Journal of Korea Society of Digital Industry and Information Management (디지털산업정보학회논문지)

Korea Society of Digital Industry and Information Management (디지털산업정보학회)
권호 표지
DOI QR코드

DOI QR Code

An Arbitrary Disk Cluster Manipulating Method for Allocating Disk Fragmentation of Filesystem

파일시스템의 클러스터를 임의로 할당하여 디스크를 단편화하기 위한 방법

  • 조규상 (동양대학교 컴퓨터학과)
  • Received : 2020.04.13
  • Accepted : 2020.05.12
  • Published : 2020.06.30
Download PDF
⟨ Previous Next ⟩

Abstract

This study proposes a method to manipulate fragmentation of disks by arbitrarily allocating and releasing the status of a disk cluster in the NTFS file system. This method allows experiments to be performed in several studies related to fragmentation problems on disk cluster. Typical applicable research examples include testing the performance of disk defragmentation tools according to the state of fragmentation, establishing an experimental environment for fragmented file carving methods for digital forensics, setting up cluster fragmentation for testing the robustness of data hiding methods within directory indexes, and testing the file system's disk allocation methods according to the various version of Windows. This method suggests how a single file occupies a cluster and presents an algorithm with a flowchart. It raises three tricky problems to solve the method, and we propose solutions to the problems. Experiments for allocating the disk cluster to be fragmented to the maximum extent possible, it then performs a disk defragmentation experiment to prove the proposed method is effective.

Keywords

References

  1. Wikipedia, File System Fragmentation, https://en.wikipedia.org/wiki/File_system_fragmentation
  2. Microsoft, Inside Windows NT Disk Defragmenting, http://mirrors.arcadecontrols.om/www.sysinternals.com/Information/DiskDefragmenting.html
  3. Microsoft Drive Optimizer, https://en.ikipedia.rg/wiki/Microsoft_rive_ptimizer
  4. Conlan, K., Baggili, I. and Breitinger, F., "Anti-forensics: Furthering digital forensic science through a new extended, granular taxonomy," Digital Investigation, Vol. 18, 2016, pp. S66-S75. https://doi.org/10.1016/j.diin.2016.04.006
  5. Hassan, N. A., and Hijazi, R., Data Hiding Techniques in Windows OS, Elsevier, 2017.
  6. Cho, G.-S., "A New NTFS Anti-Forensic Technique for NTFS Index Entry," The J. of Korea Institute of Information, Electronics, and Communication Technology, Vol.8 No.4, 2015, pp. 327-337. https://doi.org/10.17661/jkiiect.2015.8.4.327
  7. Berghel, H., Hoelzer, D., and Sthultz, M., "Data Hiding Tactics for Windows and Unix File Systems," Advances in Computers, vol. 74, 2008, pp. 1-17. https://doi.org/10.1016/S0065-2458(08)00601-3
  8. Huebner, E., Bem, D. and Wee, C. K., "Data Hiding in the NTFS File System," Digital Investigation, Vol. 3, Issue 4, 2006, pp. 211-226. https://doi.org/10.1016/j.diin.2006.10.005
  9. Karresand, M., Axelsson, S., and Dyrkolbotn, G., "Using NTFS Cluster Allocation Behavior to Find the Location of User Data," Digital Investigation, Vol. 29, 2019, pp. S51-S60. https://doi.org/10.1016/j.diin.2019.04.018
  10. Bahjat, A. and Jones, J., "Deleted file fragment dating by analysis of allocated neighbors," Digital Investigation 28, 2019, pp. S60-S67. https://doi.org/10.1016/j.diin.2019.01.015
  11. Carrier, B., File System Forensic Analysis, Addison-Wesley, 2005.
  12. Cho, G. S., "A Maximum Data Allocation Rule for Anti-forensic Data Hiding Method in NTFS Index Record," Int. J. of Internet, Broadcasting and Communication, Vol.9, No.3, 2017, pp. 17-26. https://doi.org/10.7236/IJIBC.2017.9.3.17

Cited by

  1. Development of a Forensic Analyzing Tool based on Cluster Information of HFS+ filesystem vol.13, pp.3, 2021, https://doi.org/10.7236/ijibc.2021.13.3.178