Difference between pages "New Technology File System (NTFS)" and "User talk:Simsong"

From Forensics Wiki
(Difference between pages)
Jump to: navigation, search
 
m (Tools)
 
Line 1: Line 1:
The '''New Technology File System''' ('''NTFS''') is a [[file system]] developed and introduced by [[Microsoft]] in 1993 with [[Windows]] 3.1. As a replacement for the [[FAT]] file system, it quickly became the standard for [[Windows 2000]], [[Windows XP]] and [[Windows Server 2003]].
+
== Categories ==
  
The features of NTFS include:
+
As a Wikipedia user, I have noticed that none of your articles have categories. Did you know that categories exist in MediaWiki? If yes, is there a reason? I would like to start work on it. [[Special:Categories]], http://meta.wikimedia.org/wiki/Help:Category --[[User:Midnightcomm|Midnightcomm]] 01:09, 23 April 2006 (EDT)
  
* [[Hard-links]]
+
:Woah, I don't know much about Categories. How would I add them? What are they for?
* Improved performance, reliability and disk space utilization
+
* Security [[access control lists]]
+
* File system journaling
+
  
== Time Stamps ==
+
::[http://en.wikipedia.org/wiki/Wikipedia:Categorization Categories] are used to help organize pages. I also see that there are no help articles, in the absance if them, I will be using the Wikipedia [http://en.wikipedia.org/wiki/Wikipedia:Manual_of_Style style guides]. --[[User:Midnightcomm|Midnightcomm]] 01:09, 23 April 2006 (EDT)
 +
::<nowiki>[[Category:File Systems]]</nowiki>
  
NTFS keeps track of lots of time stamps. Each file has a time stamp for 'Create', 'Modify', 'Access', and 'Entry Modified'. The latter refers to the time when the MFT entry itself was modified. These four values are commonly abbreviated as the 'MACE' values. Note that other attributes in each MFT record may also contain timestamps that are of forensic value.
+
:::Sounds good to me. We welcome your contributions.
  
Additional information on how NTFS timestamps work when files are moved or copies is available here: [http://support.microsoft.com/kb/299648 Microsoft KB 299648]
+
:::Yay! I'm all for categories. I've started adding some (tools, licenses, OSes, ...), feel free to add more and categorize the articles. --[[User:Uwe Hermann|Uwe Hermann]] 15:03, 23 April 2006 (EDT)
  
=== Changes in Windows Vista  ===
+
::::How do you add categories? --SImson
  
In Windows Vista, NTFS no longer tracks the Last Access time of a file by default. This feature can be enabled by the user if desired.
+
::::: Usually you just add <nowiki>[[Category:Foobar]]</nowiki> somewhere at the bottom of the page, more info [http://meta.wikimedia.org/wiki/Help:Category here]. For the tools, I have incorporated the category into the Infobox, see [[dd]] for an example. It looks a bit stupid in the wiki source, but keeps the wiki category and the "Genre:" classification in one place, which is important IMHO. Btw, you can sign your "posts" with "<nowiki>--~~~~</nowiki>" which will expand to username and date, just like on this post. --[[User:Uwe Hermann|Uwe Hermann]] 21:45, 2 May 2006 (EDT)
  
== Alternate Data Streams ==
+
== Tools ==
The '''NTFS''' file system includes a feature referred to as Alternate Data Streams (ADSs).  This feature has also been referred to as "multiple data streams", "alternative data streams", etc.  ADSs were included in '''NTFS''' in order to support the resource forks employed by the Hierarchal File System (HFS) employed by Macintosh systems. 
+
  
As of [[Windows XP]] SP2, files downloaded via Internet Explorer, Outlook, and Windows Messenger were automatically given specific "zoneid" ADSs. The Windows Explorer shell would then display a warning when the user attempted to execute these files (by double-clicking them).
+
Hi, a quick message regarding [[Tools]]: it's true that [[Tools]] was getting quite big, but I think one page which lists ''all'' tools with a one-liner description is actually quite useful. For better readability and so on, I suggest we use categories which breaks up the tools quite nicely, too. Thoughts? --[[User:Uwe Hermann|Uwe Hermann]] 15:26, 30 April 2006 (EDT)
  
Sysadmins should be aware that prior to Vista, there are no tools native to the [[Windows]] platform that would allow you to view the existence of arbitrary ADSs. While ADSs can be created and their contents executed or viewed, it wasn't until the "/r" switch was introduced with the "dir" command on Vista that arbitrary ADSs would be visible. Prior to this, tools such as [http://www.heysoft.de/Frames/f_sw_la_en.htm LADS] could be used to view the existence of these files.
+
:Well, there are so many different kinds of tools. I don't see the advantage of having tools about reconstructing MBRs on the same page as tools that do anti-forensics. Somebody who wants to see all of the tools can do a search for "Tools."
  
Examiners should be aware that most forensic analysis applications, including EnCase and ProDiscover, will display ADSs found in acquired images in red.
+
::Hm, true. Maybe there's a possibility to show all items in a category (and it's subcategories) on one page, that'd be nice and sufficient. Will check... --[[User:Uwe Hermann|Uwe Hermann]] 21:45, 2 May 2006 (EDT)
  
== External links ==
+
:::How do you get that nice User: stuff inserted automatically? Anyway, I think that putting the analysis tools all on one page makes sense. But not imaging tools, or steg-tools, or visualization tools. Thanks for the info on categories.
* [http://en.wikipedia.org/wiki/NTFS Wikipedia: NTFS]
+
[[Category:Disk file systems]]
+

Revision as of 21:02, 3 May 2006

Categories

As a Wikipedia user, I have noticed that none of your articles have categories. Did you know that categories exist in MediaWiki? If yes, is there a reason? I would like to start work on it. Special:Categories, http://meta.wikimedia.org/wiki/Help:Category --Midnightcomm 01:09, 23 April 2006 (EDT)

Woah, I don't know much about Categories. How would I add them? What are they for?
Categories are used to help organize pages. I also see that there are no help articles, in the absance if them, I will be using the Wikipedia style guides. --Midnightcomm 01:09, 23 April 2006 (EDT)
[[Category:File Systems]]
Sounds good to me. We welcome your contributions.
Yay! I'm all for categories. I've started adding some (tools, licenses, OSes, ...), feel free to add more and categorize the articles. --Uwe Hermann 15:03, 23 April 2006 (EDT)
How do you add categories? --SImson
Usually you just add [[Category:Foobar]] somewhere at the bottom of the page, more info here. For the tools, I have incorporated the category into the Infobox, see dd for an example. It looks a bit stupid in the wiki source, but keeps the wiki category and the "Genre:" classification in one place, which is important IMHO. Btw, you can sign your "posts" with "--~~~~" which will expand to username and date, just like on this post. --Uwe Hermann 21:45, 2 May 2006 (EDT)

Tools

Hi, a quick message regarding Tools: it's true that Tools was getting quite big, but I think one page which lists all tools with a one-liner description is actually quite useful. For better readability and so on, I suggest we use categories which breaks up the tools quite nicely, too. Thoughts? --Uwe Hermann 15:26, 30 April 2006 (EDT)

Well, there are so many different kinds of tools. I don't see the advantage of having tools about reconstructing MBRs on the same page as tools that do anti-forensics. Somebody who wants to see all of the tools can do a search for "Tools."
Hm, true. Maybe there's a possibility to show all items in a category (and it's subcategories) on one page, that'd be nice and sufficient. Will check... --Uwe Hermann 21:45, 2 May 2006 (EDT)
How do you get that nice User: stuff inserted automatically? Anyway, I think that putting the analysis tools all on one page makes sense. But not imaging tools, or steg-tools, or visualization tools. Thanks for the info on categories.
Retrieved from "http://www.forensicswiki.org/w/index.php?title=New_Technology_File_System_(NTFS)&oldid=4576"
Personal tools
Namespaces

Variants
Actions
Navigation:
About forensicswiki.org:
Toolbox