Welcome to the InfoSci Platform
Forensics Analysis of NTFS File Systems

Forensics Analysis of NTFS File Systems

Kumarbhai Shamjibhai Sondarva, Adarsh Kumar, Bhavesh N. Gohil, Sankita J. Patel, Sarang Rajvansh, Ramya T. Shah
Copyright: © 2023 |Pages: 28
ISBN13: 9781668481332|ISBN10: 1668481332|ISBN13 Softcover: 9781668481349|EISBN13: 9781668481356
DOI: 10.4018/978-1-6684-8133-2.ch008
Cite Chapter Cite Chapter

MLA

Sondarva, Kumarbhai Shamjibhai, et al. "Forensics Analysis of NTFS File Systems." Advances in Cyberology and the Advent of the Next-Gen Information Revolution, edited by Mohd Shahid Husain, et al., IGI Global, 2023, pp. 138-165. https://doi.org/10.4018/978-1-6684-8133-2.ch008

APA

Sondarva, K. S., Kumar, A., Gohil, B. N., Patel, S. J., Rajvansh, S., & Shah, R. T. (2023). Forensics Analysis of NTFS File Systems. In M. Husain, M. Faisal, H. Sadia, T. Ahmad, & S. Shukla (Eds.), Advances in Cyberology and the Advent of the Next-Gen Information Revolution (pp. 138-165). IGI Global. https://doi.org/10.4018/978-1-6684-8133-2.ch008

Chicago

Sondarva, Kumarbhai Shamjibhai, et al. "Forensics Analysis of NTFS File Systems." In Advances in Cyberology and the Advent of the Next-Gen Information Revolution, edited by Mohd Shahid Husain, et al., 138-165. Hershey, PA: IGI Global, 2023. https://doi.org/10.4018/978-1-6684-8133-2.ch008

Export Reference

Mendeley
Favorite

Abstract

The internet and computers are reaching everywhere, and all are getting connected through it. Users are utilizing computers to make life easier and work faster. At the same time, many attacks and instances of cybercrime have happened. Therefore, digital forensics is necessary and plays a crucial role. NTFS is one of the most popular file systems used by the Windows operating system, and this chapter provides information for forensic analysis of NTFS file system. This chapter describes digital forensics, stages of digital forensics, and types of digital forensics. NTFS is discussed in brief along with the master file table (MFT). In the same section, it also discusses the method to detect the hidden data in the boot sector, analysis of registry, prefetch, shellbags, and web browsers. They have discussed the collection of volatile and non-volatile data. It also provides the artifacts which an investigator must be seeking, along with the tools used to collect and analyze them and strategies used for investigation and analysis. Data recovery and file carving are also discussed.

Request Access

You do not own this content. Please login to recommend this title to your institution's librarian or purchase it from the IGI Global bookstore.