CourseSmart eTextbooks are a creative digital solution that offers the freedom and convenience of online, offline, and mobile access using a single platform. With a CourseSmart eTextbook, students can:

• search the text

• make notes online

• print out reading assignments that incorporate lecture notes

• bookmark important passages for later review

• save money. As an alternative to purchasing the print textbook, students can subscribe to the same content online for a significant discount off the suggested list price of the print text.

For more information, or to subscribe to the CourseSmart eTextbook, visit www.coursesmart.com (for customers in U.S. and Canada) or www.coursesmart.co.uk (for customers in Europe, Middle East, and Africa).

This product is an alternate version of:
Carrier,  File System Forensic Analysis

• CourseSmart eTextbooks offer study advantages no print textbook can match. Students can search the entire text for key concepts; they can navigate easily to a page number, reading assignment, or chapter; they can bookmark important pages, sections, or chapters for quick review at a later date. With a CourseSmart eTextbook, students enjoy these key features:

   

  • NEW offline access functionality¿Now, instructors and students using CourseSmart have the freedom and convenience of online, offline and mobile access using a single platform.

  • Digital Textbook Delivery that saves students a significant amount off the print edition suggested list price.

  • Internet-based Service that makes textbook content available anytime, anywhere there is a Web connection.

  • Easy Navigation that makes finding pages easy and efficient. Search, Bookmark, and Note-Taking Tools save study time and reduce frustration by making critical information immediately accessible. Organizing study notes has never been easier!

  • Ability to print pages as needed, lightening up the backpack while making critical content available for offline study and review.

   

• Now, students have a new choice in how they purchase and access required or recommended course textbooks. CourseSmart eTextbooks¿Where the Web meets textbooks for student savings!

Foreword.

Preface.

Acknowledgments.

I. FOUNDATIONS.

1. Digital Investigation Foundations.

    Digital Investigations and Evidence.

    Digital Crime Scene Investigation Process.

    Data Analysis.

    Overview of Toolkits.

    Summary.

    Bibliography.

2. Computer Foundations.

    Data Organization.

    Booting Process.

    Hard Disk Technology.

    Summary.

    Bibiography.

3. Hard Disk Data Acquisition.

    Introduction.

    Reading the Source Data.

    Writing the Output Data.

    A Case Study Using dd.

    Summary.

    Bibliography.

II. VOLUME ANALYSIS.

4. Volume Analysis.

    Introduction.

    Background.

    Analysis Basics.

    Summary.

5. PC-based Partitions.

    DOS Partitions.

    Analysis Considerations.

    Apple Partitions.

    Removable Media.

    Bibliography  109

6. Server-based Partitions.

    BSD Partitions.

    Sun Solaris Slices.

    GPT Partitions.

    Summary 145

    Bibliography  145

7. Multiple Disk Volumes.

    RAID.

    Disk Spanning.

    Bibliography.

III. FILE SYSTEM ANALYSIS.

8. File System Analysis.

    What Is a File System?.

    File System Category.

    Content Category.

    Metadata Category.

    File Name Category.

    Application Category.

    Application-level Search Techniques.

    Specific File Systems.

    Summary.

    Bibliography.

9. FAT Concepts and Analysis.

    Introduction.

    File System Category.

    Content Category.

    Metadata Category.

    File Name Category.

    The Big Picture.

    Other Topics.

    Summary.

    Bibliography.

10. FAT Data Structures.

    Boot Sector.

    FAT32 FSINFO.

    FAT.

    Directory Entries.

    Long File Name Directory Entries.

    Summary.

    Bibliography.

11. NTFS Concepts.

    Introduction.

    Everything is a File.

    MFT Concepts.

    MFT Entry Attribute Concepts.

    Other Attribute Concepts.

    Indexes.

    Analysis Tools.

    Summary.

    Bibliography.

12. NTFS Analysis.

    File System Category.

    Content Category.

    Metadata Category.

    File Name Category.

    Application Category.

    The Big Picture.

    Other Topics.

    Summary.

    Bibliography.

13. NTFS Data Structures.

    Basic Concepts.

    Standard File Attributes.

    Index Attributes and Data Structures.

    File System Metadata Files.

    Summary.

    Bibliography.

14. Ext2 and Ext3 Concepts and Analysis.

    Introduction.

    File System Category.

    Content Category.

    Metadata Category.

    File Name Category.

    Application Category.

    The Big Picture.

    Other Topics.

    Summary.

    Bibliography.

15. Ext2 and Ext3 Data Structures.

    Superblock.

    Group Descriptor Tables.

    Block Bitmap.

    Inodes.

    Extended Attributes.

    Directory Entry.

    Symbolic Link.

    Hash Trees.

    Journal Data Structures.

    Summary.

    Bibliography.

16. UFS1 and UFS2 Concepts and Analysis.

    Introduction.

    File System Category.

    Content Category.

    Metadata Category.

    File Name Category.

    The Big Picture.

    Other Topics.

    Summary.

    Bibliography.

17. UFS1 and UFS2 Data Structures.

    UFS1 Superblock.

    UFS2 Superblock.

    Cylinder Group Summary.

    UFS1 Group Descriptor.

    UFS2 Group Descriptor.

    Block and Fragment Bitmaps.

    UFS1 Inodes.

    UFS2 Inodes.

    UFS2 Extended Attributes.

    Directory Entries.

    Summary.

    Bibliography.

Appendix A. The Sleuth Kit and Autopsy.

    The Sleuth Kit.

    Autopsy.

    Bibliography.

Index.

Brian Carrier has authored several leading computer forensic tools, including The Sleuth Kit (formerly The @stake Sleuth Kit) and the Autopsy Forensic Browser. He has authored several peer-reviewed conference and journal papers and has created publicly available testing images for forensic tools. Currently pursuing a Ph.D. in Computer Science and Digital Forensics at Purdue University, he is also a research assistant at the Center for Education and Research in Information Assurance and Security (CERIAS) there. He formerly served as a research scientist at @stake and as the lead for the @stake Response Team and Digital Forensic Labs. Carrier has taught forensics, incident response, and file systems at SANS, FIRST, the @stake Academy, and SEARCH.

Brian Carrier's http://www.digital-evidence.org contains book updates and up-to-date URLs from the book's references.

© Copyright Pearson Education. All rights reserved.

Pearson Higher Education offers special pricing when you choose to package your text with other student resources. If you're interested in creating a cost-saving package for your students contact your Pearson Higher Education representative.