You are viewing a free preview of this lesson.
Subscribe to unlock all 10 lessons in this course and every other course on LearningBro.
Disk forensics is the examination of hard drives, solid-state drives, and other persistent storage media to extract and analyse evidence. It encompasses the analysis of partitions, file systems, operating system artefacts, user activity, and hidden data. Disk forensics is often the starting point for computer-based investigations.
| Storage Type | Interface | Forensic Considerations |
|---|---|---|
| HDD (Hard Disk Drive) | SATA, IDE, SAS | Magnetic storage; data may persist after deletion; easier to recover overwritten data |
| SSD (Solid State Drive) | SATA, NVMe, M.2 | Flash storage; TRIM command may zero deleted blocks; wear levelling complicates recovery |
| USB flash drive | USB | Similar to SSD; may use FAT32 or exFAT |
| External drive | USB, Thunderbolt | May be HDD or SSD; same principles apply |
| SD card / microSD | SD interface | Flash storage; commonly used in cameras and mobile devices |
Traditional HDD:
Delete file ──▶ Metadata updated ──▶ Data remains on disk until overwritten
Subscribe to continue reading
Get full access to this lesson and all 10 lessons in this course.