File System Forensics
暫譯: 檔案系統取證分析

Comprehensive forensic reference explaining how file systems function and how forensic tools might work on particular file systems

File System Forensics delivers comprehensive knowledge of how file systems function and, more importantly, how digital forensic tools might function in relation to specific file systems. It provides a step-by-step approach for file content and metadata recovery to allow the reader to manually recreate and validate results from file system forensic tools.

The book includes a supporting website that shares all of the data (i.e. sample file systems) used for demonstration in the text and provides teaching resources such as instructor guides, extra material, and more.

Written by a highly qualified associate professor and consultant in the field, File System Forensics includes information on:

• Preliminary concepts for necessary studying file system forensics for anyone with basic computing experience but without specific knowledge on digital forensics and file systems
• File systems specific to Windows, Linux, and macOS, with coverage of FAT, ExFAT, and NTFS
• Advanced topics such as deleted file recovery, fragmented file recovery, searching for particular files, links, checkpoints, snapshots, and RAID
• Issues facing file system forensics today and various issues that might evolve in the field in the coming years

File System Forensics is an essential, up-to-date reference on the subject for graduate and senior undergraduate students in digital forensics, as well as digital forensic analysts and other law enforcement professionals.