Volume Analysis

Table of contents:

Introduction

Digital storage media is organized to allow efficient retrieval of data. The most common experience with a volume system occurs when installing Microsoft Windows and creating partitions on the hard disk. The installation process guides the user through the process of creating primary and logical partitions, and in the end the computer has a list of "drives" or "volumes" in which to store data. A similar process occurs when installing a UNIX operating system, and it is becoming more common in large storage environments to use volume management software to have multiple disks appear as if they comprise one large disk.

During a digital investigation, it is common to acquire an entire disk image and import the image into analysis tools. Many digital investigation tools automatically break the disk image into partitions, but sometimes they have problems. The concepts in this part of the book will help an investigator understand the details of what a tool is doing and why it is having problems if a disk has become corrupted. For example, when partitions on the disk have been deleted or modified by the suspect or the tool simply cannot locate a partition. The procedures in these chapters may also be useful when analyzing the sectors that are not allocated to a partition.

This chapter provides background theory, an overview of tools, and types of analysis techniques. The next two chapters will provide the details for several partition systems, including DOS partitions, Apple Partitions, BSD partitions, and SUN slices. The final chapter in this part of the book covers multiple disk volume systems, such as RAID and disk spanning.

Part I: Foundations

Digital Investigation Foundations

Computer Foundations

Hard Disk Data Acquisition

Part II: Volume Analysis

Volume Analysis

PC-based Partitions

Server-based Partitions

Multiple Disk Volumes

Part III: File System Analysis

File System Analysis

FAT Concepts and Analysis

FAT Data Structures

NTFS Concepts

NTFS Analysis

NTFS Data Structures

Ext2 and Ext3 Concepts and Analysis

Ext2 and Ext3 Data Structures

UFS1 and UFS2 Concepts and Analysis

UFS1 and UFS2 Data Structures

Summary

Bibliography

Bibliography



File System Forensic Analysis
File System Forensic Analysis
ISBN: 0321268172
EAN: 2147483647
Year: 2006
Pages: 184
Authors: Brian Carrier

Flylib.com © 2008-2020.
If you may any questions please contact us: flylib@qtcs.net