Journaled file systems have been a part of modern file systems for years butthe science of computer forensics has only been approaching them mainly as amethod of recovering deleted files. In this talk we will outline the threemajor file systems in use today that utilize journaling (NTFS, EXT3/4, HFS+)and explain what is stored and its impact on your investigations. We willdemonstrate tools for NTFS and EXT3/4 that allow us to:
Ending with a review of HFS+ and the future of file system forensics inrelations to journals and new file systems such as ReFS