Many students ask why do we have to learn all this from the ground up. You have repeatedly heard me say that we need to learn to “look under the hood” as our systems have in some sense become too user friendly ans security starts with understanding.
To begin, understanding File Systems is very important so additional reading as time permits is located here: http://en.wikipedia.org/wiki/File_system
RAM & File Slack
Now having introduced all this, what is RAM Slack and File Slack and hopefully this will encourage your continuing research and exploration – :).
Digital Forensics File Formats Demo
Now a real quick “look under the hood”. Recall from the lecture and reading we have logical and physical perspectives and we have become a nation full of users who only access the top level logical perspective so let’s look at some files and the file system from the physical perspective.
Here is a nice resource on binary formats and their analysis (i.e. reverse engineering): Binary File Format Analysis