Understanding Hard Disks and File Systems

HomeIncident Handling Exercises

Understanding Hard Disks and File Systems

While investigating a computer-based crime, it is most important to understand hard disks and filesystems, as these are the major sources of data storage. People usually delete their tracks after committing a crime with a computer in order to avoid being traced. That is why recovering the deleted files of hard disks and analyzing filesystems is essential when investigating a computer-based crime.

Objective

The objective of this lab is to help the students understand how to:

Learn about Network Enumeration

Recover files deleted from a hard disk
Analyze the file systems

Scenario

Sam, a security professional, discovered that one of his company's employees was gathering crucial, confidential information about the company and saving it on his/her computer so that he/she could use it for an illicit purpose. Sam immediately started checking each of his employee's computers in order to identify the dishonest employee. In order to avoid detection, the employee permanently deleted the gathered information.

Sam called a forensics investigator to launch an investigation and explained the situation to the investigator. After listening to the story, the investigator decided to analyze the filesystems in an attempt to recover the deleted files to catch the dishonest employee.

Understanding Hard Disks and File Systems

Incident Handling Exercises / Understanding Hard Disks and File Systems contains the following Exercises:

Recovering Deleted Files from Hard Disks Using WinHex
Analyzing File System Types Using The Sleuth Kit (TSK)

The Virtual Private Cloud for this Lab set utilizes:

Microsoft Windows Server 2008Steve Graham2014-08-14T17:55:19-04:00

Permalink
Gallery
Microsoft Windows Server 2008
Microsoft Windows 7Steve Graham2014-08-14T14:22:31-04:00

Permalink
Gallery
Microsoft Windows 7

Incident Handling Exercises are available as part of the following subscription:

CEHproductimage

Each subscription provides 6 months access to over 75 Different Exercises. Each exercise contains a Scenario, Objectives, and individual step by step tasks to guide the user through all steps necessary to complete the exercise.

Lab exercises are included for:

Trojans and Backdoors
Computer Forensics Investigation Process
Understanding Hard Disks and File Systems
Forensics Investigation Using AccessData FTK
Forensics Investigation Using EnCase
Log Capturing and Event Correlation

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.

Necessary

Always Enabled

Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Others