March 2005
Beginner to intermediate
600 pages
16h 26m
English
Content preview from File System Forensic AnalysisBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
13. NTFS Data Structures
This is the third and final chapter devoted to NTFS, and here we will examine its data structures. The previous two chapters examined the basic concepts of NTFS and how to analyze it. For many, the information covered thus far is sufficient, but others of us want to know more about what is going on. This chapter is organized so that we cover the data structures of the basic elements first and then examine the specific attributes and index types. Lastly, the file system metadata files are covered. Unlike the other file system chapters, this one was written so that it should be read after Chapter 11, “NTFS Concepts,” and Chapter 12, “NTFS Analysis.” The first part of the chapter can be read in parallel with Chapter 11