Recovering Deleted Files from NTFS
Journal: International Journal of Science and Research (IJSR) (Vol.5, No. 5)Publication Date: 2016-05-05
Authors : Rincy Roy Oommen; Princy Sugathan;
Page : 205-208
Keywords : Forensics; Data Recovery; File System; NTFS; MFT Entry;
Abstract
Recovering lost and deleted information is one of the main part in Digital Forensics. Data recovery is a process which finds and recover data, in which there may be some risks happens, for no all situations can be defined or arranged previously. Data recovery also retrieves lost, deleted, unusable or inaccessible data that lost for various reasons. In computer forensics, the main source of evidence is the data which is stored in the file. The file system is used to manage all files present on the disk. A suspect can remove evidence by deleting evidence containing files. So, it is important for forensic investigator to get back the deleted evidences. This paper described the structure of the NTFS file system and proposed a method to recover deleted files from the system by analysing the MFT entry and also detects the directory from which the file was deleted.
Other Latest Articles
Last modified: 2021-07-01 14:37:34