NTFS Analysis
Premium roomExplore the NTFS file system, its layout, and important components.
medium
To access material, start machines and answer questions login.
(New Technology ) is the default for Windows operating systems, developed by Microsoft. This is known for its robustness, scalability, advanced features like file permissions, encryption, journaling, and support for large files and partitions. organizes data in a way that makes it efficient for the operating system and significant for forensic investigations.
As we dive deep into , we will learn that it provides a wealth of information about the system we are investigating or about user activities that could come in handy during the investigation. In this room, we will dive into the details of what is, how it is structured, and how important it is to understand structure and capabilities from a forensics perspective.
Learning Objective
In this room, we will cover the following learning objectives:
- What is and its structure?
- What is the Master File Table (MFT) and what information does it contain?
- How to identify the deleted files.
- How to track activities using Journals.
Prerequisites
This room expects users to complete or go through the following rooms:
Let's dive in.
Continue to the next task.
Ready to learn Cyber Security?
The NTFS Analysis room is only available for premium users. Signup now to access more than 500 free rooms and learn cyber security through a fun, interactive learning environment.
Already have an account? Log in