Chapter 8

File Analysis

Information in this Chapter

File Analysis Concepts

To perform a comprehensive examination, we must understand the nature of the files we identify and extract. By understanding these files, we can more successfully uncover and exploit any higher order forensic artifacts that may be present within the files. This builds upon and complements the system and application analysis performed in previous chapters.

The analysis of individual files will be of key importance in many different examinations. A malicious document may be the initial entry point in a system compromise investigation. The validity of a critical document may be in question. The examiner ...

Get Digital Forensics with Open Source Tools now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.