Presentation is loading. Please wait.

Presentation is loading. Please wait.

Presented by Kofi Appiah Nuamah NTFS Forensics with Disk Explorer Project 3.1.

Published byRuby Tucker Modified over 8 years ago

Similar presentations

Presentation on theme: "Presented by Kofi Appiah Nuamah NTFS Forensics with Disk Explorer Project 3.1."— Presentation transcript:

1 Presented by Kofi Appiah Nuamah NTFS Forensics with Disk Explorer Project 3.1

2 Intrusion investigations can involve the investigation of file systems for deleted data, hidden files and alternate data streams. The assignment was to create, delete and recover data in NTFS. An Alternate Data stream will also be created and investigated using Runtime’s NTDisk Explorer. Introduction

3 The created file viewed in Disk ExplorerCreating the folder and text file Demonstration

4 Exploring the $LOG records for the fileNavigating the $MFT for the deleted mytxt.txt file Demonstration

5 Viewing the ADS content in notepadCreating the Alternate Data Stream Demonstration

6 Viewing the ADS HeaderInvestigating the Alternate Data Stream Demonstration

7 Viewing the ADS BodyInvestigating the Alternate Data Stream Demonstration The body reveals the hidden text as; “ Hello World –I have now hidden this data”.

8 From the exercise, it can be seen how a suspect may hide data or delete them in order to obstruct an investigation. It is important for investigators to know how to manipulate file systems and data structures to retrieve evidence. Conclusion

9 Carvey, H. (2005). Knowing what to look for. In Windows Forensics and Incident Recovery (pp. 301-378). Boston, MA: Pearson Education. Reference

Download ppt "Presented by Kofi Appiah Nuamah NTFS Forensics with Disk Explorer Project 3.1."

Similar presentations

Computer Forensics: Basics Media Analysis. Agenda Common Data Hiding Techniques Windows Registry Writing files Deleting and Reformatting Recycle Bin.

Computer Forensics: Basics Media Analysis. Agenda Common Data Hiding Techniques Windows Registry Writing files Deleting and Reformatting Recycle Bin.
Computer Forensics BACS 371

Computer Forensics BACS 371
 Overview User Accounts Groups User Rights Permissions.

 Overview User Accounts Groups User Rights Permissions.
Computer Forensics, The Investigators Persepective Paul T. Mobley Sr. Computer Forensics Consultant Jawz Inc.

Computer Forensics, The Investigators Persepective Paul T. Mobley Sr. Computer Forensics Consultant Jawz Inc.
Digital Forensics Module 11 CS 996. 4/26/2004Module 112 Outline of Module #11 Overview of Windows file systems Overview of ProDiscover Overview of UNIX.

Digital Forensics Module 11 CS /26/2004Module 112 Outline of Module #11 Overview of Windows file systems Overview of ProDiscover Overview of UNIX.
Guide to Computer Forensics and Investigations Fourth Edition

Guide to Computer Forensics and Investigations Fourth Edition
Windows XP File System Management Group D. 3 Layers of Drivers Filter Drivers Filter Drivers –Virus protection, compression, encryption File System Drivers.

Windows XP File System Management Group D. 3 Layers of Drivers Filter Drivers Filter Drivers –Virus protection, compression, encryption File System Drivers.
COS 413 Day 13. Agenda Questions? Assignment 4 Due Assignment 5 posted –Due Oct 21 Capstone proposal Due Oct 17 Lab 5 on Oct 15 in N105 –Hands-on Projects.

COS 413 Day 13. Agenda Questions? Assignment 4 Due Assignment 5 posted –Due Oct 21 Capstone proposal Due Oct 17 Lab 5 on Oct 15 in N105 –Hands-on Projects.
Lecture 10: The FAT, VFAT, and NTFS Filesystems 6/17/2003 CSCE 590 Summer 2003.

Lecture 10: The FAT, VFAT, and NTFS Filesystems 6/17/2003 CSCE 590 Summer 2003.
Computer Forensics Principles and Practices by Volonino, Anzaldua, and Godwin Chapter 7: Investigating Windows, Linux, and Graphics Files.

Computer Forensics Principles and Practices by Volonino, Anzaldua, and Godwin Chapter 7: Investigating Windows, Linux, and Graphics Files.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 7: Advanced File System Management.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 7: Advanced File System Management.
MCT260-Operating Systems I Operating Systems I Routine File Management Part Two.

MCT260-Operating Systems I Operating Systems I Routine File Management Part Two.
Guide to Computer Forensics and Investigations Third Edition

Guide to Computer Forensics and Investigations Third Edition
COS/PSA 413 Day 3. Agenda Questions? Blackboard access? Assignment 1 due September 3:35PM –Hands-On Project 1-2 and 2-2 on page 26 of the text Finish.

COS/PSA 413 Day 3. Agenda Questions? Blackboard access? Assignment 1 due September 3:35PM –Hands-On Project 1-2 and 2-2 on page 26 of the text Finish.
COS/PSA 413 Day 16. Agenda Lab 7 Corrected –2 A’s, 1 B and 2 F’s –Some of you need to start putting more effort into these labs –I also expect to be equal.

COS/PSA 413 Day 16. Agenda Lab 7 Corrected –2 A’s, 1 B and 2 F’s –Some of you need to start putting more effort into these labs –I also expect to be equal.
COS/PSA 413 Day 5. Agenda Questions? Assignment 2 Redo –Due September 3:35 PM Assignment 3 posted –Due September 3:35 PM Quiz 1 on September.

COS/PSA 413 Day 5. Agenda Questions? Assignment 2 Redo –Due September 3:35 PM Assignment 3 posted –Due September 3:35 PM Quiz 1 on September.
Computer Forensics What is Computer Forensics? What is the importance of Computer Forensics? What do Computer Forensics specialists do? Applications of.

Computer Forensics What is Computer Forensics? What is the importance of Computer Forensics? What do Computer Forensics specialists do? Applications of.
COS/PSA 413 Day 15. Agenda Assignment 3 corrected –5 A’s, 4 B’s and 1 C Lab 5 corrected –4 A’s and 1 B Lab 6 corrected –A, 2 B’s, 1 C and 1 D Lab 7 write-up.

COS/PSA 413 Day 15. Agenda Assignment 3 corrected –5 A’s, 4 B’s and 1 C Lab 5 corrected –4 A’s and 1 B Lab 6 corrected –A, 2 B’s, 1 C and 1 D Lab 7 write-up.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 7: Advanced File System Management.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 7: Advanced File System Management.
Encase Overview. What is Encase EnCase Forensic is the industry standard in computer forensic investigation technology. Encase is a single tool, capable.

Encase Overview. What is Encase EnCase Forensic is the industry standard in computer forensic investigation technology. Encase is a single tool, capable.

Similar presentations

Ads by Google