The Virtual Bookcase for browsing and sharing reviews of books. New to this site? Read the welcome page first.

The Virtual Bookcase Home
Recent reviews
Collected book news
Welcome to this site

Book details of 'File System Forensic Analysis'

Cover of File System Forensic Analysis
TitleFile System Forensic Analysis
Author(s)Brian Carrier
PublishedMarch 2005
PublisherAddison-Wesley Professional
Web links for this book
Search at
Wikipedia booksources
Shop for this book
As an Amazon Associate I earn from qualifying purchases

Back to shelf Computer security


Vote for this book

The Virtual Bookcase Reviews of 'File System Forensic Analysis':

Reviewer Rob Slade wrote:
The preface states, correctly, that there is little information for the forensic investigator on the topic of file system structures and internals that are useful for providing direction on tracing and tracking information on the disk. The author also notes that there are a number of worthwhile texts that address the general topic of investigation. Therefore, the author intends to address the former rather than the latter. At the same time, there is an implication in the initial section that this work is only the merest introduction to the subject of computer forensics. Part one is aimed at providing foundational concepts. Chapter one, in fact, does provide a quick review of the investigation process, and a list of forensic software toolkits. A sort of "Computers 101" is in chapter two, with a not-terribly-well structured collection of facts about data organization, drive types, and so forth, with varying levels of detail. Chapter three addresses different factors and problems in hard disk data acquisition, although the inventory is neither complete nor fully explained. Part two deals with the analysis of drive volumes or partitions, with chapter four outlining basic structures. DOS (FAT [File Allocation Table] and NTFS) and Apple partition details are discussed in chapter five. Chapter six reviews various UNIX partitions. Multi-disk systems, such as RAID (Redundant Array of Inexpensive Disks) are covered in chapter seven. Part three delves into the data structures of the file system itself. Chapter eight introduces concepts used in considering file systems. Details of the FAT system are in chapters nine and ten. A very detailed explanation of the disk and file structures of the NTFS system, as well as considerations for analysis, is provided in chapters eleven to thirteen. The Linux Ext2 and Ext3 structures are discussed in chapters fourteen and fifteen. Chapters sixteen and seventeen cover the UFS1 and UFS2 schemes, found primarily in BSD (Berkeley Systems Distribution) derived versions. This book does provide a wealth of detail, once it gets into the specifics of partitions and structures. The introductory material, writing, and technical level are quite uneven, which makes it difficult to use. Still, those seriously involved with the data recovery aspect of digital forensics should consider this work a valuable resource. copyright Robert M. Slade, 2005

Add my review for File System Forensic Analysis
Search The Virtual Bookcase

Enter a title word, author name or ISBN.

The shelves in The Virtual Bookcase

Arts and architecture (25)
Biography (24)
Business and Management (120)
Cars and driving (53)
Cartoons (45)
Children's books (180)
Computer (475)
Computer history/fun (113)
Computer networks (382)
Computer programming (215)
Computer security (272)
Cook books (89)
Fantasy (154)
Fiction (446)
Health and body (71)
History (138)
Hobby (37)
Horror (65)
Humorous books (52)
Literature (57)
Operating systems (94)
Outdoor camping (162)
Outdoors (236)
Politics (85)
Privacy (61)
Psychology (55)
Religion (17)
Science (113)
Science Fiction (156)
Self-help books (56)
Technology (14)
Travel guides (308)
War and weapons (29)
World Wide Web (213)
Zen (5)
Other books (89)

The Virtual Bookcase is created and maintained by Koos van den Hout. Contact e-mail
Site credits
Copyright © 2000-2020 Koos van den Hout / The Virtual Bookcase Copyright and privacy statement