A large percentage of the "forensics experts" out there have criminology related degrees and not a single CS class in their repertoire. I've given several talks on file systems at forensic related conferences that have always been well received. Based on the questions/comments I get, most people know what metadata was stored with a file, but not necessarily what the on disk format is, or how to recreate a cluster-chain by hand, etc.
I'll gladly save anyone that asks the $200 and give up a list of resources on file systems that will tell you just as much, if not more, than SANS's 'class' will cover ;-) (you're welcome, Stephen) On 12/5/05, c0ntex <[EMAIL PROTECTED]> wrote: > On 05/12/05, Technica Forensis <[EMAIL PROTECTED]> wrote: > > what are floppies formatted with, again? as bad as FAT is, it's > > hardly outdated. > > > > most people focus on the big picture and never learn the guts of the > > file system, so a class like this is extremely useful - especially in > > the forensics arena. > > Sure, though the requirement is not a knowledge of assembler or > virii.... but it is "files and directories" - what do you expect to > learn, how much data can be stored on a FAT32 partition or what MBR > looks like. This is school stuff isn't it? > > -- > > regards > c0ntex > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
