Saturday, October 27, 2012

Introduction to Computer Forensic


Computer forensic is the application of computer investigation and analysis technique to gather evidence for presentation in a court of law.


Unallocated space, sometimes called “free space”, is logical space on a hard drive that the operating system, e.g Windows, can write to. or for easly is the space of harddrive that not used.
 To put it another way it is the opposite of “allocated” space, which is where the operating system has already written files to.



Slack space is the unused space between the end of the actual file and the end of the the defined data unit (cluster). Slack space refers to portions of a hard drive that are not fully used by the current allocated file and which may contain data from a previously deleted file.



Command linux for forensic :
  • fdisk -l /path/
  • md5sum /path/
  • dd if=source  of=detination     --> ("if" meaning "input file" and "of" meaning "output file").     
  • strings /path/


Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)