Computer invasions, with the purpose of extinguishing data, are on the rise. To retrieve erased data system audits, a computer must recover and identify the extinguished data content. For these types of inquiries, UNIX-like machines can utilize The Coronerís Toolkit (TCT). However, because this solution has limits regarding auditing partitions, UNIX appears to necessitate similar tools that investigate other types of archives systems. The set of tools presented in this article supplants this lack of recognizing and investigating partitions NTFS, FAT, UFS, EX2 and EXT3, generating reports detailed in a browser, beyond the resources already implemented for the TCT.
Computer Forensics, Network Security.
To return to the Volume/Number webpage, click here.
THE INTERNATIONAL JOURNAL OF FORENSIC COMPUTER SCIENCE - IJoFCS
Volume 1, Number 1, pp 41-44, DOI: 10.5769/J200601005 or http://dx.doi.org/10.5769/J200601005
Computer Forensics with the Sleuth Kit and the Autopsy Forensic Browser
By Ricardo Galv„o.
To download this paper, click here