Hello folks ...
Earlier I introduced you to the file-systems.We discussed about various different file-systems present in both windows and linux operating systems.Now In this post of cyber forensics i will be introducing you guys to hands-on experience on the file systems.Now what is hands-on? whenever you do a practical test of any of theoretically learned concept or process ,then it is called a HANDS-ON.
Let me tell you why hands-on practices are important when it comes to cyber forensics.Now Cyber Forensics is a field in which you have to be thorough about the processes going on in a system. And when you do hands-on on any of the learned concept of a device then you are yourself going the depths.
So lets start our hands-on.
In this hands-on I will be discussing about the Windows file-systems. I will be showing you how to view the NTFS and FAT32 using Encase.Encase is a forensics platform that is used execsively in solving cybercrimes.I will be giving detailed tutorials and hands-on later. Here I am just using it here to show you how NTFS and FAT32 looks like .
So first look the things that you need to do this hands-on successfully:
-->windows 7,8,8.1
-->Pen-drive
-->Encase
If u don't use windows then you can use virtual box or vmware to run Windows. Check the file system of the pen-drive by going to properties.
Now for,
NTFS:-
steps:
1) Connect a pen-drive which is in NTFS to the system.
2)Open Encase.
3)create new case.
4)click on "add device".
5)On clicking on "Add Device" you will find "local disks" on top of the list.Tick it and click next.
6)In this list the second one will be the pen-drive you connected to your system.
7)Tick that and click next .
8)Your device gets added to the case.
9)Now in the case you will find the drive name .Click it can go to lower panel.
10)In the lower panel you will find a option called disk.Click it.
11)Then u will find the will find the structure of file-system of the pen-drive with certain colours.
12)Go to the side panel and click on "legend". Here you will find what the colours you see in the structure of file-system denotes.
FINAL RESULT:-
-->Here as u see in the above shown results the blue colour denotes the allocated sectors of the NTFS file-system.The while colour denotes shows the unallocated sectors and the yellow colour with a question mark within it shows the lost clusters.
FAT32:-
-->Steps in viewing the FAT32 file-system is same as that of the NTFS file-system except the fact that for viewing the FAT32 structure the pen-drive should in FAT32 file-system.
FINAL RESULT:-
-->Here as you see in the above shown results the blue colour denotes the allocated sectors of the FAT32 file-system.The while colour denotes shows the unallocated sectors.
I'm adding a tutorial video for this hands-on for your easy understanding.
So we completed our hands-on on Windows file-systems.
I will be back with my new post soon
HASTA PRONTO !!!!!!
To like our facebook page click here NewAgeInformers
To subscribe our youtube channel click here wolfpack
Nicely explain
ReplyDeleteLook forward to more from you.
ReplyDelete