• DocumentCode
    2714048
  • Title

    Computer Forensics Research and Implementation Based on NTFS File System

  • Author

    Naiqi, Liu ; Zhongshan, Wang ; Yujie, Hao ; QinKe

  • Author_Institution
    Sch. of Comput. Sci. & Eng., Univ. of Electron. Sci. & Technol. of China, Chengdu
  • Volume
    1
  • fYear
    2008
  • fDate
    3-4 Aug. 2008
  • Firstpage
    519
  • Lastpage
    523
  • Abstract
    Based on NTFS file system, this paper proposed an algorithm of reconstructing directory tree above deleted files. Further more, by analyzing the internal structure of the NTFS file system in detailed, the storage principle of Data Runs in attribute 80 of MFT is clarified. Author analyzed some exceptions occurred during deleting files and compared the self-researched data recovery software named SmoothRecovery with the EasyRecovery appeared in the market. The result shows SmoothRecovery is more excellent than EasyRecovery on the efficiency of implementation.
  • Keywords
    computer crime; storage management; system recovery; Data Runs; EasyRecovery software; NTFS file system; SmoothRecovery software; computer forensics; deleted file; directory tree; self-researched data recovery software; Communication system control; Computer networks; Computer science; Consumer electronics; Control systems; Engineering management; File systems; Forensics; Image reconstruction; Technology management; Data Runs; computer forensics; data recovery; directory tree reconstruction;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Computing, Communication, Control, and Management, 2008. CCCM '08. ISECS International Colloquium on
  • Conference_Location
    Guangzhou
  • Print_ISBN
    978-0-7695-3290-5
  • Type

    conf

  • DOI
    10.1109/CCCM.2008.236
  • Filename
    4609565
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2714048