- Title
- Digital forensic techniques for static analysis of NTFS images
- Creator
- Alazab, Mamoun; Venkatraman, Sitalakshmi; Watters, Paul
- Date
- 2009
- Type
- Text; Conference paper
- Identifier
- http://researchonline.federation.edu.au/vital/access/HandleResolver/1959.17/36879
- Identifier
- vital:3664
- Abstract
- Static analysis of the Windows NTS File System (NTFS) which is the standard and most commonly used file system could provide useful information for digital forensics. However, since the NFTS disk image records every event in the system, forensic tools need to process an enormous amount of information related to user / kernel environment, buffer overflows, trace conditions, network stack and other related subsystems. This leads to imperfect forensic tools that are practical for implementation but not comprehensive and effective. This research discusses the analysis technique to detect data hidden based on the internal structure of the NTFS file system in the boot sector. Further, it attempts to unearth the vulnerabilities of NTFS disk image and weaknesses of the current forensic techniques. The paper argues that a comprehensive tool with improved techniques is warranted for a successful forensic analysis.
- Publisher
- AL-Zaytoonah University, Amman, Jordan :
- Relation
- Paper presented at 4th International Conference of Information Technology, ICIT 2009, AL-Zaytoonah University, Amman, Jordan : 3rd-5th June 2009
- Rights
- Open Access
- Rights
- This metadata is freely available under a CCO license
- Subject
- NTFS; Forensics; Disk image; Data hiding
- Full Text
- Hits: 1558
- Visitors: 1864
- Downloads: 344
Thumbnail | File | Description | Size | Format | |||
---|---|---|---|---|---|---|---|
View Details Download | SOURCE1 | Conference paper | 5 MB | Adobe Acrobat PDF | View Details Download |