12. NTFS Analysis
This is the second NTFS chapter, and we will now start to discuss analysis techniques and considerations using the five-category model presented in Chapter 8, “File System Analysis.” NTFS is much different from other file systems, so we covered the core NTFS concepts in the previous chapter before diving into this material. If you are not familiar with NTFS and skipped Chapter 11, I recommend returning to it before starting this chapter. Chapter 13, “NTFS Data Structures,” covers the data structures for NTFS. Most of this book has been organized so that you can read the file system analysis and data structure chapters in parallel. This is more difficult with NTFS because everything is a file, and it is difficult to show the ...
Get File System Forensic Analysis now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
