• AccountabilityFS: A File System Monitor for Forensic Readiness 

      Nordvik, Rune; Liao, Yi-Ching; Langweg, Hanno (Chapter, 2014)
      We present a file system monitor, AccountabilityFS, which prepares an organization for forensic analysis and incident investigation in advance by ensuring file system operation traces readily available. We demonstrate the ...
    • Fallacies when Evaluating Digital Evidence Among Prosecutors in the Norwegian Police Service 

      Erlandsen, Tom Erik (Master thesis, 2019)
      Digitale bevis har vært en naturlig del av bevisbildet i retten i flere år, men fortsatt ser det ut til at digitale bevis skaper usikkerhetsmomenter. Rettsvesenets manglende forståelse for digitale bevis kan potensielt ...
    • Resilient Filesystem 

      Georges, Henry (Master thesis, 2018)
      MICROSOFT developed a new Filesystem, REFS. This Resilient FileSystem is intended to replace NTFS, hence the importance and usage of REFS should increase over the next few years. Although we have been able to use REFS since ...
    • Reverse engineering of ReFS 

      Nordvik, Rune; Georges, Henry; Toolan, Fergus; Axelsson, Stefan (Journal article; Peer reviewed, 2019)
      File system forensics is an important part of Digital Forensics. Investigators of storage media have traditionally focused on the most commonly used file systems such as NTFS, FAT, ExFAT, Ext2-4, HFS+, APFS, etc. NTFS is ...
    • The Paradox of Automation in Digital Forensics 

      Borhaug, Tor Stian (Master thesis, 2019)
      Politimyndigheter må fortløpende implementere strategier og metoder for å møte moderne teknologiske utfordringer. Økende digitalisering skaper muligheter som muliggjør nye metoder, men også utfordringer som fører til økende ...
    • Using the object ID index as an investigative approach for NTFS file systems 

      Nordvik, Rune; Toolan, Fergus; Axelsson, Stefan (Journal article; Peer reviewed, 2019)
      When investigating an incident it is important to document user activity, and to document which storage device was connected to which computer. We present a new approach to documenting user activity in computer systems ...