Share <Embed>

£49.56

RRP: £67.99
You Save: £18.43 (27%)

FREE Delivery in the UK.

In stock.

Dispatched from and sold by Amazon. Gift-wrap available.

Turn on 1-Click ordering for this browser

Dispatch to:

France

Unable to add item to List. Please try again.

Have one to sell?

Sell on Amazon

Flip to back Flip to front

Listen Playing... Paused You're listening to a sample of the Audible audio edition.
Learn more

See all 3 images

File System Forensic Analysis Paperback – 17 Mar 2005

by Brian Carrier (Author)

11 customer reviews

See all 3 formats and editions Hide other formats and editions

Amazon Price

New from

Used from

Kindle Edition

"Please retry"

£22.74

—

Paperback

"Please retry"

£49.56

£36.65

£22.02

Want it delivered by Tuesday, 9 Jan.? Choose One-Day Delivery at checkout. Details

Note: This item is eligible for click and collect. Details

The Definitive Guide to File System Analysis: Key Concepts and Hands-on Techniques

Most digital evidence is stored within the computer's file system, but understanding how file systems work is one of the most technically challenging concepts for a digital investigator because there exists little documentation. Now, security expert Brian Carrier has written the definitive reference for everyone who wants to understand and be able to testify about how file system analysis is performed.

Carrier begins with an overview of investigation and computer foundations and then gives an authoritative, comprehensive, and illustrated overview of contemporary volume and file systems: Crucial information for discovering hidden evidence, recovering deleted data, and validating your tools. Along the way, he describes data structures, analyzes example disk images, provides advanced investigation scenarios, and uses today's most valuable open source file system analysis tools—including tools he personally developed. Coverage includes

Preserving the digital crime scene and duplicating hard disks for "dead analysis"
Identifying hidden data on a disk's Host Protected Area (HPA)
Reading source data: Direct versus BIOS access, dead versus live acquisition, error handling, and more
Analyzing DOS, Apple, and GPT partitions; BSD disk labels; and Sun Volume Table of Contents using key concepts, data structures, and specific techniques
Analyzing the contents of multiple disk volumes, such as RAID and disk spanning
Analyzing FAT, NTFS, Ext2, Ext3, UFS1, and UFS2 file systems using key concepts, data structures, and specific techniques
Finding evidence: File metadata, recovery of deleted files, data hiding locations, and more
Using The Sleuth Kit (TSK), Autopsy Forensic Browser, and related open source tools

When it comes to file system analysis, no other book offers this much detail or expertise. Whether you're a digital forensics specialist, incident response team member, law enforcement officer, corporate security specialist, or auditor, this book will become an indispensable resource for forensic investigations, no matter what analysis tools you use.

Great Discounts

Shop the Books Outlet. Discover some great deals on top titles. Shop now

File System Forensic Analysis

£49.56 FREE Delivery in the UK. In stock. Dispatched from and sold by Amazon. Gift-wrap available.

Special offers and product promotions

Frequently bought together

Customers who bought this item also bought

Page 1 of 1 Start overPage 1 of 1

This shopping feature will continue to load items. In order to navigate out of this carousel please use your heading shortcut key to navigate to the next or previous heading.

Michael Hale Ligh

6

Paperback
£34.12
Michael Sikorski

15

Paperback
£33.38
Alan J White

11

Paperback
£11.26
Harlan Carvey

7

Paperback
18 offers from £12.88
Keith J. Jones

10

Paperback
£67.98
Harlan Carvey

2

Paperback
£43.19

Start reading File System Forensic Analysis on your Kindle in under a minute.

Don't have a Kindle? Get your Kindle here, or download a FREE Kindle Reading App.

Product details

Paperback: 600 pages
Publisher: Addison Wesley; 01 edition (17 Mar. 2005)
Language: English
ISBN-10: 0321268172
ISBN-13: 978-0321268174
Product Dimensions: 17.8 x 3.6 x 23.1 cm
Average Customer Review: 11 customer reviews
Amazon Bestsellers Rank: 307,433 in Books (See Top 100 in Books)
- #512 in Books > Computers & Internet > Computer Science > Networking & Security > Security
- #835 in Books > Computers & Internet > Digital Lifestyle > Online Shopping > Amazon
- #3021 in Books > Computers & Internet > Web Development > E-commerce > Web Administration

Would you like to tell us about a lower price?
If you are a seller for this product, would you like to suggest updates through seller support?

See Complete Table of Contents

Product description

From the Back Cover

The Definitive Guide to File System Analysis: Key Concepts and Hands-on Techniques

Carrier begins with an overview of investigation and computer foundations and then gives an authoritative, comprehensive, and illustrated overview of contemporary volume and file systems: Crucial information for discovering hidden evidence, recovering deleted data, and validating your tools. Along the way, he describes data structures, analyzes example disk images, provides advanced investigation scenarios, and uses today's most valuable open source file system analysis tools―including tools he personally developed. Coverage includes

Preserving the digital crime scene and duplicating hard disks for "dead analysis"
Identifying hidden data on a disk's Host Protected Area (HPA)
Reading source data: Direct versus BIOS access, dead versus live acquisition, error handling, and more
Analyzing DOS, Apple, and GPT partitions; BSD disk labels; and Sun Volume Table of Contents using key concepts, data structures, and specific techniques
Analyzing the contents of multiple disk volumes, such as RAID and disk spanning
Analyzing FAT, NTFS, Ext2, Ext3, UFS1, and UFS2 file systems using key concepts, data structures, and specific techniques
Finding evidence: File metadata, recovery of deleted files, data hiding locations, and more
Using The Sleuth Kit (TSK), Autopsy Forensic Browser, and related open source tools

Brian Carrier has authored several leading computer forensic tools, including The Sleuth Kit (formerly The @stake Sleuth Kit) and the Autopsy Forensic Browser. He has authored several peer-reviewed conference and journal papers and has created publicly available testing images for forensic tools. Currently pursuing a Ph.D. in Computer Science and Digital Forensics at Purdue University, he is also a research assistant at the Center for Education and Research in Information Assurance and Security (CERIAS) there. He formerly served as a research scientist at @stake and as the lead for the @stake Response Team and Digital Forensic Labs. Carrier has taught forensics, incident response, and file systems at SANS, FIRST, the @stake Academy, and SEARCH.

Brian Carrier's http://www.digital-evidence.org contains book updates and up-to-date URLs from the book's references.

About the Author

Brian Carrier's http://www.digital-evidence.org contains book updates and up-to-date URLs from the book's references.

Customer reviews

4.8 out of 5 stars

5 star

4 star

3 star (0%)

2 star (0%)

1 star (0%)

Write a customer review

See all 11 customer reviews

Top customer reviews

There was a problem filtering reviews right now. Please try again later.

Amazon Customer

Five Stars

13 July 2017

Format: PaperbackVerified Purchase

Amazing product!

0CommentWas this review helpful to you?

Yes

Anonymous

WARNING! This book is useful

12 January 2016

Format: Kindle EditionVerified Purchase

Those who have purchased many books on computer forensics and file systems may have spent their money unwisely, as this is amongst the few books required to give you a headstart in understanding file systems. This book appears to be aimed at those who wish to learn and experiment by themselves, as well as those studying and using the book for reference to build upon what they learn at university.

Having used this book for study, I have to warn you that this book is useful, as many other books I read on the topic are filled with meaningless waflle to create long pages and chapters, possibly for the purpose of sales. If you have skimmed through those books to find the odd few lines with something useful; this whole book is filled with useful information.

There are limitations to the book, due to the newer technologies. Newer file systems exist today, which didn't exist at the time this book was written, such as EXT4 and BTRFS. The book shows how files and data are stored using file systems, giving explanations to what is stored where. This information is accurate for file systems mentioned in the book, but cannot guarantee all file systems do or will follow the same or similar procedures.

Despite the unavoidable improvements in technology, this book deserves 5 stars.

0Comment 2 people found this helpful. Was this review helpful to you?

Yes

deadlyh

This is my bible

13 April 2014

Format: PaperbackVerified Purchase

OK, so it's now a little outdated as it was originally written in the earlier days of NTFS so some things have changed slightly with Windows 7, 8 and now 8.1 but as a guide to the fundamentals of the FAT and NTFS filesystems, I refer to this every time. This book has saved my bacon on numerous occasions when I just couldn't find what I was looking for online and I would strongly urge anyone working the digital forensic field to get a copy of this book, you won't regret it!

0Comment One person found this helpful. Was this review helpful to you?

Yes

Yay!!

Superb Forensics and Files Structures book

10 March 2010

Format: PaperbackVerified Purchase

Easy to read textbook for BSc Forensics and IT Security (though not specific to the course, it's a classic text).

Advanced but easy to understand, with descriptions which are quite riveting. For instance the Intel pentium v Unix and Mac systems... the way they order bytes (the big ending order against little ending ordering is reversed. Did you know that? It's written for Forensics students, yet if you're studying general computing this level of expertise will set you apart from everyone else.

* Volume analysis (Pc, Server, Raid)
* File system analysis
* Fat concepts & data structures
* NTFS concepts
* Ext2 and ext3 concepts
* UFS1 and UFS2 data structures

Incredible depth and breadth, and very accessible in attitude.
A classsic text, that *must* be on the bookshelf of anyone studing Forensics, IT security, Encryption.
Wish I'd read it years ago.

0Comment 4 people found this helpful. Was this review helpful to you?

Yes

Karen

Very, Very Useful !!

29 December 2012

Format: PaperbackVerified Purchase

My son is at University studying Forensic Computers and book was recommended by his tutor.
Obviously I do not have a clue if the book is any good or not but on asking my son his opinion was that it's priceless! Apparently there are very few books written bout the subject let alone one that is so useful. The book is not cheep to buy (but books aren't now) but if it's just what is needed and allows your study to progress more smoothly it becomes an essential and the price has to be paid, even if its parents that fork out or even family members club together.
Study is hard enough without the correct equipment.
Delivery was very prompt, was well packaged.
I would recommend the book and company to anyone.

0CommentWas this review helpful to you?

Yes

gr-exam

file system help

1 October 2011

Format: Paperback

It s a very helpfull tool about everyone who wants to be a great examiner......very good analysis about all the fields and many examples

0Comment One person found this helpful. Was this review helpful to you?

Yes

ps99

Excellent book

24 July 2015

Format: PaperbackVerified Purchase

In my opinion this is an excellent addition to anyone's library who is interested in forensic computing. Gives an indepth description of file system analysis. I think this book is a invaluable if you have an interest in the topic though its not for the casual reader interested in an overview of the subject

0CommentWas this review helpful to you?

Yes

Daniel Beltran

Short time to receive the book, excellent conditions.

24 March 2013

Format: PaperbackVerified Purchase

Delivery before the expected time. Excellent conditions. This mechanism for submitting feedback is quite boring. I just wanted to say that I received what I expected and more. Thanks.

0CommentWas this review helpful to you?

Yes

Would you like to see more reviews about this item?

Go to Amazon.com to see all 62 reviews

Most recent customer reviews

Magnus1990P

Standard School book for Forensics

Good book, used for class.

Published 1 year ago

Waylander101

I found this text book to be a good general grounding for a forensic sciences degree

I found this text book to be a good general grounding for a forensic sciences degree especially those specialising on forensic computing

Published on 1 May 2013

Mr. Alistair R. Kerr

File System Forensic Analysis

I BOUGHT THIS BOOK FOR MY SON , WHO IS IN UNIVERSITY .
ALLTHOUGH I DONT REALLY UNDERSTAND IT,IT HAS PROVED TO BE A VALUABLE BOOK TO HIM .

Published on 9 May 2009

Pages with related products. See and discover other items: security analysis, forensic science

Where's My Stuff?

track your recent orders
view or change your orders in Your Account

Delivery and Returns

see our delivery rates and policies
thinking of returning an item? (See our Returns Policy)

Need Help?

Forgot your password?
Buy Gift Cards.
still have questions? Visit our Help Pages

Amazon Music Stream millions of songs	AbeBooks Books, art & collectables	ACX Audiobook Publishing Made Easy	Amazon Tickets Music, Theatre & Comedy

Amazon Web Services Scalable Cloud Computing Services	Audible Download Audio Books	Book Depository Books With Free Delivery Worldwide	DPReview Digital Photography

Goodreads Book reviews & recommendations	IMDb Movies, TV & Celebrities	Junglee.com Shop Online in India	Kindle Direct Publishing Indie Digital Publishing Made Easy

Prime Now 2-Hour Delivery on Everyday Essentials	Shopbop Designer Fashion Brands	Yoyo.com A Happy Place To Shop For Toys	Souq.com Shop Online in the Middle East

Warehouse Deals Deep Discounts Open-Box Products	Amazon Business Service for business customers	Whole Foods Market We Believe in Real Food

Turn on 1-Click ordering for this browser

Or

Or

File System Forensic Analysis Paperback – 17 Mar 2005

Special offers and product promotions

Frequently bought together

Customers who bought this item also bought

Product details

Product description

From the Back Cover

About the Author

What other items do customers buy after viewing this item?

Customer reviews

Top customer reviews

There was a problem filtering reviews right now. Please try again later.

Would you like to see more reviews about this item?

Most recent customer reviews

Where's My Stuff?

Delivery and Returns

Need Help?