FAT32,Boot Sector, swap files, Cluster etc.

peedof · 02-Nov-2005, 10:21 AM #1

Hi guys, Im toying around with ideas for my fourth year project and would like to do a forensics programme that retrieves 'deleted' info from swap files and other info from areas such as the boot sector and File allocation tables. What would your advice be in regards to what language to use and any links to useful tips or suggested reading? it seems there isnt much floating around on the net in regards to programming of this.
Thanks

lotuseclat79 · 06-Nov-2005, 04:18 PM #2

Quote:

Originally Posted by peedof

Hi guys, Im toying around with ideas for my fourth year project and would like to do a forensics programme that retrieves 'deleted' info from swap files and other info from areas such as the boot sector and File allocation tables. What would your advice be in regards to what language to use and any links to useful tips or suggested reading? it seems there isnt much floating around on the net in regards to programming of this.
Thanks

Hi peedof,

Are you going to be working on a Linux or a Windows OS system?

-- Tom

peedof · 06-Nov-2005, 04:24 PM #3

Hi Tom,
At the start I was thinkin windows but it seems it'll be a lot easier on linux.....what do u think?

lotuseclat79 · 06-Nov-2005, 05:27 PM #4

Quote:

Originally Posted by peedof

Hi Tom,
At the start I was thinkin windows but it seems it'll be a lot easier on linux.....what do u think?

What do you know better? Either one would be a good learning experience.

A while back I saw an interesting book on programming windows internals at Barnes & Noble but I have since forgotten the title/author.

Windows Internals 4thEd by Solomon and Russinovich ($37.79:Amazon) is probably very good. See http://www.sysinternals.com for a lot of excellent windows system utilities.

Then there is the Linux Kernel Internals book now in paperback.

Also, my language of choice would be C or C++, but for you it depends on what you know best.

Look to combine together some good system utilities together with what you hope to accomplish in your project, and that way you might be able to reduce the scope of work necessary to do what you decide - all depends on time and effort projections. Get your instructor/professor's opinion for guidance so you don't over scope the work.

-- Tom

peedof · 06-Nov-2005, 06:54 PM #5

thanks for all that!
Im comfortable with both linux and windows but in regards to this type of project which one do you think would be wiser to go with? This project is for next semester so I wont be assigned a professor until early December. Cheers for the site the source code section looks like it'll help me a lot.

lotuseclat79 · 07-Nov-2005, 09:00 AM #6

Quote:

Originally Posted by peedof

thanks for all that!
Im comfortable with both linux and windows but in regards to this type of project which one do you think would be wiser to go with? This project is for next semester so I wont be assigned a professor until early December. Cheers for the site the source code section looks like it'll help me a lot.

Hi peedof,

It depends entirely on what you want to do in the long term with it. I would try to do a project/successfully that is impressive on your resume for future employment - a lot of the work is in the choosing what to do stage, then put together a plan to accomplish your goal - doing the necessary background research to know what you need to do, present it for your professor's review (even choose a professor you want now to ask for advice and share your current thinking), and then go forth and make it happen!

As an example, I had earlier done a programming project in another course, an event step modelling simulation using a pseudo-random number generator to model the random service request arrivals because I wanted to learn about simulation modelling about which I knew nothing; so, when I was getting my MSCS, I stripped the guts out of this to model a simulation for a network traffic load to use as a tool to decide what capacity to design into the network. I even talked the professor into letting me model the entire network course with this project and submit it for his real-world review instead of taking the final examination! His review of my code and results it generated was very close to his real-world network experience - I passed his scrutiny! He ran the systems programming shop for a large bank in our Metro area (also a VP as I recall) and required his programmers to code in COBOL - talk about paranoia, and he was the only one that did assembler level programming. One time when a student in his advanced assembler class claimed it was impossible to generate a stepped binary table with an assembler macro - he whipped out a listing (he carried in his briefcase) of mine that proved it - student's jaw dropped, and we had a good laugh when he told me. I used to take copious notes, when he mentioned that in passing, I could not resist exploring how to do it - until I eventually succeeded - did not get it with first try. So, try, try, try....again, and again, and...until you solve it. You must be persistent!

-- Tom

lotuseclat79 · 10-Nov-2005, 07:32 AM #7

Hi peedof,

The book I did not seem to recall in post #4 was:
Windows System Programming (3rd Ed) by Johnson M. Hart

Good material on Windows API and multithreading!

-- Tom

Search
Search in:
Show Threads Show Posts
Advanced Search

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)