Presented by Kofi Appiah Nuamah NTFS Forensics with Disk Explorer Project 3.1.

Slides:



Advertisements
Similar presentations
Computer Forensics: Basics Media Analysis. Agenda Common Data Hiding Techniques Windows Registry Writing files Deleting and Reformatting Recycle Bin.
Advertisements

Computer Forensics BACS 371
 Overview User Accounts Groups User Rights Permissions.
Computer Forensics, The Investigators Persepective Paul T. Mobley Sr. Computer Forensics Consultant Jawz Inc.
Digital Forensics Module 11 CS /26/2004Module 112 Outline of Module #11 Overview of Windows file systems Overview of ProDiscover Overview of UNIX.
Guide to Computer Forensics and Investigations Fourth Edition
Windows XP File System Management Group D. 3 Layers of Drivers Filter Drivers Filter Drivers –Virus protection, compression, encryption File System Drivers.
COS 413 Day 13. Agenda Questions? Assignment 4 Due Assignment 5 posted –Due Oct 21 Capstone proposal Due Oct 17 Lab 5 on Oct 15 in N105 –Hands-on Projects.
Lecture 10: The FAT, VFAT, and NTFS Filesystems 6/17/2003 CSCE 590 Summer 2003.
Computer Forensics Principles and Practices by Volonino, Anzaldua, and Godwin Chapter 7: Investigating Windows, Linux, and Graphics Files.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 7: Advanced File System Management.
MCT260-Operating Systems I Operating Systems I Routine File Management Part Two.
Guide to Computer Forensics and Investigations Third Edition
COS/PSA 413 Day 3. Agenda Questions? Blackboard access? Assignment 1 due September 3:35PM –Hands-On Project 1-2 and 2-2 on page 26 of the text Finish.
COS/PSA 413 Day 16. Agenda Lab 7 Corrected –2 A’s, 1 B and 2 F’s –Some of you need to start putting more effort into these labs –I also expect to be equal.
COS/PSA 413 Day 5. Agenda Questions? Assignment 2 Redo –Due September 3:35 PM Assignment 3 posted –Due September 3:35 PM Quiz 1 on September.
Computer Forensics What is Computer Forensics? What is the importance of Computer Forensics? What do Computer Forensics specialists do? Applications of.
COS/PSA 413 Day 15. Agenda Assignment 3 corrected –5 A’s, 4 B’s and 1 C Lab 5 corrected –4 A’s and 1 B Lab 6 corrected –A, 2 B’s, 1 C and 1 D Lab 7 write-up.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 7: Advanced File System Management.
Encase Overview. What is Encase EnCase Forensic is the industry standard in computer forensic investigation technology. Encase is a single tool, capable.
Mastering Windows Network Forensics and Investigation Chapter 14: Other Audit Events.
Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #12 Computer Forensics Analysis/Validation and Recovering Graphic.
A Feature-Based of IT Automation using kaseya’s agent procedure called the wiping of unallocated disk space using cipher.exe Developed By: Estuardo Fernandez.
MHDD Data Recovery & Forensics v15 - © 2009 MHDD 1 Hard Drive Kung Fu Magic MFT & File Based Imaging Data Recovery Forensics by Scott A. Moulton
COEN 252 Computer Forensics Windows Evidence Acquisition Boot Disk.
By Alessandro Disfano, Gianluigi Me, Francesco Pace 11/08/2013 Fri. Daun Jeong.
Co-funded by the European Union´s Seventh Programme for research, technological development and demonstration under grant agreement No
Chapter 7 Working with Files.
With Windows 7 Getting Started© 2011 Pearson Education, Inc. Publishing as Prentice Hall1 PowerPoint Presentation to Accompany GO! with Windows 7 Getting.
WINDOWS SYSTEMS AND ARTIFACTS John P. Abraham Professor UTPA.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 7: Advanced File System Management.
Mastering Windows Network Forensics and Investigation Chapter 7: Windows File Systems.
Caleb Walter. Created when Microsoft made the NTFS File system in NT 3.1 Made for Compatibility with HFS HFS uses Data Forks ; NTFS uses File Extensions.
Operating Systems Concepts 1/e Ruth Watson Chapter 2 Chapter 2 Windows File and Environment Ruth Watson.
Fall 2011 Nassau Community College ITE153 – Operating Systems Session 14 Windows XP Professional 1.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 7: Advanced File System Management.
Chapter 9 Computer Forensics Analysis and Validation Guide to Computer Forensics and Investigations Fourth Edition.
Mastering Windows Network Forensics and Investigation Chapter 7: Windows File Systems.
Configuring Encryption and Advanced Auditing
Digital Forensics and Demonstration of Basic Forensic Techniques Thanks to… Jim Gordon MSc MBCS Worcester University 12th Nov 2012 Digital Infrastructure.
Professional Development: Group 1 Career Topic COMPUTER FORENSICS.
Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #8 Computer Forensics Data Recovery and Evidence Collection September.
Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #8 Guest Lecture September 21, 2009.
Chapter 9 Computer Forensics Analysis and Validation Guide to Computer Forensics and Investigations Fourth Edition.
Module 3 Configuring File Access and Printers on Windows 7 Clients.
Operating Systems Concepts 1/e Ruth Watson Chapter 10 Chapter 10 Shares and Permissions Ruth Watson.
MCSE Guide to Microsoft Windows Vista Professional Chapter 5 Managing File Systems.
Computer Security Fundamentals by Chuck Easttom Chapter 14 Introduction to Forensics.
Unit 2—Using the Computer Lesson 9 Windows and File Management.
 Forensics  Application of scientific knowledge to a problem  Computer Forensics  Application of the scientific method in reconstructing a sequence.
HTML JAVASCRIPT. CONTENTS Javascript Example NOSCRIPT Tag Advantages Summary Exercise.
Module 4: Managing Access to Resources. Overview Overview of Managing Access to Resources Managing Access to Shared Folders Managing Access to Files and.
11Digital Evidence as Alibi Dr. John P. Abraham Professor UTPA.
Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #8 File Systems September 22, 2008.
Introduction to Blackboard Rabie A. Ramadan Session 2.
Chapter 15 ©2011 Eoghan Casey. Published by Elsevier Inc. All rights reserved. Computer Basics for Digital Investigators.
Computer Forensics Tim Foley COSC 480 Nov. 17, 2006.
By: Tom Maloney. Overview What is ProDiscover What it can be used for A few quick tools A real example ProDiscover vs. ENCASE ProDiscover IR Applications.
Computer Forensics. OVERVIEW OF SEMINAR Introduction Introduction Defining Cyber Crime Defining Cyber Crime Cyber Crime Cyber Crime Cyber Crime As Global.
An Introduction to Programming with Alice Text and Sound in Alice Worlds.
Instant File Recovery and Data Protection for Windows ® Networks.
Computer Security Fundamentals
Microsoft /6/ :30 PM BRK3293 Explore adventures in the underland: Forensic techniques against hackers evading the hook Paula Januszkiewicz.
VMware Data Recovery to Recover Data from VMDK File.
Computer Forensics Discovery and recovery of digital evidence
1. Select tools 2. From the dropdown menu choose Internet Options.
COEN 252: Computer Forensics
3.1 Basic Concept of Directory and Sub-directory
Research Paper Overview.
Title Introduction: Discussion & Conclusion: Methods & Results:
Presentation transcript:

Presented by Kofi Appiah Nuamah NTFS Forensics with Disk Explorer Project 3.1

Intrusion investigations can involve the investigation of file systems for deleted data, hidden files and alternate data streams. The assignment was to create, delete and recover data in NTFS. An Alternate Data stream will also be created and investigated using Runtime’s NTDisk Explorer. Introduction

The created file viewed in Disk ExplorerCreating the folder and text file Demonstration

Exploring the $LOG records for the fileNavigating the $MFT for the deleted mytxt.txt file Demonstration

Viewing the ADS content in notepadCreating the Alternate Data Stream Demonstration

Viewing the ADS HeaderInvestigating the Alternate Data Stream Demonstration

Viewing the ADS BodyInvestigating the Alternate Data Stream Demonstration The body reveals the hidden text as; “ Hello World –I have now hidden this data”.

From the exercise, it can be seen how a suspect may hide data or delete them in order to obstruct an investigation. It is important for investigators to know how to manipulate file systems and data structures to retrieve evidence. Conclusion

Carvey, H. (2005). Knowing what to look for. In Windows Forensics and Incident Recovery (pp ). Boston, MA: Pearson Education. Reference

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.