Hello all, I’m a newbie to this board and I am in some need of assistance. I am a student at Bloomsburg University and am in the process of earning a B.S. in Computer Forensics. I have an A.A.S. in Computer Forensics, and I was a network admin in the Marine Corps for 5 years.
I am in the process of doing a project on CD/DVD Forensics for my final this semester, but I’m having trouble finding relevant information on that specific subject. The only book I know of (http//
I’ve found somewhat useful info describing Orange Book, ISO 9660, Joliet, Descriptors and the like, but I haven’t found any sites that break it down to a beginner’s level. My goal is to describe the file structure and/or geometry of CD-R/CD-RW's mainly, how data is written to them, what to look for when viewing with a Hex program as far as separating directories and files, how the geometry of a CD relates to a FAT of a floppy or harddisk, and anything that would be relevant enough to include in a professional and forensically-based report.
Any help you could offer would be great! If you know any relevant links on the web to guide me in the right direction, or any info from your own experience I would surely appreciate it. Thanks in advance, I’m looking forward to contributing to the board in the future!
I think the Rainbow books will be a big help. You might try to find the presentation Chris Taylor gave at Techno Forensics entitled CDFS Forensics. It was great talk
CDFS Forensics - Chris Taylor–DoD 130 - 430 PM
Anyone who has worked in computer forensics for longer than a week has had to image a compact disk. Several outstanding tools exist that make the tasks of imaging and interpreting the data very easy. In this segment, we won't be using any of them. Here we will be examining several of the most common file systems found on CDs at the lowest level possible - opening the image with a hex editor and manually reading all the header information necessary to extract the data from the image. Understanding of the underlying structures allows the forensic / data-recovery analyst to better understand the procedures and limitations of the pretty point-n-click tools that we will ultimately use to analyze this type of data. After all, knowing what is going on under the hood is a vital skill in that line of work. This is a highly technical discussion that will spend a lot of time looking at hex - this is not for the faint of heart.
The presentation should be available soon here http//
I too am waiting on the Infinadyne book…
In the meantime try the following for some light reading
http//
http//
http//
(audio related but still relavant)
http//
(cd formats and cd structure sections)
http//
(A guide to the different colour books)
I find the forums at
What I am after is something that fully explains for mult-session disks are recorded! Anyone?