The following scenario demonstrates a potentially confusing situation you might face as an investigator. Knowing extensively the NFTS internals will help you to reach at valid conclusions.
Assume that you have located a deleted...
The following scenario demonstrates a potentially confusing situation you might face as an investigator. Knowing extensively the NFTS internals will help you to reach at valid conclusions.
Assume that you have located a deleted...
Assume you use a forensic software that has recovered file system metadata of a deleted jpeg file from a FAT32 formatted volume with a cluster size of 2.048 bytes. The forensic software displays that the recovered file has starting cluster...
Below you will find questions that test your knowledge on this subject. I wrote them while I read material mainly from books in file systems and Windows Forensics.
The questions are not meant to be exhaustive and they might even...
Since March 2012, I work as a digital forensics examiner, I examine cases such as copyright infringements, data breaches, hacking (defacing, malware to steal bitcoins, cryptomalware, malware to steal sensitive data e.g. bank passwords), tax...
© 2012 - 2024 Armen Arsakian updated atFriday 29 March 2024Contact: contact at arsakian.com