|
UnixReview.com
October 2005
Book Review: File System Forensic Analysis
Reviewed by Kristy Westphal
File System Forensic Analysis
Brian Carrier
Addison-Wesley, 2005
ISBN: 0-321-26817-2
545 pages
Before I even had this book in my hands, I was truly excited about it. I have used Autopsy and The Sleuth Kit for some time now in my forensic work, and I am a big fan. These free tools are straightforward and critical to any forensic investigation. Brian Carrier, the author of File System Forensic Analysis, also created these tools, so when I saw that he wrote an entire book on file systems, I was pumped! Who better than Carrier to detail a topic that has been sparsely documented?
Carrier wrote an excellent book and does a great job of steering the reader
into a process to conduct investigations. Sometimes, this can be the hardest
part of analyzing a file system, so any hints on technique are a huge help.
The book starts off with the basics of investigations, tools that are available
(he doesn't just focus on his), the foundations of computers, and how to acquire
hard drives.
Then Carrier dives into volume analysis on PC and server-based partitions,
ranging from DOS to Apple to Sun Solaris. He also includes a discussion on how
to work with RAID and volumes that are spanned over several disks. This is outstanding
because often these two little (well-used) options are not considered in the
forensic process. I found these very helpful.
|
