| NTFS系统下“小文件”取证软件的设计与实现 |
| |
| 引用本文: | 徐国天.NTFS系统下“小文件”取证软件的设计与实现[J].信息网络安全,2011(8):38-40. |
| |
| 作者姓名: | 徐国天 |
| |
| 作者单位: | 中国刑警学院,辽宁沈阳,110854 |
| |
| 摘 要: | 文章介绍了通过MFT文件记录恢复"小文件"的方法,介绍了"小文件"恢复需要解决的乱码问题和多次删除数据的恢复问题,介绍了"小文件"取证软件的总体执行流程图和测试情况。该软件可以自动扫描NTFS系统的$MFT元文件,从$MFT元文件中依次找出每个包含"小文件"数据的MFT记录,如果某个MFT记录包含可以恢复的数据,则将其恢复出来。
|
| 关 键 词: | MFT文件记录 小文件 取证 恢复 |
The Design and Implementation of Small File Forensics Software in NTFS System |
| |
| XU Guo-tian.The Design and Implementation of Small File Forensics Software in NTFS System[J].Netinfo Security,2011(8):38-40. |
| |
| Authors: | XU Guo-tian |
| |
| Affiliation: | XU Guo-tian ( China Criminal Police College,LiaoNing Shenyang 110854,China ) |
| |
| Abstract: | In this paper,The method to restore small file was described in detail, This method used the MFT file record. Garbage problem and delete data recovery problem were described in detail. The flow chart of software was described in detail. The software could automatically scan the file $ MFT of NTFS system. It could automatically find the MFT record of each small file. If an MFT record contains data that can be recovered, thenthe data will be recovered. |
| |
| Keywords: | MFT file record small file Forensics recovery |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
