References
- Wikipedia.org, "NTFS-Features-Scalability", http://en.wikipedia.org/wiki/NTFS#Features
- Microsoft TechNet, "NTFS Technical Reference",https://technet.microsoft.com/en-us/library/cc758691(v=ws.10).aspx.
- B. Carrier, File System Forensic Analysis, Addison-Wesley, 2005, pp. 273-396.
- Wikipedia, "B-tree", http://en.wikipedia.org/wiki/B-tree.
- William Ballenthin,"NTFS INDX Attribute Parsing", http://www.williballenthin.com/forensics/indx/index.html.
- Chad Tilbury, "NTFS $I30 Index Attributes: Evidence of Deleted and Overwritten Files", SANS Digital Forensics and Incident Response Blog, http://digital-forensics.sans.org.
- Sameer H. Mahant and B. B. Meshram, "NTFS Deleted Files Recovery: Forensics View", IRACST(-International Journal of Computer Science and Information Technology & Security (IJCSITS), Vol. 2, pp. 491-497, No.3, 2012.
- Ewa Huebner, Derek Bem and Cheong Kai Wee, "Data hiding in the NTFS file system", Digital Investigation, Vol. 3, Issue 4, pp. 211-226, 2006 https://doi.org/10.1016/j.diin.2006.10.005
- Christopher Lees, "Determining removal of forensic artefacts using the USN change journalOriginal", Digital Investigation, Vol. 10, Issue 4, pp. 300-310, 2013. https://doi.org/10.1016/j.diin.2013.10.002
- G.-S. Cho, "A computer forensic method for detecting timestamp forgery in NTFS", Computers & Security, Vol. 34, pp. 36-46, 2013. https://doi.org/10.1016/j.cose.2012.11.003
- Gyu-Sang Cho, A Digital Forensic Method by an Evaluation Function Based on Timestamp Changing Patterns. (2014), Journal of KSDIM(ISSN:1738-6667), Vol. 10, No. 2, pp. 91-105.
- G.-S. Cho, "NTFS Directory Index Analysis for Computer Forensics", Proceedings of IMIS 2015, Blumenau Brazil, July 2015.
- Gyu-Sang Cho, A Digital Forensic Analysis for Directory in Windows File System. (2015), Journal of KSDIM(ISSN:1738-6667), Vol. 11, No. 2, pp. 73-89.
- Microsoft MSDN, "Naming Files, Paths, and Namespace-Short vs. Long Names", http://msdn.microsoft.com.
- Microsoft TechNet, Fsutil behavior, "https://technet.microsoft.com/en-us/library/cc785435.aspx"
Cited by
- 디렉토리 인덱스 안티포렌식 기법에서 Windows 파일명에 사용할 수 없는 문자 문제의 해결방법 vol.11, pp.4, 2015, https://doi.org/10.17662/ksdim.2015.11.4.069
- A Steganographic Data Hiding Method in Timestamps by Bit Correction Technique for Anti-Forensics vol.23, pp.8, 2015, https://doi.org/10.9708/jksci.2018.23.08.075
- A Method of Data Hiding in a File System by Modifying Directory Information vol.23, pp.8, 2015, https://doi.org/10.9708/jksci.2018.23.08.085
- 파일시스템의 클러스터를 임의로 할당하여 디스크를 단편화하기 위한 방법 vol.16, pp.2, 2015, https://doi.org/10.17662/ksdim.2020.16.2.011