Computer Theory
2017; Springer Nature; Linguagem: Inglês
10.1007/978-3-319-67450-6_3
ISSN2191-5776
Autores Tópico(s)Digital Media Forensic Detection
ResumoPerhaps the most important skill for someone working with computer forensics is to know how computers work. In order to locate digital traces of an e-mail, the examiner must know that such traces may look like. While this book is intended for someone who is fairly skilled in the computer world, there are some theories that are extra important for a forensic examiner and this computer theory is presented in this chapter. This includes an overview of encryption and decryption as well as a presentation of how data is represented in the digital word, in binary, hexadecimal and plain ASCII. Further, this chapter introduces theory that is often overlooked by disciplines other than computer forensics. This includes an overview of the NTFS file system and Windows registry that is one of the most valuable sources of information during an examination of a Windows computer. The chapter also describes what commonly happens when a file is deleted from a computer, namely that it is not deleted at all.
Referência(s)