There are hundreds of different file systems that are used with all the major operating systems, and as a forensic investigator, you need to be familiar with each of them. Many of these file systems have the ability to hide files. You will investigate one of the most common file systems and detect hidden data. In a Word document a minimum of 500 words in length, document the process as you go so it can be replicated; use screen captures to prove completion of each step. Take complete lab notes, such that you could be called on to be an expert witness at a trial.
Using the GCU Approved Virtualization Solution, download the SANS SIFT VM and install.
Using a USB flash drive and AccessData FTK imager, create an image of the drive. Make sure there are files on the drive (e.g., various types of documents—.doc, .xls, .pdf—and lots of kitten .jpgs).
Using Autopsy, Analyze the files discovered on the drive describe any hidden or surprise files.
In your report, explain the similarities and differences between capturing Windows verses a Linux system
Report the findings of the investigation. As this is part of an investigation, you need to provide your step-by-step process. Include only the facts, not recommendations or personal thoughts.
The post File systems that are used with all the major operating systems first appeared on COMPLIANT PAPERS.