Resilient Filesystem
Abstract
MICROSOFT developed a new Filesystem, REFS. This Resilient FileSystem is intended to replace NTFS, hence the importance and usage of REFS should increase over the next few years. Although we have been able to use REFS since the presence of Windows Server 2012 and Windows 8, there is almost no documentation on this filesystem available, especially not from MICROSOFT.Since coming into contact with REFS during a specialization project that I undertook in my studies at NTNU, I worked on understanding this filesystem. This master thesis is a continuation of the work I did in the aforementioned specialization project.The aim of this master thesis is: to examine the B-TREE-structure of REFS; to enhance the knowledge about this filesystem and how it works; to examine how MICROSOFT designed the filesystem to improve data-integrity. The results of this master thesis might serve other forensicators to verify the results provided by other, usually commercial, tools, or, in the case that the tools don t provide the needed functions, to do these jobs manually.