Digital Archaeology: The Art and Science of Digital Forensics

9. Document Analysis

One of the great challenges for a digital investigator comes when the evidence is in plain sight but can’t be found—or isn’t recognized for what it is. Perhaps a file isn’t what it says it is. On the simplest level, a JPEG image file might be renamed with an AVI extension, making it appear to be a video file. More complex techniques employed by the bad guys include embedding files within files (alternate data streams) or even burying small files in the Windows Registry. This chapter covers some of these techniques and how to uncover the evidence.

File Identification

In theory, the easiest aspect of a file search is the process of identifying what kind of file it is. The Windows file systems (and less universally, other file ...

Get Digital Archaeology: The Art and Science of Digital Forensics now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Digital Archaeology: The Art and Science of Digital Forensics by Michael W. Graves

9. Document Analysis

File Identification

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly