The joys of complexity and the deleted file

Geoffrey Fellows

Research output: Contribution to journalArticlepeer-review

4 Citations (Scopus)

Abstract

This article considers the improved quality of evidence which may be extracted from computers running under modern operating systems and file systems. By way of illustration the author discusses the treatment of deleted files under legacy DOS systems, Windows 9x systems and the NTFS file system, and illustrates the various data artefacts associated with each. It is clear that, although the evidence resulting from more modern systems is more complex, and that analysts require more in-depth training to understand them, the rewards in terms of evidential probity can be considerable, enabling the analyst to produce evidence which in earlier systems was simply not there to be found. © 2005 Elsevier Ltd. All rights reserved.
Original languageEnglish
Pages (from-to)89-93
Number of pages5
JournalDigital Investigation
Volume2
Issue number2
DOIs
Publication statusPublished - Jun 2005
Externally publishedYes

Fingerprint

Dive into the research topics of 'The joys of complexity and the deleted file'. Together they form a unique fingerprint.

Cite this