본문 바로가기
  • Home

Ordinary B-tree vs NTFS B-tree: A Digital Forensics Perspectives

  • Journal of The Korea Society of Computer and Information
  • Abbr : JKSCI
  • 2017, 22(8), pp.73-83
  • DOI : 10.9708/jksci.2017.22.08.073
  • Publisher : The Korean Society Of Computer And Information
  • Research Area : Engineering > Computer Science
  • Received : August 3, 2017
  • Accepted : August 14, 2017
  • Published : August 31, 2017

Cho Gyu Sang 1

1동양대학교

Accredited

ABSTRACT

In this paper, we discuss the differences between an ordinary B-tree and B-tree implemented by NTFS. There are lots of distinctions between the two B-tree, if not understand the distinctions fully, it is difficult to utilize and analyze artifacts of NTFS. Not much, actually, is known about the implementation of NTFS, especially B-tree index for directory management. Several items of B-tree features are performed that includes a node size, minimum number of children, root node without children, type of key, key sorting, type of pointer to child node, expansion and reduction of node, return of node. Furthermore, it is emphasized the fact that NTFS use B-tree structure not B+structure clearly.

Citation status

* References for papers published after 2022 are currently being built.

This paper was written with support from the National Research Foundation of Korea.