Analysis of window Transactional NTFS(TxF) and Transactional Registry(TxR) in the digital forensic perspective

Byeongyeong Yoo, Jewan Bang, Kyung Soo Lim, Sangjin Lee

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Transaction indicates that the reservation of original data before committing works by executing a single work as an atomic unit. Transactional NTFS (TxF) is the thing that applies Transaction into on NTFS and is the first introduced in the Windows Vista. As Transactional NTFS, Transactional Registry (TxR) is that applies Transaction functions into Registry. When working on the task that Transaction is applied, the log relating to the work is recorded. Throughout the log, user can check work information. This paper introduces Transactional NTFS and Transactional Registry and analysis logs in the point view of digital forensics. Furthermore, this paper simulates the implement that analyze the Transaction log file.

Original languageEnglish
Title of host publicationProceedings of the 2009 2nd International Conference on Computer Science and Its Applications, CSA 2009
DOIs
Publication statusPublished - 2009 Dec 1
Event2009 2nd International Conference on Computer Science and Its Applications, CSA 2009 - Jeju Island, Korea, Republic of
Duration: 2009 Dec 102009 Dec 12

Other

Other2009 2nd International Conference on Computer Science and Its Applications, CSA 2009
CountryKorea, Republic of
CityJeju Island
Period09/12/1009/12/12

    Fingerprint

Keywords

  • Digital forensic
  • NTFS
  • Registry
  • Transaction

ASJC Scopus subject areas

  • Computational Theory and Mathematics
  • Computer Science Applications

Cite this

Yoo, B., Bang, J., Lim, K. S., & Lee, S. (2009). Analysis of window Transactional NTFS(TxF) and Transactional Registry(TxR) in the digital forensic perspective. In Proceedings of the 2009 2nd International Conference on Computer Science and Its Applications, CSA 2009 [5404233] https://doi.org/10.1109/CSA.2009.5404233