediaBibliographyChapter 6. Server-based PartitionsBSD PartitionsSun Solaris SlicesGPT PartitionsSummaryBibliographyChapter 7. Multiple Disk VolumesRAIDDisk SpanningBibliographyPart III: File System AnalysisChapter 8. File System AnalysisWhat is a File System?File System CategoryContent CategoryMetadata CategoryFile Name CategoryApplication CategoryApplication-level Search TechniquesSpecific File SystemsSummaryBibliographyChapter 9. FAT Concepts and AnalysisIntroductionFile System CategoryContent CategoryMetadata CategoryFile Name CategoryThe Big PictureOther TopicsSummaryBibliographyChapter 10. FAT Data StructuresBoot SectorFAT32 FSINFOFATDirectory EntriesLong File Name Directory EntriesSummaryBibliographyChapter 11. NTFS ConceptsIntroductionEverything is a FileMFT ConceptsMFT Entry Attribute ConceptsOther Attribute ConceptsIndexesAnalysis ToolsSummaryBibliographyChapter 12. NTFS AnalysisFile System CategoryContent CategoryMetadata CategoryFile Name CategoryApplication CategoryThe Big PictureOther TopicsSummaryBibliographyChapter 13. NTFS Data StructuresBasic ConceptsStandard File AttributesIndex Attributes and Data StructuresFile System Metadata FilesSummaryBibliographyChapter 14. Ext2 and Ext3 Concepts and AnalysisIntroductionFile System CategoryContent CategoryMetadata CategoryFile Name CategoryApplication CategoryThe Big PictureOther TopicsSummaryBibliographyChapter 15. Ext2 and Ext3 Data StructuresSuperblockGroup Descriptor TablesBlock BitmapInodesExtended AttributesDirectory EntrySymbolic LinkHash TreesJournal Data StructuresSummaryBibliographyChapter 16. UFS1 and UFS2 Concepts and AnalysisIntroductionFile System CategoryContent CategoryMetadata CategoryFile Name CategoryThe Big PictureOther TopicsSummaryBibliographyChapter 17. UFS1 and UFS2 Data StructuresUFS1 SuperblockUFS2 SuperblockCylinder Group SummaryUFS1 Group DescriptorUFS2 Group DescriptorBlock and Fragment BitmapsUFS1 InodesUFS2 InodesUFS2 Extended AttributesDirectory EntriesSummaryBibliographyAppendix A. The Sleuth Kit and AutopsyThe Sleuth KitAutopsyBibliographyIndexindex_SYMBOLindex_Aindex_Bindex_Cindex_Dindex_Eindex_Findex_Gindex_Hindex_Iindex_Jindex_Lindex_Mindex_Nindex_Oindex_Pindex_Rindex_Sindex_Tindex_Uindex_Vindex_Windex_X