DocumentCode :
3664602
Title :
NTFS Directory Index Analysis for Computer Forensics
Author :
Gyu-Sang Cho
Author_Institution :
Dept. of Comput. Inf., Dongyang Univ., Youngju, South Korea
fYear :
2015
fDate :
7/1/2015 12:00:00 AM
Firstpage :
441
Lastpage :
446
Abstract :
This work provides a forensic analysis method for a directory index in NTFS file system. NTFS employed B-tree indexing for providing efficient storage of many files and fast lookups, which changes in a structure of the directory index when files are operated. As a forensic view point, we observe behaviors of the B-tree to analyze files that once existed in the directory. However, it is difficult to analyze the allocated index entry when the file commands are executed. So, this work treats a forensic method for a directory index, especially when there are a large number of files in the directory. The index entry records are naturally expanded, then we examine how the index entry records are configured in the index tree. And we provide information that how the directory index nodes are changed and how the index entries remain traces in the index entry record with a computer forensic point of view when the files are deleted.
Keywords :
"Forensics","Computers","Data structures","Resource management","Indexing","Blogs"
Publisher :
ieee
Conference_Titel :
Innovative Mobile and Internet Services in Ubiquitous Computing (IMIS), 2015 9th International Conference on
Type :
conf
DOI :
10.1109/IMIS.2015.68
Filename :
7284991
Link To Document :
بازگشت