HTDark | Underground Hacking Forum and Cybersecurity Community
  • Earn real money by being active: Hello Guest, earn real money by simply being active on the forum — post quality content, get reactions, and help the community. Once you reach the minimum credit amount, you’ll be able to withdraw your balance directly. Learn how it works.

Windows Cyber Forensics: Analyzing Data Streams in NTFS

Status
Not open for further replies.
itsMe

itsMe

*KillmeMories*
Staff member
Administrator
Super Moderator
Hacker
Specter
Crawler
Shadow
Joined
Jan 8, 2019
Messages
56,610
Solutions
2
Reputation
32
Reaction score
100,454
Points
2,313
Credits
32,620
‎6 Years of Service‎
 
76%
Cyber-Forensics-Analyzing-Data-Streams-in-NTFS.jpg


Adding and Analyzing Resident and Non-Resident Data in NTFS Data Streams and the Master File Table using Hex Editors.

What you'll learn

    Basic understanding and importance of Data Streams
    Adding Resident and Non-Resident Data in the Data Streams
    Analyzing Short and Long Filenames using WinHex
    Analyzing Resident and Non-Resident Data using WinHex
    Verifying existence of Non-Resident Data using HxD

Requirements

    Fundamental knowledge about computers and Windows OS

Description

The course will help students to learn about the basics of Microsoft Windows File System (NTFS), the Master File Table (MFT) and how data is stored in data streams, both primary and alternate. Students will also get to differentiate between resident and non-resident data and learn how to hide data in the ADS. It would also enable students to analyze the data inside and outside of the MFT and to locate the specific cluster/sector on the hard disk where this data is actually stored. Moreover the students will be able to:

    Understand the basics of Alternate Data Streams (ADS), their usage and history

    Adding resident (less than 512 bytes) and non-resident (more than 512 bytes) data in both alternate and primary data streams

    Analyzing the resident data in any stream by locating it inside the MFT using a common Hex Editor

    Analyzing the non-resident data in any stream by locating its actual cluster and sector address on the disk

    Verifying the presence of non-resident data in any data stream with the help of another Hex Editor

    Practically experiment common Forensics tools and Hex Editors for analyzing data in the MFT and otherwise.

This course will turn out to be very useful for the students who want to understand the basics of computer forensics and file systems as it provides insight to analyzing data stored in the data streams.

Who this course is for:

    Cyber Security and forensics related students and professionals

Code: 
https://www.udemy.com/course/understanding-and-analyzing-data-streams-in-ntfs/

To see this hidden content, you must like this content.
 
Status
Not open for further replies.
Back
Top