Abstract
![CDATA[Backup utilities for the Windows environment are designed to work with the NTFS file format, but they typically provide only partial compatibility with Alternate Data Streams (ADSs)*. In particular, computer forensics tools are typically capable of discovering ADSs in the file system under investigation, but not necessarily in the backups of such file systems. We examined a number of commonly used backup utilities, and initially classified them into two broad categories: non-ADS aware (ADS lost during backup), and ADS aware. Further, we discovered that within the "ADS aware" category different tools behave differently, provide varying amounts of information about ADSs during backup/restore process, and often lose data. We propose a new classification of backup software based on the treatment of ADSs during backup and restore operations, and discuss its implications for forensic investigation of file system backups.]]
Original language | English |
---|---|
Title of host publication | Current Computing Developments in E-Commerce, Security, HCI, DB, Collaborative and Cooperative Systems |
Publisher | ATINER |
Number of pages | 11 |
ISBN (Print) | 9606672077 |
Publication status | Published - 2006 |
Event | International Conference on Computer Science and Information Systems - Duration: 1 Jan 2006 → … |
Conference
Conference | International Conference on Computer Science and Information Systems |
---|---|
Period | 1/01/06 → … |
Keywords
- computer forensics
- Alternate Data Streams
- NTFS
- file systems
- backup