File System Forensic Analysis
N**L
This is what I keep at my right hand during any forensic analysis.
This book is the beginning and ending point for anyone who needs to know how to forensically examine a computers hard drive. Understanding the file system layouts and forensic procedures described in this book is necessary to truly testify as an expert, otherwise you are just trusting that what ever tool you use is going to work. Carrier does a very good job of laying out all of the steps necessary to create a forensically sound disk image as well as going into all of the details of how the most commonly used file systems are structured and how to examine them at the lowest levels using a simple hex editor. While this book alone will not make you a forensic expert, it provides all of the information necessary to perform a forensic examination of the most common file systems and the procedure it lays out on how to perform the examination can be used on any file system.
A**N
Essential
I've not completed reading this book yet but let me tell you this is absolutely the book that needed to be written on this subject. I've taken lots of courses in forensics and this re-established the knowledge from those courses. I can confirm the validity of the information provided from the courses I've taken and it's served as a good mix of new material and refresher material. Granted, I have a few hundred pages to go but the way this is going I can't recommend it enough. This is basically The Bible of file systems. It's a book you should read once simply to have the exposure to the knowledge he provides. No regrets with this purchase. Wholeheartedly recommending this to anyone who wants to go above and beyond in this field.
D**K
Superb!!
I can't say enough good things about this book and author. The material is beautifully laid out and the writing style is fluid and effortless. The author has a real talent for using metaphors and figures to illustrate elusive concepts.All but the very rarest file systems are covered, and numerous 'screenshots' show how to use the Linux command prompt and get your hands dirty exploring disks on your own.While this book is a gold standard for digital forensic examiners, it would also be valuable to the computer enthusiast who's interested in things such as what happens to their hard drive when they format it, exactly what happens during the boot process, etc.I've had 3 courses in digital forensics, and this book gives an in-depth discussion of disk level concepts (HPA, FAT, MFT, etc) that were merely glossed over in my formal studies.
R**A
needs a new edition
Overall, the big picture is here: file systems, bus interfaces, device info (mostly hdds), file system structures, etc., but the file systems herein are dated, MBR is mostly dated, and SSDs are ubiquitous. The book lists a bunch of auxiliary tools in the way, but most are not practically used here. I'd like to see a new edition that narrows its scope, removes data content, focuses on modern file systems, fs encryption and compression, file formats, and focuses more on TSK usage.
L**S
Fantastic
I've been in IT for over 25 years, and in that time I've read a lot of technical books. "File System Forensic Analysis" is not only the best book I have read on computer forensics, it's probably the best technical work in ANY field I've ever read. It's thoroughly researched, clearly written, and contains virtually no fluff. The numerous rave reviews it has received are well-deserved.My only quibble is the short, but seemingly gratuitous section on hexadecimal and decimal arithmetic. If you're ready for this book, you'll already know this stuff. But, that's only a few pages in a book that's otherwise packed with real substance.
R**N
Very, very informative and readable
This is a really, really great book. There are many reasons -- outside of doing security/forensic work -- that a person might want to know the contents of this book, and it would be hard to be as in-depth, thorough, and well laid-out as this book is. It is (at this point) 10 years old, but it is still very relevant. After learning the concepts and techniques from this book -- which is also very reference like -- a person can easily research any other FS for analysis.
S**R
Slightly more academic than I'd expected, but what a great book.
Truly a landmark reference book. Doesn't claim to, nor desire to teach you forensics, but if this is an area that interests you, it's only a matter of time before you need this book.It's too easy to use current point-and-click forensic tools without understanding what's going on under the hood. This book shows in excruciating detail all the file systems, and how to analyze them with TSK. There's no substitute for down and dirty examinations with a powerful tool like this - and everything you learn can carry over to the "point-and-click" tools so commonly used.Just a superb learning tool. Priceless.
J**S
Excellent Reference!
File System Forensic Analysis, by Brian Carter, is a great introductory text for both computer forensics and data recovery. This book focuses largely on software techniques, and is not just limited to the legal issues surrounding forensics (as some other books I have read.) I found it well-structured and very readable, with recovery and analysis techniques and tools for more than just the ever common Windows platforms. For me personally, the Sleuth Kit, as well as a few other open-source tools offered by Mr. Carter, have already proven indispensible on at least one occasion. I would strongly recommend this to anyone with even a tangential interest in the subject!
S**O
Positivo
Fondamentale per la digitale forensic
F**Z
👍🏼
Einfach, verständlich und nachvollziehbar.
M**N
An absolute classic - a little out of date, but still essential
I picked this up as a recommended text for a forensics module in my Cybersecurity Masters degree. I was a little sceptical that a 15 year old book would be of any use, but I am happy to say I was completely wrong. Carrier dives incredibly deeply into FAT, NTFS, and Ext2/3 file systems, and his knowledge is exemplary. Whilst more modern file systems such as EXT4, ZFS, and exFAT, and later additions to NTFS are not covered, the grounding you get from diving into these older file systems is so useful that it makes studying later iterations much easier. I honestly would not start anywhere else if you are looking to get a handle on file system forensics.Hopefully someone will put together an update to this text at some point to cover the advances that have been made in the last 15 years. Were that to happen, it would be a six star book. For the moment it'll just have to settle for five!
M**U
Five Stars
Cool beans
S**N
Un guide et une reference a la fois
J'ai utilise ce livre pour comprendre des systemes de fichiers corrompu. La lisibilite permet de suivre a l'editeur hexa la logique decrite dans les pages. La richesse de la reference permet souvent de se passer de la spec d'origine
Trustpilot
3 weeks ago
1 month ago
