Blar i NTNU Open på forfatter "Nordvik, Rune"
-
AccountabilityFS: A File System Monitor for Forensic Readiness
Nordvik, Rune; Liao, Yi-Ching; Langweg, Hanno (Chapter, 2014)We present a file system monitor, AccountabilityFS, which prepares an organization for forensic analysis and incident investigation in advance by ensuring file system operation traces readily available. We demonstrate the ... -
Fallacies when Evaluating Digital Evidence Among Prosecutors in the Norwegian Police Service
Erlandsen, Tom Erik (Master thesis, 2019)Digitale bevis har vært en naturlig del av bevisbildet i retten i flere år, men fortsatt ser det ut til at digitale bevis skaper usikkerhetsmomenter. Rettsvesenets manglende forståelse for digitale bevis kan potensielt ... -
Interpretation of File System Metadata in a Criminal Investigation Context
Nordvik, Rune (Doctoral theses at NTNU;2024:115, Doctoral thesis, 2024)The reliable reconstruction of digital events is imperative for solving criminal cases. Computers, servers, mobile and IoT devices, vehicles, and EV charging infrastructure all use either local or remote storage (cloud). ... -
It is about time–Do exFAT implementations handle timestamps correctly?
Nordvik, Rune; Axelsson, Stefan (Peer reviewed; Journal article, 2022)Digital forensic investigations require that file metadata are interpreted correctly. In this paper we focus on the timestamps of the exFAT file system. How these timestamps are written may depend on the implementation of ... -
Legal and technical questions of file system reverse engineering
Stoykova, Radina; Nordvik, Rune; Ahmed, Munnazzar; Franke, Katrin; Axelsson, Stefan; Toolan, Fergus (Peer reviewed; Journal article, 2022)Reverse engineering of file systems is indispensable for tool testing, accurate evidence acquisition, and correct interpretation of data structures by law enforcement in criminal investigations. This position paper examines ... -
Reliability validation for file system interpretation
Nordvik, Rune; Stoykova, Radina Raychova; Franke, Katrin; Axelsson, Stefan; Toolan, Fergus (Peer reviewed; Journal article, 2021)This paper examines current best practices for Digital Forensic (DF) tool and method validation in the context of file system interpretation for digital evidence. In order to meet the legal and scientific requirements in ... -
Resilient Filesystem
Georges, Henry (Master thesis, 2018)MICROSOFT developed a new Filesystem, REFS. This Resilient FileSystem is intended to replace NTFS, hence the importance and usage of REFS should increase over the next few years. Although we have been able to use REFS since ... -
Reverse engineering of ReFS
Nordvik, Rune; Georges, Henry; Toolan, Fergus; Axelsson, Stefan (Journal article; Peer reviewed, 2019)File system forensics is an important part of Digital Forensics. Investigators of storage media have traditionally focused on the most commonly used file systems such as NTFS, FAT, ExFAT, Ext2-4, HFS+, APFS, etc. NTFS is ... -
The Paradox of Automation in Digital Forensics
Borhaug, Tor Stian (Master thesis, 2019)Politimyndigheter må fortløpende implementere strategier og metoder for å møte moderne teknologiske utfordringer. Økende digitalisering skaper muligheter som muliggjør nye metoder, men også utfordringer som fører til økende ... -
Timestamp prefix carving for filesystem metadata extraction
Porter, Kyle; Nordvik, Rune; Toolan, Fergus; Axelsson, Stefan (Peer reviewed; Journal article, 2021)While file carving is a popular and effective method for extracting file content from unallocated space in a forensic image, it can be time consuming to carve for the wide variety of possible file signatures. Furthermore, ... -
Using the object ID index as an investigative approach for NTFS file systems
Nordvik, Rune; Toolan, Fergus; Axelsson, Stefan (Journal article; Peer reviewed, 2019)When investigating an incident it is important to document user activity, and to document which storage device was connected to which computer. We present a new approach to documenting user activity in computer systems ...