Regular marked price: $54.99Discount Price: $34.01
Cost Savings: $20.98 (38%)Price fluctuation possible.
How soon does it ship: Normal ship time within one day
Type of bind: Kindle Edition
Dewey Decimal Number: 005.8
Format: Kindle Book
Label: Addison Wesley
Manufacturer: Addison Wesley
Quantity: 1
Page Count: 600
Printing Date: March 16, 2007
Publishing house: Addison Wesley
Release Date: March 16, 2007
Sale Popularity Level: 10918
Studio: Addison Wesley
Other books you might be interested in perusing:
Editor's Notes and Comments:
Product Description:
The Definitive Guide to File System Analysis: Key Concepts and Hands-on Techniques
Most digital evidence is stored within the computer's file system, but understanding how file systems work is one of the most technically challenging concepts for a digital investigator because there exists little documentation. Now, security expert Brian Carrier has written the definitive reference for everyone who wants to understand and be able to testify about how file system analysis is performed.
Carrier begins with an overview of investigation and computer foundations and then gives an authoritative, comprehensive, and illustrated overview of contemporary volume and file systems: Crucial information for discovering hidden evidence, recovering deleted data, and validating your tools. Along the way, he describes data structures, analyzes example disk images, provides advanced investigation scenarios, and uses today's most valuable open source file system analysis tools-including tools he personally developed. Coverage includes
- Preserving the digital crime scene and duplicating hard disks for 'dead analysis'
- Identifying hidden data on a disk's Host Protected Area (HPA)
- Reading source data: Direct versus BIOS access, dead versus live acquisition, error handling, and more
- Analyzing DOS, Apple, and GPT partitions; BSD disk labels; and Sun Volume Table of Contents using key concepts, data structures, and specific techniques
- Analyzing the contents of multiple disk volumes, such as RAID and disk spanning
- Analyzing FAT, NTFS, Ext2, Ext3, UFS1, and UFS2 file systems using key concepts, data structures, and specific techniques
- Finding evidence: File metadata, recovery of deleted files, data hiding locations, and more
- Using The Sleuth Kit (TSK), Autopsy Forensic Browser, and related open source tools
When it comes to file system analysis, no other book offers this much detail or expertise. Whether you're a digital forensics specialist, incident response team member, law enforcement officer, corporate security specialist, or auditor, this book will become an indispensable resource for forensic investigations, no matter what analysis tools you use.
User popularity level:
Rated by buyers -
I've been in IT for over 25 years, and in that time I've read a lot of technical books. "File System Forensic Analysis" is not only the best book I have read on computer forensics, it's probably the best technical work in ANY field I've ever read. It's thoroughly researched, clearly written, and contains virtually no fluff. The numerous rave reviews it has received are well-deserved.
My only quibble is the short, but seemingly gratuitous section on hexadecimal and decimal arithmetic. If you're ready for this book, you'll already know this stuff. But, that's only a few pages in a book that's otherwise packed with real substance.
Rated by buyers -
I can't say enough good things about this book and author. The material is beautifully laid out and the writing style is fluid and effortless. The author has a real talent for using metaphors and figures to illustrate elusive concepts.
All but the very rarest file systems are covered, and numerous 'screenshots' show how to use the Linux command prompt and get your hands dirty exploring disks on your own.
While this book is a gold standard for digital forensic examiners, it would also be valuable to the computer enthusiast who's interested in things such as what happens to their hard drive when they format it, exactly what happens during the boot process, etc.
I've had 3 courses in digital forensics, and this book gives an in-depth discusion of disk level concepts (HPA, FAT, MFT, etc) that were merely glossed over in my formal studies.
Rated by buyers -
Great resource on file systems and file system data structures, although I wish it covered Apple's HFS+.
Rated by buyers -
Great Book. Great job Brian. A must have in your bookshelf if you are serious about computer forensics.
It only lacks two things to be perfect: a reiserfs and a HFS+ sections.
Only an error. GPT partition schema isn't used only in big servers. New Intel Macintoshes use it by default for their boot drive.
Rated by buyers -
Thanks a lot, we are very happy to have this book in our library!
Find other books like this one:
