University Digital Forensics Module: File System Analysis Reflection

Verified

Added on 2022/08/31

AI Summary

This assignment is a reflective essay on a student's learning experience in a digital forensics module, with a focus on file system analysis. The student discusses the various stages of digital forensics, including data collection, file system analysis techniques (such as data unit viewing, logical file system searching, and data unit allocation status), and consistency checks. The essay highlights the importance of careful execution in file system analysis for successful investigations. The student also mentions the use of tools like Autopsy for digital interface and file system analysis. The reflection emphasizes the student's methodological approach, personal growth, and the digital forensics skills developed throughout the module, referencing specific practical sessions and the impact of their personal experiences on their approach to digital forensics.

Running head: DIGITAL FORENSICS
DIGITAL FORENSICS
Name of the Student
Name of the University
Author Note

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1DIGITAL FORENSICS
Discussions
Digital Forensics is the field of forensic science that consists of identifying, recovery,
investigation, validations and then presentation of the facts concerning the evidences those
are digital found on computers, storage devices those are digital and other devices of media.
There are various stages in executing digital forensics where evaluation of file systems is one
of the important steps (Hilgert, Lambertz and Plohmann 2017). The first step that I did was
collection of data that are the files those are found on the digital media. After I have collected
the data, the next step that is performed by me is the analysis of file system. After I have
collected the data for the digital forensics, I have stored the files in a hierarchy such that is
easier for me to find the files during the time of investigation. There are various types of file
system that exists and I have learned that the tools that are used for the investigations use
FAT format for the system of files. I have learnt that there are two types of files system data.
First, one is the essential file system data where the important files are stored, they can be
retrieved later, and the second one is the non-essential file system data where less important
file systems are saved for investigation (Wani and Bhat 2018). I have also learned that there
are various techniques in the analysis of the files systems those are required during the
investigation of digital forensics. The first technique that I have learnt is the data unit viewing
where I have known that the investigator knows the address where the evidence can be
located. The second technique that I have learnt is logical file system level searching where I
have known that the investigator knows the content of the evidence but does not know where
the evidences are located. Therefore, every unit of data is searched for the files. The next
technique that I have learnt for the analysis of the file systems is the Data unit allocation
status where I have learnt that bitmap of all the data units are done and then the allocated bits
are extracted using the analysis tools (Albanna and Riadi 2017). The next analysis technique
that I have known is the Consistence checks. I have learnt that in consistence checks, they

2DIGITAL FORENSICS
permit the investigator to decide if the system of files is in a state that is suspicious. I have
also seen that is the data units are damaged and a hard disk consist of damaged sectors then,
the tools of acquisition of digital forensics that I have learnt will fill these damaged data with
several zeros.
While investigating about digital forensics, i have learnt that there are various tools
those are used for the analysis of the file systems. The most important and the most common
among them is autopsy (Lanterna and Barili 2017). I have seen that this tool utilises digital
interface in order to analyse the file systems. Therefore, the analysis of file systems in one of
the most important steps in digital forensics and it should be carried out carefully in order to
be successful in the investigation.

3DIGITAL FORENSICS
References
Albanna, F. and Riadi, I., 2017. Forensic Analysis of Frozen Hard Drive Using Static
Forensics Method. International Journal of Computer Science and Information Security
(IJCSIS), 15(1).
Hilgert, J.N., Lambertz, M. and Plohmann, D., 2017. Extending The Sleuth Kit and its
underlying model for pooled storage file system forensic analysis. Digital Investigation, 22,
pp.S76-S85.
Lanterna, D. and Barili, A., 2017. Forensic analysis of deduplicated file systems. Digital
Investigation, 20, pp.S99-S106.
Wani, M.A. and Bhat, W.A., 2018. Dataset for forensic analysis of B-tree file system. Data in
brief, 18, pp.2013-2018.