SMART Data | ASR Data

Raw data is at the heart of data forensics. Hex viewing is essential, so it’s important to have a good hex viewer. Arbitrary data selections can be hashed, exported, logged, etc.

SMART’s raw data viewer can recognize certain data structures automatically. The screenshot above shows the interpretation of a FAT directory entry.

Filesystem study extends its functionality to the entire SMART User Interface. Here, a studied filesystem can be seen with color-coding. The blue area is slack space, and the green area is the start of the next file’s data allocation (a GIF file as you can tell by the signature).

Next: SMART Reporting