• Title/Summary/Keyword: Directory Index

Search Result 26, Processing Time 0.022 seconds

A Method of Data Hiding in a File System by Modifying Directory Information

  • Cho, Gyu-Sang
    • Journal of the Korea Society of Computer and Information
    • /
    • v.23 no.8
    • /
    • pp.85-93
    • /
    • 2018
  • In this research, it is proposed that a method to hide data by modifying directory index entry information. It consists of two methods: a directory list hiding and a file contents hiding. The directory list hiding method is to avoid the list of files from appearing in the file explorer window or the command prompt window. By modifying the file names of several index entries to make them duplicated, if the duplicated files are deleted, then the only the original file is deleted, but the modified files are retained in the MFT entry intact. So, the fact that these files are hidden is not exposed. The file contents hiding is to allocate data to be hidden on an empty index record page that is not used. If many files are made in the directory, several 4KB index records are allocated. NTFS leaves the empty index records unchanged after deleting the files. By modifying the run-list of the index record with the cluster number of the file-to-hide, the contents of the file-to-hide are hidden in the index record. By applying the proposed method to the case of hiding two files, the file lists are not exposed in the file explorer and the command prompt window, and the contents of the file-to-hide are hidden in the empty index record. It is proved that the proposed method has effectiveness and validity.

A Digital Forensic Analysis for Directory in Windows File System (Windows 파일시스템의 디렉토리에 대한 디지털 포렌식 분석)

  • Cho, Gyusang
    • Journal of Korea Society of Digital Industry and Information Management
    • /
    • v.11 no.2
    • /
    • pp.73-90
    • /
    • 2015
  • When we apply file commands on files in a directory, the directory as well as the file suffer changes in timestamps of MFT entry. Based on understanding of these changes, this work provides a digital forensic analysis on the timestamp changes of the directory influenced by execution of file commands. NTFS utilizes B-tree indexing structure for managing efficient storage of a huge number of files and fast lookups, which changes an index tree of the directory index when files are operated by commands. From a digital forensic point of view, we try to understand behaviors of the B-tree indexes and are looking for traces of files to collect information. But it is not easy to analyze the directory index entry when the file commands are executed. And researches on a digital forensic about NTFS directory and B-tree indexing are comparatively rare. Focusing on the fact, we present, in this paper, directory timestamp changes after executing file commands including a creation, a copy, a deletion etc are analyzed and a method for finding forensic evidences of a deletion of directory containing files. With some cases, i.e. examples of file copy and file deletion command, analyses on the problem of timestamp changes of the directory are given and the problem of finding evidences of a deletion of directory containging files are shown.

A Global Analysis of Open Access Books: A Study Based on Directory of Open Access Books

  • Dhanavandan, Sadagopan
    • International Journal of Knowledge Content Development & Technology
    • /
    • v.6 no.1
    • /
    • pp.85-103
    • /
    • 2016
  • The Directory of Open Access Books (DOAB) provides a searchable index peer-reviewed monographs and edited volumes published under an Open Access business model, with links to the full texts of the publications at the publisher's website or repository. This paper discusses a global analysis of open access books, which are available in the Directory of Open Access Books (DOAB). The data was collected from the open access directory at http://www.doabooks.org/ on $20^{th}$ October 2015. In total 3379 books are listed as available on the directory; the first and second books were published in 1866 and 1867 respectively. After 1962, the publication of books, increased gradually and the greatest number of books more than 300, was published in 2010, 2012, 2013 and 2014. Nearly 47 percent of the books (1584) were published in the English language only.

A New NTFS Anti-Forensic Technique for NTFS Index Entry (새로운 NTFS 디렉토리 인덱스 안티포렌식 기법)

  • Cho, Gyu-Sang
    • The Journal of Korea Institute of Information, Electronics, and Communication Technology
    • /
    • v.8 no.4
    • /
    • pp.327-337
    • /
    • 2015
  • This work provides new forensic techinque to a hide message on a directory index in Windows NTFS file system. Behavior characteristics of B-tree, which is apoted to manage an index entry, is utilized for hiding message in slack space of an index record. For hidden message not to be exposured, we use a disguised file in order not to be left in a file name attribute of a MFT entry. To understand of key idea of the proposed technique, we describe B-tree indexing method and the proposed of this work. We show the proposed technique is practical for anti-forensic usage with a real message hiding case using a developed software tool.

Dynamic Classification of Categories in Web Search Environment (웹 검색 환경에서 범주의 동적인 분류)

  • Choi Bum-Ghi;Lee Ju-Hong;Park Sun
    • Journal of KIISE:Software and Applications
    • /
    • v.33 no.7
    • /
    • pp.646-654
    • /
    • 2006
  • Directory searching and index searching methods are two main methods in web search engines. Both of the methods are applied to most of the well-known Internet search engines, which enable users to choose the other method if they are not satisfied with results shown by one method. That is, Index searching tends to come up with too many search results, while directory searching has a difficulty in selecting proper categories, frequently mislead to false ones. In this paper, we propose a novel method in which a category hierarchy is dynamically constructed. To do this, a category is regarded as a fuzzy set which includes keywords. Similarly extensible subcategories of a category can be found using fuzzy relational products. The merit of this method is to enhance the recall rate of directory search by expanding subcategories on the basis of similarity.

Content-Based Indexing and Retrieval in Large Image Databases

  • Cha, Guang-Ho;Chung, Chin-Wan
    • Journal of Electrical Engineering and information Science
    • /
    • v.1 no.2
    • /
    • pp.134-144
    • /
    • 1996
  • In this paper, we propose a new access method, called the HG-tree, to support indexing and retrieval by image content in large image databases. Image content is represented by a point in a multidimensional feature space. The types of queries considered are the range query and the nearest-neighbor query, both in a multidimensional space. Our goals are twofold: increasing the storage utilization and decreasing the area covered by the directory regions of the index tree. The high storage utilization and the small directory area reduce the number of nodes that have to be touched during the query processing. The first goal is achieved by absorbing splitting if possible, and when splitting is necessary, converting two nodes to three. The second goal is achieved by maintaining the area occupied by the directory region minimally on the directory nodes. We note that there is a trade-off between the two design goals, but the HG-tree is so flexible that it can control the trade-off. We present the design of our access method and associated algorithms. In addition, we report the results of a series of tests, comparing the proposed access method with the buddy-tree, which is one of the most successful point access methods for a multidimensional space. The results show the superiority of our method.

  • PDF

Ordinary B-tree vs NTFS B-tree: A Digital Forensics Perspectives

  • Cho, Gyu-Sang
    • Journal of the Korea Society of Computer and Information
    • /
    • v.22 no.8
    • /
    • pp.73-83
    • /
    • 2017
  • In this paper, we discuss the differences between an ordinary B-tree and B-tree implemented by NTFS. There are lots of distinctions between the two B-tree, if not understand the distinctions fully, it is difficult to utilize and analyze artifacts of NTFS. Not much, actually, is known about the implementation of NTFS, especially B-tree index for directory management. Several items of B-tree features are performed that includes a node size, minimum number of children, root node without children, type of key, key sorting, type of pointer to child node, expansion and reduction of node, return of node. Furthermore, it is emphasized the fact that NTFS use B-tree structure not B+structure clearly.

Analysis of Required Elements of a Directory Index Data Hiding Method (디렉토리 인덱스에 데이터 숨기기 방법을 적용하기 위한 필요한 요소들)

  • Cho, Gyu-Sang
    • Proceedings of the Korean Society of Computer Information Conference
    • /
    • 2018.07a
    • /
    • pp.478-479
    • /
    • 2018
  • 본 논문에서는 NTFS 파일시스템에서 디렉토리 인덱스의 구조내에 데이터를 숨기기 방법을 적용하는데 있어서 필요한 요소들에 대한 설명과 그것의 필요성에 대하여 논하기로 한다. 기존에 발표된 이 방법은 NTFS의 디렉토리 인덱스를 유지하기 위하여 B-tree방식으로 인덱스에 대한 데이터 구조를 운영하고 있는 점을 이용하여 인덱스의 정보를 담고 있는 인덱스 레코드 안에 저장되는 파일명을 이용하여 데이터 감추기를 수행하는 방법이다. 이것을 하기 위하여 필요한 몇가지 요소가 있는데 그 중에서 파일시스템, 작업 디렉토리, 위장 파일, 숨기려는 데이터, 사용할 수 없는 문자들, 앵커파일, 분석도구 등에 대한 것들을 나열하고 해당하는 요소들이 필요성과 그에 대한 의미를 기술하고자 한다.

  • PDF

An Indexing Technique for Object-Oriented Geographical Databases (객체지향 지리정보 데이터베이스를 위한 색인기법)

  • Bu, Ki-Dong
    • Journal of the Korean association of regional geographers
    • /
    • v.3 no.2
    • /
    • pp.105-120
    • /
    • 1997
  • One of the most important issues of object-oriented geographical database system is to develop an indexing technique which enables more efficient I/O processing within aggregation hierarchy or inheritance hierarchy. Up to present, several indexing schemes have been developed for this purpose. However, they have separately focused on aggregation hierarchy or inheritance hierarchy of object-oriented data model. A recent research is proposing a nested-inherited index which combines these two hierarchies simultaneously. However, this new index has some weak points. It has high storage costs related to its use of auxiliary index. Also, it cannot clearly represent the inheritance relationship among classes within its index structure. To solve these problems, this thesis proposes a pointer-chain index. Using pointer chain directory, this index composes a hierarchy-typed chain to show the hierarchical relationship among classes within inheritance hierarchy. By doing these, it could fetch the OID list of objects to be retrieved more easily than before. In addition, the pointer chain directory structure could accurately recognize target cases and subclasses and deal with "select-all" typed query without collection of schema semantic information. Also, it could avoid the redundant data storing, which usually happens in the process of using auxiliary index. This study evaluates the performance of pointer chain indexing technique by way of simulation method to compare nested-inherited index. According to this simulation, the pointer chain index is proved to be more efficient with regard to storage cost than nested-inherited index. Especially in terms of retrieval operation, it shows efficient performance to that of nested-inherited index.

  • PDF

Effective Index and Backup Techniques for HLR System in Mobile Networks (이동통신 HLR 시스템에서의 효과적인 색인 및 백업 기법)

  • 김장환;이충세
    • Journal of KIISE:Computing Practices and Letters
    • /
    • v.9 no.1
    • /
    • pp.33-46
    • /
    • 2003
  • A Home Location Register(HLR) database system manages each subscriber's location information, which continuously changes in a cellular network. For this purpose, the HLR database system provides table management, index management, and backup management facilities. In this thesis, we propose using a two-level index method for the mobile directory number(MDN) as a suitable method and a chained bucket hashing method for the electronic serial number(ESN). Both the MDN and the ESN are used as keys in the HLR database system. We also propose an efficient backup method that takes into account the characteristics of HLR database transactions. The retrieval speed and the memory usage of the two-level index method are better than those of the R-tree index method. The insertion and deletion overhead of the chained bucket hashing method is less than that of the modified linear hashing method. In the proposed backup method, we use two kinds of dirty flags in order to solve the performance degradation problem caused by frequent registration-location operations. For a million subscribers, proposed techniques support reduction of memory size(more than 62%), directory operations (2500,000 times), and backup operations(more than 80%) compared with current techniques.