Hi,
A quick question is File System Forensic Analysis by Brian Carrier still the primer source for file system forensics or is it starting to become dated?
I'm thinking about buying it but just wanted to check if there is a better/newer book on the subject out there?
Thanks in advance
It is a bit dated, in that it doesn't have some of the newer file systems, such as exFAT, Ext4, ReFS, and so on. However, file systems don't really change too much, so the ones that are in there (FAT, NTFS, HFS, Ext2/3, UFS, etc) are just as relevant as the date it was published.
It is a must-buy, definitely.
Ok thanks, i did place an order for it today, it seems to be the general opinion that it is a must read. I also noticed that it is included in the SANS FOR508 class package.
I'm guessing that although it lacks some of the newer filesystems it contains a lot of general knowledge that can be carried over to the new technologies as well? I'm thinking mindset when examening filesystems no matter which it is etc, or am i wrong in that assumption??
Am studying a Msc in forensics and it is definitely being portrayed as a must have/read for the course.