Mon premier blog

File System Forensic Analysis Brian Carrier
Publisher: Addison-Wesley Professional

Recently, we discovered a threat that abuses the Encrypting File System (EFS), which Symantec detects as Backdoor.Tranwos. I have been spending some time reading File System Forensic Analysis by Brian Carrier which is considered by many to be the primary resource on the subject of file system forensics. For example, chapter 4 is dedicated to the HFS+ file system used by Macintosh computers and drills down to disk level file system forensics. I'm pretty sure this dude dreams in binary. I had recently completed Brian Carrier's, “File System Forensic Analysis,” (also an amazing book) and was looking for something a bit less in-depth and more of a general digital forensics book. NTFS offers significant improvements over previous FAT file systems. Backdoor.Tranwos Abuses EFS to Prevent Forensic Analysis. Symantec Security Response Blog. Here's a starter list: File System Forensic Analysis, Brian Carrier. The key to forensics is freezing the environment as close to the point of compromise as possible. It provides more information about a file, such as file ownership, along with more control over files and folders.