By Topic

Analysis and Implementation of NTFS File System Based on Computer Forensics

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

3 Author(s)
Zhang Kai ; Key Lab. of Underwater Acoust. Commun. & Marine Inf. Technol., Xiamen Univ., Xiamen, China ; Cheng En ; Gao Qinquan

NTFS, which restores and manages the important data, is a common file system in Windows Operating System,. Tapping and analyzing the useful data of the NTFS file system has become an important means of current computer forensic. Through detailed analysis and research on the storage principles of the NTFS file system, the object-oriented method is put forward to design NTFS file parsing system. This system parses the binary data stored in disk, achieving the total analysis of both the normal files and the deleted files. Then, all the data retrieved can be restored into the form of a friendly user interface which can provide a reliable data source for the computer forensics.

Published in:

Education Technology and Computer Science (ETCS), 2010 Second International Workshop on  (Volume:1 )

Date of Conference:

6-7 March 2010