NTFS file system explained: understanding resident and non-resident files - Computer forensics

preview_player
Показать описание

The goal of the Computer forensics course is to teach you how to collect evidence in case of an incident and to investigate how the intruders came in, what data they have stolen, if they have harmed your system.
In addition we will give you advice on what you can do to block the next attack.

The Computer forensics course will cover:
- Recovering NTFS file system and looking for evidence
- Recovering FAT16 and FAT32 file system
- Acquiring saved passwords from the password managers of browsers
- Browser history and cache file recovery to investigate the users’ internet usage
- Getting the content (e.g. emails, contacts) from an encrypted Outlook PST file
- Recovery of Exchange MDB, Active Directory NTDS.DIT and similar files
- ZIP file recovery
- RAM analysis of Windows and Linux servers with Volatility

IN THIS TUTORIAL of the Computer forensics course you will learn the inner workings of the NTFS file system to be able to recover files and look for evidence later.
For this we will cover:
01:21 Role of the resident files and how to retrieve them
24:36 Non-resident files in NTFS and their role in the file system

Please note that this computer forensics tutorial is for educational purposes only.

SUBSCRIBE NOW FOR NEW FREE IT TUTORIALS!

SUBSCRIBE TO OUR EMAIL LIST!

FOLLOW US!

----------------------------------------------------------------------------------------------------------
  1. Duckademy IT courses
  2. Computer forensics
  3. tutorial
  4. ntfs
  5. file system
  6. windows
Рекомендации по теме
Explaining File Systems: 0:11:05

Explaining File Systems: NTFS, exFAT, FAT32, ext4 & More

FAT32 vs exFAT 0:08:01

FAT32 vs exFAT vs NTFS - Windows File Systems

NTFS File System 0:32:13

NTFS File System Explained

NTFS file system 0:44:30

NTFS file system explained: understanding resident and non-resident files - Computer forensics

NTFS vs FAT32 0:14:16

NTFS vs FAT32 vs exFAT - Everything You Need To Know

Anatomy of an 0:11:45

Anatomy of an NTFS FILE Record - Windows File System Forensics

Files & File 0:12:03

Files & File Systems: Crash Course Computer Science #20

File Systems as 0:05:46

File Systems as Fast As Possible

Recover Deleted Files 0:00:49

Recover Deleted Files in NTFS

NTFS and MFT 0:34:32

NTFS and MFT

NTFS Forensics and 0:21:56

NTFS Forensics and the Master File Table

What is NTFS? 0:01:14

What is NTFS? Explain NTFS, Define NTFS, Meaning of NTFS

What Is A 0:07:54

What Is A File System?

The 'New' File 0:11:37

The 'New' File System in Windows: ReFS

File System Concept 0:02:44

File System Concept

Under the File 0:26:51

Under the File System: Dive Deep into NTFS & ReFS!

FAT File System 0:08:39

FAT File System Explained

What are Drive 0:06:16

What are Drive Partitions?

File Allocation Table 0:02:55

File Allocation Table

How to Configure 0:03:32

How to Configure NTFS File System?

The Windows File 0:04:28

The Windows File System (Part 1) // Windows Fundamentals // EP 5

NTFS in Linux 0:06:04

NTFS in Linux 5.15 | What it Means for Linux

Linux Directories Explained 0:02:53

Linux Directories Explained in 100 Seconds

The Master File 0:16:03

The Master File Table Lecture Video Part 1

Комментарии
Автор

An explanation right down to the byte level.
Pretty much nothing more to learn once one understands it at this level.

DrJams
Автор

How would you do a run list if the data was fragmented? How would it be different?

TotalTech.
Автор

Hello again. If a partition table was zeroed out is there any tool that I could use to recover it. What I mean by this is not just the files but a tool which will rebuild the partition table and link the clusters?

TotalTech.
Автор

I am wondering, where did value 0x23 came from? I have checked on my NTFS partition and it is indeed true thah you have to add (0x23 * 0x400) to MFT starting offset to get first user files entries. But why is it 0x23 and also why other sources claim its 16?

tasgbee
Автор

Is it really necessary to understand Unix and Command Prompt for computer forensics. Would a tool like Encase or FTK work just as good?

TotalTech.
Автор

Thank You very much for your video. Would you be so kind to explain how to parse information about directory content? For example: how to list it?

KnockedDownBySound
Автор

If the disk was partitioned would every partition contain its own Boot Sector and $MFT record regardless of whether the partition was actually bootable or not i.e. (just used for storage)?

TotalTech.
Автор

very informative video... (thumbsup) for the hard-work.
If any handouts are available, will definitely help

abhijitsingh
Автор

I have the ntfs-file-sys and only have access to the bios, any help

WhatTheHeckTV
Автор

Hello, im interested in Computer forensics course.
Where can I get complete course?

MAcreator
Автор

De ennék egy zsíros kenyeret xd fuck éhes lettem....

rickmonarch