| ( ! ) Warning: include(/d1/www/homes/florian/header.php) [function.include]: failed to open stream: No such file or directory in /var/www/homes/florian/public_html/forensics.php on line 12 |
|---|
| Call Stack |
|---|
| # | Time | Memory | Function | Location |
|---|
| 1 | 0.0007 | 98280 | {main}( ) | ../forensics.php:0 |
| ( ! ) Warning: include() [function.include]: Failed opening '/d1/www/homes/florian/header.php' for inclusion (include_path='.:/usr/share/php:/usr/share/pear') in /var/www/homes/florian/public_html/forensics.php on line 12 |
|---|
| Call Stack |
|---|
| # | Time | Memory | Function | Location |
|---|
| 1 | 0.0007 | 98280 | {main}( ) | ../forensics.php:0 |
Computer or digital forensics is a young, emerging discipline in the
computing community. Resources and links for digital forensics should
be available soon at the
Digital Forensics Group
website . On this page I will present my own efforts in the field.
File system documentation
An important area of computer forensics is the discipline
of disk analysis: deleted files may be reconstructed,
hidden files discovered, or generally specific files
be located among an overwhelming amount of data to be
analyzed.
A crucial part of disk analysis is the understanding of
file systems. A file system describes the data structures
that are used to store information on a storage medium.
Due to different operating systems and different features
of a file system, a great number of file systems are
present in today's computing systems. Furthermore, new
versions or entirely new file systems emerge in the
operating system world on a regular basis.
Most of the existing file systems are extremely poorly
documented. For important file systems such as Windows XP's
NTFS, the new Linux journaling file systems (ext3, reiserfs,
xfs) no comprehensive documentation of the on-disk
structures exist. Even for the better documented file systems
such as Linux's ext2 and Window's FAT, documentation
exists, but is not easy to locate, or in many cases incomplete.
Having a complete documentation of file system's structure
available is crucial to develop tools that operate on those
file systems. Not only is this important to locate files within
the file system, but also to identify locations within
the data structures where data may be hidden, and how
the process of file deletion (and, subsequently, reconstruction)
works.
The structure of the Reiser file system
| ( ! ) Warning: include(/d1/www/homes/florian/footer.php) [function.include]: failed to open stream: No such file or directory in /var/www/homes/florian/public_html/forensics.php on line 55 |
|---|
| Call Stack |
|---|
| # | Time | Memory | Function | Location |
|---|
| 1 | 0.0007 | 98280 | {main}( ) | ../forensics.php:0 |
| ( ! ) Warning: include() [function.include]: Failed opening '/d1/www/homes/florian/footer.php' for inclusion (include_path='.:/usr/share/php:/usr/share/pear') in /var/www/homes/florian/public_html/forensics.php on line 55 |
|---|
| Call Stack |
|---|
| # | Time | Memory | Function | Location |
|---|
| 1 | 0.0007 | 98280 | {main}( ) | ../forensics.php:0 |