Digital Forensics Module: Reflection on File System Analysis

Verified

Added on 2022/09/09

AI Summary

This assignment is a student's reflection on digital forensics, focusing on file system analysis. It defines file systems, explaining their role in naming, storing, and retrieving data on storage devices. The reflection highlights the steps involved in file system analysis, including acquisition (finding files), validation and discrimination (ensuring data integrity), extraction (retrieving unstructured data), reconstruction (presenting data for court), and reporting (documenting findings). The student emphasizes the time-consuming nature of the process, the need for expertise in each step, and the importance of each stage in a forensic investigation. References to relevant research papers are included.

Running head: - DIGITAL FORENSICS
DIGITAL FORENSICS
Name of the Student
Name of the University
Author Note

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1DIGITAL FORENSICS
Table of Contents
1. Reflection on file system analysis:.........................................................................................2
2. References:.............................................................................................................................4

2DIGITAL FORENSICS
1. Reflection on file system analysis:
Through the module and the relative information that I have gathered, I consider a file
system present within a computer to be the manner of naming files as well as logically
placing them within the storage as well as retrieving the same (Wahyudi, Riadi and Prayudi
2018). This can also be considered that a database or that of an index consists of the physical
location belonging to every individual piece of data placed upon respective storage devices
such as the likes of hard disk, DVD, or that of a flash drive.
File systems have the primary inclusion of storage media known as sectors that can be
properly utilized for the purpose of storing data. For carrying out this particular activity, the
file system typically make proper usage of metadata. This also contains the date at which that
particular file had been formed, modification date as well as the total size of the file. This can
greatly hep towards restricting users from accessing the same with the implementation of
encryption passwords.
I have witnesses that the procedure of carrying out file system analysis refers to a
difficult and a time consuming task with the primary requirement of expertise in every
individual step throughout the procedure (Conlan, Baggili and Breitinger 2016). The steps
that I have noticed that form a primary occurrence within the file system analysis are,
i) Acquisition- refers to the finding out of all the files that are present within an
individual computer. The files that should be found out should be of different
types be it encrypted, hidden, password-protected or might as well be deleted. All
of these files are acquired for the necessary investigation of an individual case.
ii) Validation as well as discrimination- before the analysis of an image is done, there
is a specific need for ensuring the particular integrity of the collected data
(Mohammad and Alqahtani 2019). In this step, I have learnt the usage of hashing

3DIGITAL FORENSICS
algorithms that provision the foreign investigators with the helping hand to
identify the integrity of a particular forensic image that has been found out.
iii) Extraction- this is the procedure or the step within the method of file system
analysis which, primarily involves the retrieval of unstructured or might as well as
be deleted data as well as the need for processing the same during the foreign
investigation. Multiple users carry the misconception that deleting some files from
the computer permanently deletes it (Soltani and Seno 2017). However, this is not
true since deleting the same only deletes them from the storage device, while the
files are still present on the FAT or the NTFS file system in form of clustered or
fragmented bits that need to be retrieved.
iv) Reconstruction- this process particularly refers towards reconstructing the data
that has been found in a proper form to be presented to the court as well as to
carry out further investigation with the same.
v) Reporting- this is the final step of reporting every single day progress to the
authorities along with recovered files and the physical layout of the system
consisting of any encrypted or might as well be reconstructed data.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4DIGITAL FORENSICS
2. References:
Conlan, K., Baggili, I. and Breitinger, F., 2016. Anti-forensics: Furthering digital forensic
science through a new extended, granular taxonomy. Digital investigation, 18, pp.S66-S75.
Mohammad, R.M.A. and Alqahtani, M., 2019. A comparison of machine learning techniques
for file system forensics analysis. Journal of Information Security and Applications, 46,
pp.53-61.
Soltani, S. and Seno, S.A.H., 2017, October. A survey on digital evidence collection and
analysis. In 2017 7th International Conference on Computer and Knowledge Engineering
(ICCKE) (pp. 247-253). IEEE.
Wahyudi, E., Riadi, I. and Prayudi, Y., 2018. Virtual Machine Forensic Analysis And
Recovery Method For Recovery And Analysis Digital Evidence. International Journal of
Computer Science and Information Security, 16.