While investigating a computer-based crime, it is most important to understand hard disks and filesystems, as these are the major sources of data storage. People usually delete their tracks after committing a crime with a computer in order to avoid being traced. That is why recovering the deleted files of hard disks and analyzing filesystems is essential when investigating a computer-based crime.
Objective
- Recover files deleted from a hard disk
- Analyze the file systems
Scenario
Sam called a forensics investigator to launch an investigation and explained the situation to the investigator. After listening to the story, the investigator decided to analyze the filesystems in an attempt to recover the deleted files to catch the dishonest employee.
Understanding Hard Disks and File Systems
Incident Handling Exercises / Understanding Hard Disks and File Systems contains the following Exercises:
- Recovering Deleted Files from Hard Disks Using WinHex
- Analyzing File System Types Using The Sleuth Kit (TSK)
The Virtual Private Cloud for this Lab set utilizes:
Incident Handling Exercises are available as part of the following subscription:
Lab exercises are included for:
- Trojans and Backdoors
- Computer Forensics Investigation Process
- Understanding Hard Disks and File Systems
- Forensics Investigation Using AccessData FTK
- Forensics Investigation Using EnCase
- Log Capturing and Event Correlation