As investigators and information security professionals, we have to constantly be aware of changing file systems to track data changes and accurately apply attribution to system changes.
In 2006 Microsoft released a successor to the FAT32 file system named the Extended FAT file system - labeled exFAT for short. exFAT was initially released for the Windows CE handheld device and in 2008 a version of exFAT was released for Microsoft Desktop and Server operating systems. Today exFAT is licensed and supported on many devices and systems, including Unix/Linux systems. The SD card association, with the release of the Secured Digital Extended Capacity (SDXC) memory card, has adopted exFAT as the standard file system for SDXC media which is used in cameras, cell phones and other consumer electronics.
exFAT is implemented in a different file system organization than the legacy predecessor FAT family file systems such as FAT12/16/32, and the forensics investigator will be required to know and understand this new format as forensics examinations are conducted using this new file system.
Robert Shullich (http://www.linkedin.com/in/robertshullich), Enterprise Security Architect at Tower Group Companies, will give a great overview of the exFAT file system and the implications for investigators.
exFAT topics to be covered in the session:
• File System Limits
• Relevance to forensics computing and digital investigation
• Hiding places to look out for – where criminals can hide things
So please join us on Wednesday June, 11th, 6:30pm at John Jay College of Criminal Justice,[masked]th Street, Room 630T for this exciting meet-up.
Robert Shullich (http://www.linkedin.com/in/robertshullich) is an Enterprise Security Architect at the Tower Group Companies, and has also worked in other Financial Organizations in various senior roles in Information Risk and Information Security. Shullich has served in roles that assess information risk by evaluating the inherent risk in IT projects, and proposes additional controls that either mitigate or reduce the risk in those projects. He holds Master Degrees in Computer Science, Business Administration, Telecommunication Networks and Digital Forensics and Cyber Security. He holds many professional certifications that include the CPP, CISSP-ISSAP, ISSMP, CCFP-US, CISA, CISM, CIPP/US, CEH, CHFI, ECSA, GSEC, GCFA and CRISC. He has been in the IT field for 40 years, with at least 20 of those years in information security.