Computer forensics (sometimes known as computer forensic science) is a branch of digital forensic science pertaining to legal evidence found in computers and digital storage media. The goal of computer forensics is to examine digital media in a forensically sound manner with the aim of identifying, preserving, recovering, analyzing and presenting facts and opinions about the information.
Unllocated space
Unallocated space, sometimes called “free space”, is logical space on a hard drive that the operating system, e.g Windows, can write to. To put it another way it is the opposite of “allocated” space, which is where the operating system has already written files to.
Unallocated file space and file slack are both important sources of leads for the computer forensics investigator. The data storage area in a factory fresh hard disk drive typically contains patterns of sectors which are filled with patterns of format characters. In DOS and Windows-based computer systems, the format pattern for a floppy diskette usually consists of binary data in the form of hex F6s. The same format pattern is sometimes used in the format of hard disk drives but the format patterns can consist of essentially any repeat character as determined by the factory test machine that made the last writes to the hard disk drive. The format pattern is overwritten as files and subdirectories are written in the data area.
Slack Space
Slack space refers to portions of a hard drive that are not fully used by the current allocated file and which may contain data from a previously deleted file.
Illustration of slack space on a hard drive
Tidak ada komentar:
Posting Komentar