A Contemporary Investigation of NTFS File Fragmentation

Autor: Jeroen van den Bos, Hugo Jonker, Vincent van der Meer
Přispěvatelé: RS-Research Line Security and privacy (part of THIS program), Department of Computer Science, RS-Research Line Resilience (part of LIRS program)
Rok vydání: 2021
Předmět:
Zdroj: Forensic Science International: Digital Investigation, 38:301125. Elsevier Advanced Technology
van der Meer, V, Jonker, H L & van den Bos, J 2021, ' A Contemporary Investigation of NTFS File Fragmentation ', Forensic Science International: Digital Investigation, vol. 38, 301125 . https://doi.org/10.1016/j.fsidi.2021.301125
Forensic Science International, 38, Supplement, pp. 1-11
Forensic Science International, 38, 1-11
ISSN: 0379-0738
2666-2817
DOI: 10.1016/j.fsidi.2021.301125
Popis: There is a significant amount of research in digital forensics into analyzing file fragments or reconstructing fragmented data. At the same time, there are no recent measurements of fragmentation on current, in-use computer systems. To close this gap, we have analyzed file fragmentation from a corpus of 220 privately owned Windows laptops.We provide a detailed report of our findings. This includes contemporary fragmentation rates for a wide variety of image-, video-, office-, database-, and archive-related extensions. Our data substantiates the earlier finding that fragments for a significant portion of fragmented files are stored out-of-order. We define metrics to measure the degree of “out-of-orderedness” and find that the average degree of out-of-orderedness is non-negligible. Finally, we find that there is a significant group of fragmented files for which reconstruction is insufficiently addressed by current tooling.
Databáze: OpenAIRE
Externí odkaz: