hh.sePublications
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Using the Object ID index as an investigative approach for NTFS file systems
Norwegian University of Science and Technology, Trondheim, Norway & Norwegian Police University College, Oslo, Norway. (TESTIMON)
Norwegian Police University College, Oslo, Norway.
Halmstad University, School of Information Technology, Halmstad Embedded and Intelligent Systems Research (EIS). Norwegian University of Science and Technology, Trondheim, Norway.
2019 (English)In: Digital Investigation. The International Journal of Digital Forensics and Incident Response, ISSN 1742-2876, E-ISSN 1873-202X, Vol. 28, no Supplement, p. S30-S39Article in journal (Refereed) Published
Abstract [en]

When investigating an incident it is important to document user activity, and to document which storage device was connected to which computer. We present a new approach to documenting user activity in computer systems using the NTFS file system by using the $ObjId Index to document user activity, and to correlate this index with the corresponding records in the MFT table. This may be the only possible approach when investigating external NTFS storage devices, and is hence a valuable addition to the storage forensics toolbox. © 2019 Rune Nordvik, Fergus Toolan, Stefan Axelsson

Place, publisher, year, edition, pages
Kidlington: Elsevier, 2019. Vol. 28, no Supplement, p. S30-S39
Keywords [en]
User activity, NTFS, Object ID
National Category
Computer Sciences
Identifiers
URN: urn:nbn:se:hh:diva-39450DOI: 10.1016/j.diin.2019.01.013ISI: 000465506500005Scopus ID: 2-s2.0-85064883237OAI: oai:DiVA.org:hh-39450DiVA, id: diva2:1317353
Available from: 2019-05-22 Created: 2019-05-22 Last updated: 2019-06-07Bibliographically approved

Open Access in DiVA

No full text in DiVA

Other links

Publisher's full textScopus

Authority records

Axelsson, Stefan

Search in DiVA

By author/editor
Axelsson, Stefan
By organisation
Halmstad Embedded and Intelligent Systems Research (EIS)
In the same journal
Digital Investigation. The International Journal of Digital Forensics and Incident Response
Computer Sciences

Search outside of DiVA

GoogleGoogle Scholar

doi
urn-nbn

Altmetric score

doi
urn-nbn
Total: 75 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf