Abstract
Perhaps the most important skill for someone working with computer forensics is to know how computers work. In order to locate digital traces of an e-mail, the examiner must know that such traces may look like. While this book is intended for someone who is fairly skilled in the computer world, there are some theories that are extra important for a forensic examiner and this computer theory is presented in this chapter. This includes an overview of encryption and decryption as well as a presentation of how data is represented in the digital word, in binary, hexadecimal and plain ASCII. Further, this chapter introduces theory that is often overlooked by disciplines other than computer forensics. This includes an overview of the NTFS file system and Windows registry that is one of the most valuable sources of information during an examination of a Windows computer. The chapter also describes what commonly happens when a file is deleted from a computer, namely that it is not deleted at all.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Cohen, D. (1980). On holy wars and a plea for peace. IETF. Available online https://www.ietf.org/rfc/ien/ien137.txt. Fetched July 6, 2017.
Guidance Software. (2016). EnCase Computer Forensics II. Guidance Software.
Microsoft. (2017a). Compound files. Available online https://msdn.microsoft.com/en-us/library/windows/desktop/aa378938(v=vs.85).aspx. Fetched July 6, 2017.
Microsoft. (2017b). Structure of the registry. Available online https://msdn.microsoft.com/en-us/library/windows/desktop/ms724946(v=vs.85).aspx. Fetched July 6, 2017.
NTFS. (2017). NTFS—New Technology File System designed for Windows 10, 8, 7, Vista, XP, 2008, 2003, 2000, NT. Available online http://www.ntfs.com/ntfs.htm. Fetched July 6, 2017.
TechNet. (2017). File systems. Available online https://technet.microsoft.com/en-us/library/cc938949.aspx. Fetched July 6, 2017.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
Copyright information
© 2017 The Author(s)
About this chapter
Cite this chapter
Kävrestad, J. (2017). Computer Theory. In: Guide to Digital Forensics. SpringerBriefs in Computer Science. Springer, Cham. https://doi.org/10.1007/978-3-319-67450-6_3
Download citation
DOI: https://doi.org/10.1007/978-3-319-67450-6_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-67449-0
Online ISBN: 978-3-319-67450-6
eBook Packages: Computer ScienceComputer Science (R0)