University Digital Forensics Module: Personal Reflection on Analysis

Verified

Added on 2022/09/09

AI Summary

This assignment is a reflective essay on digital forensics, specifically focusing on file system analysis. The student discusses their learning experience, highlighting the steps involved in file system analysis, including acquisition, validation, and extraction. They explain various file systems (FAT, NTFS, etc.) and file types, emphasizing how investigators retrieve data. The essay details the importance of validating data integrity using hashing algorithms and the extraction of deleted data. The student also explores the use of tools like Autopsy and the techniques used by criminals to hide data. The student concludes that file system analysis is crucial in digital forensics for successful investigations, demonstrating their understanding of the practical aspects of digital forensics and the importance of proper analysis with available tools.

Running head: DIGITAL FORENSICS
DIGITAL FORENSICS
Name of the Student
Name of the University
Author Note

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1DIGITAL FORENSICS
Discussions
A file system analysis is done after the data collection and the data acquisition is
done. It is executed after the data has been stored in specific files after they have been
retrieved from the various digital devices. I have learnt that a system of files in a computer is
a manner by which the files are named and then are placed logically in order to store and
retrieve. It can be considered to be as a database and can be called as an index on the storage
devices such as hard disk, CD, DVD and many more (Hilgert, Lambertz and Plohmann
2017). I have learnt that there are various types of file systems those are stored. It includes
FAT file systems, FAT 32 file systems, and NTFS file systems and Ext file systems. I have
known that there are various types of files. These include document files, images, executable
files; excel files, PowerPoint files, web page files and many more. These files are generally
stored in the file systems and from these files; the investigators retrieve the data in order to
investigate the crime. I have learnt that there are various steps in the file system analysis.
These steps include acquisition, validation and discrimination and lastly extraction. I have
studied that acquisition means the investigators retrieve the data from the various digital
devices those are recovered from the crime scene. These are done in four ways as studied by
me. These include disk-to-image, disk-to-disk, logical and sparse (Wani and Bhat 2018).
Next, i have learnt about the validation and discrimination step. The investigators must
validate the image before they analyse it as it make sure the data integrity. I have known that
the investigators use hashing algorithms in order to decide if a forensic image is a precise
image of the original disk or volume. This validates the honesty of the evidence and it can
provided in front of the court of law. The last step is the extraction. I have learned that are
various types of data those are stored like unstructured and deleted data. It is the most
important procedure of file system analysis and I have always known that when a data is
deleted forever but after studying digital forensics i have learnt that after deletion some of the

2DIGITAL FORENSICS
bits of the data remain in the clusters of the hard disk (Vandermeer et al 2018). It is the job of
the investigators to extract these data from the hard disk for a successful investigation. I have
also learnt that the criminal utilise various techniques such as encryption and steganography
in order to hide data but the investigators need to find these in order to retrieve the evidence.
There are various digital forensic tools but among them, the most important tool that I have
seen and used is Autopsy. Autopsy evaluates major systems of files such as NTFS, FAT,
FAT 32 and many more by hashing all the files, extracting the archive files and putting
various keywords in an index (Albanna and Riadi 2017). Some of the types of files are parsed
and then catalogues. From, here I have concluded that files system is very important in digital
forensics and the investigators must analyse them properly with various tools available in
order to retrieve the information for successful investigation.

3DIGITAL FORENSICS
References
Albanna, F. and Riadi, I., 2017. Forensic Analysis of Frozen Hard Drive Using Static
Forensics Method. International Journal of Computer Science and Information Security
(IJCSIS), 15(1).
Hilgert, J.N., Lambertz, M. and Plohmann, D., 2017. Extending The Sleuth Kit and its
underlying model for pooled storage file system forensic analysis. Digital Investigation, 22,
pp.S76-S85.
Vandermeer, Y., Le-Khac, N.A., Carthy, J. and Kechadi, T., 2018. Forensic analysis of the
exfat artefacts. arXiv preprint arXiv:1804.08653.
Wani, M.A. and Bhat, W.A., 2018. Dataset for forensic analysis of B-tree file system. Data in
brief, 18, pp.2013-2018.