Difference between pages "Bibliography" and "File Systems"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
m
 
m
 
Line 1: Line 1:
=Disk Disposal and Data Recovery=
+
= Conventional File Systems =
* [http://www.deepspar.com/pdf/DeepSparDiskImagingWhitepaper3.pdf Disk Imaging: A Vital Step in Data Recovery], DeepSpar Data Recovery Systems, November 2006. An in depth look at the many issues that cause data loss / irretrievable data in the data recovery imaging process and how to overcome them.
+
* [http://www.actionfront.com/ts_whitepaper.asp Drive-Independent Data Recovery: The Current State-of-the-Art], ActionFront Data Recovery Labs, August 2005.
+
* [[Recovering Overwritten Data#The Gutmann Paper|Secure Deletion of Data from Magnetic and Solid-State Memory]], Peter Gutmann, Proceedings of the Sixth Usenix Security Symposium, 1996. [http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html]
+
* [http://www-03.ibm.com/financing/pdf/us/recovery/igf4-a032.pdf Hard Drive Disposal: The Overlooked Confidentiality Exposure], FInancial Perspectives, IBM White Paper, November 2003.
+
  
=Evidence Gathering=
+
; ffs
 +
: The Fast File System, a variant of ufs that is faster and supports symbolic links.
  
* [http://utdallas.edu/~sxs018540/index/docs/byteprints_itcc05.pdf Byteprints: A Tool to Gather Digital Evidence], Sriranjani Sitaraman, Srinivasan Krishnamurthy and S. Venkatesan, Proceedings of the International Conference on Information Technology (ITCC 2005), Las Vegas, Nevada, USA, April 4 - 6, 2005
+
; ext2fs, ext3
 +
: ext2fs was introduced with Linux. ext3 is a journaled version of ext2 which allows for speedy disk recovery after a crash.
  
=Fake Information=
+
; FAT
 +
: Originally used by MSDOS. Includes FAT12 (for floppy disks), FAT16 and FAT32
  
* [https://analysis.mitre.org/proceedings/Final_Papers_Files/84_Camera_Ready_Paper.pdf Automatic Detection of Fake File Systems], Neil C. Rowe, International Conference on Intelligence Analysis Methods and Tools, McLean, Virginia, May 2005.
+
; NTFS
 +
: The New Technology File System, introduced by Microsoft with Windows NT 4.0. Now used on XP.
  
=Feature Extraction and Data Fusion=
+
; ufs
Computer Location Determination Through Geoparsing and Geocoding of
+
: The Unix File System, introduced with Unix.
Extracted Features
+
http://www2.chadsteel.com:8080/Publications/drive_location2.doc
+
  
 +
;
  
=File Carving=
 
  
* [http://citeseer.ist.psu.edu/shanmugasundaram03automatic.html  Automatic Reassembly of Document Fragments via Context Based Statistical Models], Kulesh Shanmugasundaram and Nasir Memon.  
+
= Cryptographic File Systems =
 +
Cryptographic file systems encrypt information before it is stored on the media. Some of these file systems store encrypted files directly. Others are better thought of as device drivers, which are then used to store some of the file systems discussed above.
  
 +
; Apple's File Vault
 +
: A clever user interface to Apple's encrypted disk images. Uses the ".sparseimage" extension on disk files.
  
=Signed Evidence=
+
; CFS
<bibtex>
+
: "A Cyptograhpic File System for UnixMatt Blaze
@article{duerr-2004,
+
  title="Information Assurance Applied to Authentication of Digital Evidence",
+
  author="Thomas E. Duerr and Nicholas D. Beser and Gregory P. Staisiunas",
+
  year=2004,
+
  journal="Forensic Science Communications",
+
  volume=6,
+
  number=4,
+
  url="http://www.fbi.gov/hq/lab/fsc/backissu/oct2004/research/2004_10_research01.htm"
+
}
+
  </bibtex>
+
  
 
+
; http://www.tcfs.it/
<bibtex>
+
@article{OppligerR03,
+
  author    = {Rolf Oppliger and Ruedi Rytz},
+
  title    = {Digital Evidence: Dream and Reality},
+
  journal  = {IEEE Security {\&} Privacy},
+
  volume    = {1},
+
  number    = {5},
+
  year      = {2003},
+
  pages    = {44-48},
+
  url      = {http://doi.ieeecomputersociety.org/10.1109/MSECP.2003.1236234},
+
  abstract="Digital evidence is inherently weak. New evidence-gathering technologies-digital black boxes-must be developed and deployed to support investigations of irreproducible events such as digitally signing a document."
+
}
+
</bibtex>
+
=Other Papers=
+
 
+
* [http://papers.ssrn.com/sol3/papers.cfm?abstract_id=531782 A Model for When Disclosure Helps Security: What is Different About Computer and Network Security?], Peter P. Swire, Moritz College of Law of the Ohio State University, Journal on Telecommunications and High Technology Law, Vol. 2, 2004.
+

Revision as of 08:04, 7 November 2005

Conventional File Systems

ffs
The Fast File System, a variant of ufs that is faster and supports symbolic links.
ext2fs, ext3
ext2fs was introduced with Linux. ext3 is a journaled version of ext2 which allows for speedy disk recovery after a crash.
FAT
Originally used by MSDOS. Includes FAT12 (for floppy disks), FAT16 and FAT32
NTFS
The New Technology File System, introduced by Microsoft with Windows NT 4.0. Now used on XP.
ufs
The Unix File System, introduced with Unix.


Cryptographic File Systems

Cryptographic file systems encrypt information before it is stored on the media. Some of these file systems store encrypted files directly. Others are better thought of as device drivers, which are then used to store some of the file systems discussed above.

Apple's File Vault
A clever user interface to Apple's encrypted disk images. Uses the ".sparseimage" extension on disk files.
CFS
"A Cyptograhpic File System for Unix" Matt Blaze
http://www.tcfs.it/