Re: [Full-disclosure] SANS Stuff

[Technica Forensis <forensis.technica@xxxxxxxxx>]

A large percentage of the "forensics experts" out there have
criminology related degrees and not a single CS class in their
repertoire.  I've given several talks on file systems at forensic
related conferences that have always been well received.  Based on the
questions/comments I get, most people know what metadata was stored
with a file, but not necessarily what the on disk format is, or how to
recreate a cluster-chain by hand, etc.

I'll gladly save anyone that asks the $200 and give up a list of
resources on file systems that will tell you just as much, if not
more, than SANS's 'class' will cover ;-)
(you're welcome, Stephen)


On 12/5/05, c0ntex <c0ntexb@xxxxxxxxx> wrote:
> On 05/12/05, Technica Forensis <forensis.technica@xxxxxxxxx> wrote:
> > what are floppies formatted with, again?  as bad as FAT is, it's
> > hardly outdated.
> >
> > most people focus on the big picture and never learn the guts of the
> > file system, so a class like this is extremely useful - especially in
> > the forensics arena.
>
> Sure, though the requirement is not a knowledge of assembler or
> virii.... but it is "files and directories" - what do you expect to
> learn, how much data can be stored on a FAT32 partition or what MBR
> looks like. This is school stuff isn't it?
>
> --
>
> regards
> c0ntex
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/