Forensic Discovery
File System Forensic Analysis
Track-aligned extents: matching access patterns to disk drive characteristics
FAST'02 Proceedings of the 1st USENIX conference on File and storage technologies
Computer forensics workshop for undergraduate students
ACE '08 Proceedings of the tenth conference on Australasian computing education - Volume 78
Persistent systems techniques in forensic acquisition of memory
Digital Investigation: The International Journal of Digital Forensics & Incident Response
Steganographic information hiding that exploits a novel file system vulnerability
International Journal of Security and Networks
Hi-index | 0.00 |
In this paper we examine the methods of hiding data in the NTFS file system. Further we discuss the analysis techniques which can be applied to detect and recover data hidden using each of these methods. We focus on sophisticated data hiding where the goal is to prevent detection by forensic analysis. Obvious data hiding techniques, for example setting the hidden attribute of a file, will not be included. Hidden data can be further obfuscated by file system independent approaches like data encryption and steganography. This paper is only concerned with the methods which are made possible by the structure of the NTFS file system, and with the recovery of hidden data, not its interpretation.