Research on NTFS File Anti-Delete Forensic Technology
Authors
Weimin Wu, Gang Zhao, Wenxin Lai, Jiongjiang Lan
Corresponding Author
Weimin Wu
Available Online May 2016.
- DOI
- 10.2991/wartia-16.2016.83How to use a DOI?
- Keywords
- NTFS, File Record, Anti-delete, Forensic.
- Abstract
The deleting mechanism of file is summarized by means of research on NTFS structure and management mechanism. After analysis on the deleted leftover, valuable information included in it was acquired. A method is proposed for anti-delete forensic based on traversing free file record. Software named AntiD Forensics is designed and implemented, as well as verifying that anti-delete forensic technology for NTFS has great application value in computer forensics.
- Copyright
- © 2016, the Authors. Published by Atlantis Press.
- Open Access
- This is an open access article distributed under the CC BY-NC license (http://creativecommons.org/licenses/by-nc/4.0/).
Cite this article
TY - CONF AU - Weimin Wu AU - Gang Zhao AU - Wenxin Lai AU - Jiongjiang Lan PY - 2016/05 DA - 2016/05 TI - Research on NTFS File Anti-Delete Forensic Technology BT - Proceedings of the 2016 2nd Workshop on Advanced Research and Technology in Industry Applications PB - Atlantis Press SP - 419 EP - 422 SN - 2352-5401 UR - https://doi.org/10.2991/wartia-16.2016.83 DO - 10.2991/wartia-16.2016.83 ID - Wu2016/05 ER -