Title :
Analysis and Implementation of NTFS File System Based on Computer Forensics
Author :
Kai, Zhang ; En, Cheng ; Qinquan, Gao
Author_Institution :
Key Lab. of Underwater Acoust. Commun. & Marine Inf. Technol., Xiamen Univ., Xiamen, China
Abstract :
NTFS, which restores and manages the important data, is a common file system in Windows Operating System,. Tapping and analyzing the useful data of the NTFS file system has become an important means of current computer forensic. Through detailed analysis and research on the storage principles of the NTFS file system, the object-oriented method is put forward to design NTFS file parsing system. This system parses the binary data stored in disk, achieving the total analysis of both the normal files and the deleted files. Then, all the data retrieved can be restored into the form of a friendly user interface which can provide a reliable data source for the computer forensics.
Keywords :
computer forensics; file organisation; grammars; object-oriented programming; NTFS file parsing system; NTFS file system; Windows operating system; binary data; computer forensics; object-oriented method; storage principles; Computer crime; Computer science; Computer science education; Cryptography; Data analysis; Educational technology; File systems; Forensics; Marine technology; Operating systems; NTFS; computer forensics; data recover; file system; object-oriented;
Conference_Titel :
Education Technology and Computer Science (ETCS), 2010 Second International Workshop on
Conference_Location :
Wuhan
Print_ISBN :
978-1-4244-6388-6
Electronic_ISBN :
978-1-4244-6389-3
DOI :
10.1109/ETCS.2010.434
