원문정보
초록
영어
An anti-forensic data hiding method in an NTFS index record is a method designed for anti- forensics, which records data as a file name in index entries and thereafter the index entries are made to remain in the intentionally generated slack area in a 4KB-sized index record[7]. In this paper, we propose a maximum data allocation rule for an anti-forensic data hiding method in an NTFS index record; i.e., a computational method for storing optimal data to hide data in an index record of NTFS is developed and the optimal solution is obtained by applying the method. We confirm that the result of analyzing the case where the number of index entries n = 7 is the maximum case, and show the screen captures of index entries as experimental results.
목차
1. Introduction
2. Problems
3. Algorithm of data hiding method and data structure
3.1 Data hiding method in an index record of NTFS
3.2 Schematic diagram of a relationship between MFT entry and index record
3.3 Data structure of an index record and an index entry
4. A maximum data allocation rule for the anti-forensic data hiding method
5. Experiments
6. Conclusion
Acknowledgement
References