File System Analysis : MFT
Added on 2022-09-09
4 Pages681 Words27 Views
|
|
|
Running head: FILE SYSTEM ANALYSIS
FILE SYSTEM ANALYSIS
Name of the Student
Name of the University
Author note
FILE SYSTEM ANALYSIS
Name of the Student
Name of the University
Author note
2
FILE SYSTEM ANALYSIS
Description
It have been seen that there have been proper analysis of the MFT and is performed in an
usual procedure for investigation. The difficulty in the disassembling part is also considered in
the section. These are the issues that are considered in this case.
Reflection
As per the reading I have understood that MFT have been acting useful in performing the
investigation. I have also analyzed that the disassembling in a manual manner have been
difficult as well. Proper usage of the tools have been an important factor that is to be considered.
As per the material and the module a proper understanding of the working of MFT can be
performed.
The working pattern have been subdivided in 2 major sections. The sections are namely
Encase and Alternative.
In case of Encase, it have been seen that the operational process, creation of the case and
importing the evidence file have been performed. The importing process have been performed
with the help of LB154. The evidence file is shown in the Volume C;\. Hence wise the preview
of the NTFS MFT entries are shown. Again in the alternative process, I have learned that the
entre process is performed in 2 major steps. The steps are namely using the hex editor and hence
wise previewing of the MFT is also performed, the samples are recorded in S:\\Common Area\
BSc\Forensics All Years. After this process, Kali Linux VM is used. Windows Forensic VM
have been used as well. After this copying of the MFT_Parser tool will be performed.
FILE SYSTEM ANALYSIS
Description
It have been seen that there have been proper analysis of the MFT and is performed in an
usual procedure for investigation. The difficulty in the disassembling part is also considered in
the section. These are the issues that are considered in this case.
Reflection
As per the reading I have understood that MFT have been acting useful in performing the
investigation. I have also analyzed that the disassembling in a manual manner have been
difficult as well. Proper usage of the tools have been an important factor that is to be considered.
As per the material and the module a proper understanding of the working of MFT can be
performed.
The working pattern have been subdivided in 2 major sections. The sections are namely
Encase and Alternative.
In case of Encase, it have been seen that the operational process, creation of the case and
importing the evidence file have been performed. The importing process have been performed
with the help of LB154. The evidence file is shown in the Volume C;\. Hence wise the preview
of the NTFS MFT entries are shown. Again in the alternative process, I have learned that the
entre process is performed in 2 major steps. The steps are namely using the hex editor and hence
wise previewing of the MFT is also performed, the samples are recorded in S:\\Common Area\
BSc\Forensics All Years. After this process, Kali Linux VM is used. Windows Forensic VM
have been used as well. After this copying of the MFT_Parser tool will be performed.
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents