hh.sePublikasjoner
EnglishSvenskaNorsk
Endre søk
RefereraExporteraLink to record
Permanent link

Direct link
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annet format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annet språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf
An Empirical Study of the NTFS Cluster Allocation Behavior Over Time
Norges teknisk-naturvitenskapelige universitet, Trondheim, Norway; Totalforsvarets forskningsinstitut, Stockholm, Sweden.
Norges teknisk-naturvitenskapelige universitet, Trondheim, Norway; Norwegian Defence Cyber Academy (NDCA), Norway.
Högskolan i Halmstad, Akademin för informationsteknologi, Halmstad Embedded and Intelligent Systems Research (EIS). Högskolan i Halmstad.
2020 (engelsk)Inngår i: Forensic Science International: Digital Investigation, ISSN 2666-2817, Vol. 33Artikkel i tidsskrift (Fagfellevurdert) Published
Abstract [en]

© 2020 The Author(s)The amount of data to be handled in digital forensic investigations is continuously increasing, while the tools and processes used are not developed accordingly. This especially affects the digital forensic sub-field of file carving. The use of the structuring of stored data induced by the allocation algorithm to increase the efficiency of the forensic process has been independently suggested by Casey and us. Building on that idea we have set up an experiment to study the allocation algorithm of NTFS and its behavior over time from different points of view. This includes if the allocation algorithm behaves the same regardless of Windows version or size of the hard drive, its adherence to the best fit allocation strategy and the distribution of the allocation activity over the available (logical) storage space. Our results show that space is not a factor, but there are differences in the allocation behavior between Windows 7 and Windows 10. The results also show that the allocation strategy favors filling in holes in the already written area instead of claiming the unused space at the end of a partition and that the area with the highest allocation activity is slowly progressing from approximately 10 GiB into a partition towards the end as the disk is filling up.
sted, utgiver, år, opplag, sider
Elsevier Ltd , 2020. Vol. 33
Emneord [en]
Allocation algorithm, Cluster allocation pattern, Digital forensics, File carving, NTFS
HSV kategori
Identifikatorer
URN: urn:nbn:se:hh:diva-44660DOI: 10.1016/j.fsidi.2020.301008ISI: 000582272700007Scopus ID: 2-s2.0-85106664524OAI: oai:DiVA.org:hh-44660DiVA, id: diva2:1564107
Tilgjengelig fra: 2021-06-11 Laget: 2021-06-11 Sist oppdatert: 2021-10-20bibliografisk kontrollert

Open Access i DiVA

Fulltekst mangler i DiVA

Andre lenker

Forlagets fulltekstScopusFulltext

Person

Axelsson, Stefan

Søk i DiVA

Av forfatter/redaktør
Axelsson, Stefan
Av organisasjonen

Søk utenfor DiVA

GoogleGoogle Scholar

doi
urn-nbn

Altmetric

doi
urn-nbn
Totalt: 76 treff
RefereraExporteraLink to record
Permanent link

Direct link
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annet format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annet språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf
v. 2.45.0
|
WCAG
|
Högskolebiblioteket i Halmstad
|
Info för studenter
|
Info för forskare
|
Logga in