News Updates Thursday 26th Dec 2024 :
  • Welcome to INPRESSCO, world's leading publishers, We have served more than 10000+ authors
  • Articles are invited in engineering, science, technology, management, industrial engg, biotechnology etc.
  • Paper submission is open. Submit online or at editor.ijcet@inpressco.com
  • Our journals are indexed in NAAS, University of Regensburg Germany, Google Scholar, Cross Ref etc.
  • DOI is given to all articles

Disk based Forensics Analysis


Author : Premchand Ambhore, Archana Wankhade and B.B.Meshram

Pages : 389-392, DOI: https://doi.org/10.14741/ijcet/v.8.2.33
Download PDF
Abstract

Today computer systems have become integral part of our life. Its penetration in personal and organizational level has increased rapidly in last couple of years. Majority of data is now present in digital form which includes personal data like photos & videos, government documents, secrete and confidential reports of organizations, etc. This change in technology is also adopted by criminals to perform their illegal activities. Use of computers for performing crimes has increased therefore it has become necessary for investigator to collect and process evidences from suspect’s computer. Windows 7 has become mainstream operating system for users and thus its forensics investigation is becoming important. There are various places in Windows 7 which can be used in forensics analysis; some of the areas of interest are windows registry and the underlying NTFS file system. Registry contains valuable information that can be helpful for the forensics analysis. Registry contains the basic information like date when Operating System installed, owner name and the advanced information such as the software installed on system, history of recently used documents and so on, which will help the analyst to decide the way of further analysis of system depending on the its environment. The NTFS file system is native file system for Microsoft’s Windows 7 which is used to manage files present on disk. Suspect can hide data in the file system using its Alternate Data Streams feature. He/She can also remove evidence present on disk by deleting files containing evidences. It is important for forensic investigator to get back the evidences from hidden and deleted files by suspect. In this paper we have proposed and implemented tool that will be useful for performing forensics analysis of windows 7 registry, underlying NTFS file systems Alternate Data Streams and recovery of deleted files. This tool will helps in saving efforts and time of investigator in its investigation.

Keywords: Ntfs, Windows OS, Data, Collecting, Preserving, Analyzing.

Article published in International Journal of Current Engineering and Technology, Vol.8, No.2 (March/April 2018)

Call for Papers
  1. IJCET- Current Issue
  2. Issues are published in Feb, April, June, Aug, Oct and Dec
  3. DOI is given to all articles
  • Inpressco Google Scholar
  • Inpressco Science Central
  • Inpressco Global impact factor
  • Inpressco aap

International Press corporation is licensed under a Creative Commons Attribution-Non Commercial NoDerivs 3.0 Unported License
©2010-2023 INPRESSCO® All Rights Reserved