In this paper we have discussed the various methods to hide users data in ADS, showed the locations where user can create ADS and where should forensic examiner find such hidden evidences. The ADS present in deleted file may get overlooked as it is less known in forensic experts. ![]() Its Alternate Data Streams (ADS) feature allows the user to hide data in the file system, thus the forensic investigator cannot neglect this fact while doing forensic investigation. The NTFS file system is the most commonly used file system for Microsofts operating systems. ADS Examiner: Tool for NTFS Alternate Data Streams Forensics AnalysisÄepartment of Computer Engineering Veermata Jijabai Technological Institute, Matunga, Mumbai, Maharashtra, India.(1)(2)
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
June 2023
Categories |