Mon premier blog

File System Forensic Analysis Brian Carrier
Publisher: Addison-Wesley Professional

I have a huge interest in file system forensics, so I have been following his Tri-Force blog posts and was anxious to hear his scheduled talk on the NTFS Logfile Forensics/Tri-Force during CEIC. Most digital evidence is stored within the computer's file system, but understanding how file systems work is one of the most technically challenging concepts for a digital investigator because there exists little documentation. Once in a while, a colleague, neighbor or friend will call me in a panic over files they have accidentally deleted from the SSD card in their daughter's camera or worse. It is not the intent of this blog post to be an all-encompassing guide to the forensic analysis of an iPhone. File System Forensics by Brian Carrier. As forensic analysts, we are providing someone with our account of a real person's actions and events. Most digital forensics evidence is stored within the computer's file system, but working with file systems is the most technically challenging aspect of forensic analysis. I'm excited to announce that my proposed tutorial on file system analysis was accepted for the 22nd Annual FIRST Conference. We are telling people through our discoveries what someone did or didn't do on a particular system. Our goal is to get the community access to our research as quickly as possible! Rather it is a look at some of the tools I use in my practice and how they can be applied to iPhone forensic analysis.