Computer Forensics

This is the latest in my series of posts on Computer Forensics based on the course I am doing with Infinite Skills.  I will first look at the computer forensics software Encase which is probably the market leader and it's primary purpose is to find and analyze files. It can analyze a sector on a hard drive and tell the type of file and even partially recover a deleted file. If you select a file within the Encase program various information about its properties will be shown when you press report. Another very similar program is FTK although that works in Linux. Encase works with Windows. There are also various in built programs like Windows Process Manager that can be used in connection with computer forensics. Many computer forensics use AFF or advanced forensic files as the file structure within the software. Encase has its own proprietary file system. In general computers should have NTFS as their file system as you can attach conditions as to who can do what within a program. FAT 32 good as it is doesn't have this permissions feature. CD's tend to use either ISO1660 or Joliet as their file structure.