O'Reilly logo

Computer Forensics: A Pocket Guide by Dr. Nathan Clarke

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

CHAPTER 4: FORENSIC ANALYSIS OF DATA

The purpose of this chapter is to provide an insight into how to undertake an analysis of a forensic image. General topics will be discussed, such as dead analysis and file carving. However, the nature of an analysis is very much dependent upon the underlying file system being used by the operating system. Owing to its popularity, this chapter will specifically focus upon the Windows® file and operating system. How to identify forensic evidence from various aspects of the system, such as file slack, e-mail, Internet history and virtual memory, will all be discussed.

The process of forensically analysing images very much depends upon the suspected nature of the incident. For instance, malware incidents will ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required