Computer Theory

Kävrestad, Joakim

doi:10.1007/978-3-319-67450-6_3

Joakim Kävrestad¹⁵

Part of the book series: SpringerBriefs in Computer Science ((BRIEFSCOMPUTER))

2054 Accesses

Abstract

Perhaps the most important skill for someone working with computer forensics is to know how computers work. In order to locate digital traces of an e-mail, the examiner must know that such traces may look like. While this book is intended for someone who is fairly skilled in the computer world, there are some theories that are extra important for a forensic examiner and this computer theory is presented in this chapter. This includes an overview of encryption and decryption as well as a presentation of how data is represented in the digital word, in binary, hexadecimal and plain ASCII. Further, this chapter introduces theory that is often overlooked by disciplines other than computer forensics. This includes an overview of the NTFS file system and Windows registry that is one of the most valuable sources of information during an examination of a Windows computer. The chapter also describes what commonly happens when a file is deleted from a computer, namely that it is not deleted at all.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

eBook: USD 16.99; Price excludes VAT (USA)

Softcover Book: USD 16.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

Cohen, D. (1980). On holy wars and a plea for peace. IETF. Available online https://www.ietf.org/rfc/ien/ien137.txt. Fetched July 6, 2017.
Guidance Software. (2016). EnCase Computer Forensics II. Guidance Software.
Google Scholar
Microsoft. (2017a). Compound files. Available online https://msdn.microsoft.com/en-us/library/windows/desktop/aa378938(v=vs.85).aspx. Fetched July 6, 2017.
Microsoft. (2017b). Structure of the registry. Available online https://msdn.microsoft.com/en-us/library/windows/desktop/ms724946(v=vs.85).aspx. Fetched July 6, 2017.
NTFS. (2017). NTFS—New Technology File System designed for Windows 10, 8, 7, Vista, XP, 2008, 2003, 2000, NT. Available online http://www.ntfs.com/ntfs.htm. Fetched July 6, 2017.
TechNet. (2017). File systems. Available online https://technet.microsoft.com/en-us/library/cc938949.aspx. Fetched July 6, 2017.

Download references

Author information

Authors and Affiliations

University of Skövde, Skövde, Sweden
Joakim Kävrestad

Authors

Joakim Kävrestad
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Joakim Kävrestad .

Rights and permissions

Reprints and permissions

Copyright information

About this chapter

Cite this chapter

Kävrestad, J. (2017). Computer Theory. In: Guide to Digital Forensics. SpringerBriefs in Computer Science. Springer, Cham. https://doi.org/10.1007/978-3-319-67450-6_3

Download citation

DOI: https://doi.org/10.1007/978-3-319-67450-6_3
Published: 28 September 2017
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-67449-0
Online ISBN: 978-3-319-67450-6
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics