TY - JOUR
T1 - The joys of complexity and the deleted file
AU - Fellows, Geoffrey
N1 - Imported on 12 Apr 2017 - DigiTool details were: month (773h) = June 2005; Journal title (773t) = Digital Investigation. ISSNs: 1742-2876;
PY - 2005/6
Y1 - 2005/6
N2 - This article considers the improved quality of evidence which may be extracted from computers running under modern operating systems and file systems. By way of illustration the author discusses the treatment of deleted files under legacy DOS systems, Windows 9x systems and the NTFS file system, and illustrates the various data artefacts associated with each. It is clear that, although the evidence resulting from more modern systems is more complex, and that analysts require more in-depth training to understand them, the rewards in terms of evidential probity can be considerable, enabling the analyst to produce evidence which in earlier systems was simply not there to be found. © 2005 Elsevier Ltd. All rights reserved.
AB - This article considers the improved quality of evidence which may be extracted from computers running under modern operating systems and file systems. By way of illustration the author discusses the treatment of deleted files under legacy DOS systems, Windows 9x systems and the NTFS file system, and illustrates the various data artefacts associated with each. It is clear that, although the evidence resulting from more modern systems is more complex, and that analysts require more in-depth training to understand them, the rewards in terms of evidential probity can be considerable, enabling the analyst to produce evidence which in earlier systems was simply not there to be found. © 2005 Elsevier Ltd. All rights reserved.
U2 - 10.1016/j.diin.2005.04.001
DO - 10.1016/j.diin.2005.04.001
M3 - Article
SN - 1742-2876
VL - 2
SP - 89
EP - 93
JO - Digital Investigation
JF - Digital Investigation
IS - 2
ER -