Analysis of window Transactional NTFS(TxF) and Transactional Registry(TxR) in the digital forensic perspective

Byeongyeong Yoo; Jewan Bang; Kyung Soo Lim; Sangjin Lee

doi:10.1109/CSA.2009.5404233

Analysis of window Transactional NTFS(TxF) and Transactional Registry(TxR) in the digital forensic perspective

Byeongyeong Yoo, Jewan Bang, Kyung Soo Lim, Sangjin Lee

School of Cybersecurity

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Transaction indicates that the reservation of original data before committing works by executing a single work as an atomic unit. Transactional NTFS (TxF) is the thing that applies Transaction into on NTFS and is the first introduced in the Windows Vista. As Transactional NTFS, Transactional Registry (TxR) is that applies Transaction functions into Registry. When working on the task that Transaction is applied, the log relating to the work is recorded. Throughout the log, user can check work information. This paper introduces Transactional NTFS and Transactional Registry and analysis logs in the point view of digital forensics. Furthermore, this paper simulates the implement that analyze the Transaction log file.

Original language	English
Title of host publication	Proceedings of the 2009 2nd International Conference on Computer Science and Its Applications, CSA 2009
DOIs	https://doi.org/10.1109/CSA.2009.5404233
Publication status	Published - 2009
Event	2009 2nd International Conference on Computer Science and Its Applications, CSA 2009 - Jeju Island, Korea, Republic of Duration: 2009 Dec 10 → 2009 Dec 12

Publication series

Name	Proceedings of the 2009 2nd International Conference on Computer Science and Its Applications, CSA 2009

Other

Other	2009 2nd International Conference on Computer Science and Its Applications, CSA 2009
Country/Territory	Korea, Republic of
City	Jeju Island
Period	09/12/10 → 09/12/12

Keywords

Digital forensic
NTFS
Registry
Transaction

ASJC Scopus subject areas

Computational Theory and Mathematics
Computer Science Applications

Access to Document

10.1109/CSA.2009.5404233

Cite this

Yoo, B., Bang, J., Lim, K. S., & Lee, S. (2009). Analysis of window Transactional NTFS(TxF) and Transactional Registry(TxR) in the digital forensic perspective. In Proceedings of the 2009 2nd International Conference on Computer Science and Its Applications, CSA 2009 [5404233] (Proceedings of the 2009 2nd International Conference on Computer Science and Its Applications, CSA 2009). https://doi.org/10.1109/CSA.2009.5404233

Analysis of window Transactional NTFS(TxF) and Transactional Registry(TxR) in the digital forensic perspective. / Yoo, Byeongyeong; Bang, Jewan; Lim, Kyung Soo et al.
Proceedings of the 2009 2nd International Conference on Computer Science and Its Applications, CSA 2009. 2009. 5404233 (Proceedings of the 2009 2nd International Conference on Computer Science and Its Applications, CSA 2009).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Yoo, B, Bang, J, Lim, KS & Lee, S 2009, Analysis of window Transactional NTFS(TxF) and Transactional Registry(TxR) in the digital forensic perspective. in Proceedings of the 2009 2nd International Conference on Computer Science and Its Applications, CSA 2009., 5404233, Proceedings of the 2009 2nd International Conference on Computer Science and Its Applications, CSA 2009, 2009 2nd International Conference on Computer Science and Its Applications, CSA 2009, Jeju Island, Korea, Republic of, 09/12/10. https://doi.org/10.1109/CSA.2009.5404233

Yoo B, Bang J, Lim KS, Lee S. Analysis of window Transactional NTFS(TxF) and Transactional Registry(TxR) in the digital forensic perspective. In Proceedings of the 2009 2nd International Conference on Computer Science and Its Applications, CSA 2009. 2009. 5404233. (Proceedings of the 2009 2nd International Conference on Computer Science and Its Applications, CSA 2009). doi: 10.1109/CSA.2009.5404233

Yoo, Byeongyeong ; Bang, Jewan ; Lim, Kyung Soo et al. / Analysis of window Transactional NTFS(TxF) and Transactional Registry(TxR) in the digital forensic perspective. Proceedings of the 2009 2nd International Conference on Computer Science and Its Applications, CSA 2009. 2009. (Proceedings of the 2009 2nd International Conference on Computer Science and Its Applications, CSA 2009).

@inproceedings{bf162224e12e4e9fa0fc4306dd3fc62e,

title = "Analysis of window Transactional NTFS(TxF) and Transactional Registry(TxR) in the digital forensic perspective",

abstract = "Transaction indicates that the reservation of original data before committing works by executing a single work as an atomic unit. Transactional NTFS (TxF) is the thing that applies Transaction into on NTFS and is the first introduced in the Windows Vista. As Transactional NTFS, Transactional Registry (TxR) is that applies Transaction functions into Registry. When working on the task that Transaction is applied, the log relating to the work is recorded. Throughout the log, user can check work information. This paper introduces Transactional NTFS and Transactional Registry and analysis logs in the point view of digital forensics. Furthermore, this paper simulates the implement that analyze the Transaction log file.",

keywords = "Digital forensic, NTFS, Registry, Transaction",

author = "Byeongyeong Yoo and Jewan Bang and Lim, {Kyung Soo} and Sangjin Lee",

year = "2009",

doi = "10.1109/CSA.2009.5404233",

language = "English",

isbn = "9781424449460",

series = "Proceedings of the 2009 2nd International Conference on Computer Science and Its Applications, CSA 2009",

booktitle = "Proceedings of the 2009 2nd International Conference on Computer Science and Its Applications, CSA 2009",

note = "2009 2nd International Conference on Computer Science and Its Applications, CSA 2009 ; Conference date: 10-12-2009 Through 12-12-2009",

}

TY - GEN

T1 - Analysis of window Transactional NTFS(TxF) and Transactional Registry(TxR) in the digital forensic perspective

AU - Yoo, Byeongyeong

AU - Bang, Jewan

AU - Lim, Kyung Soo

AU - Lee, Sangjin

PY - 2009

Y1 - 2009

N2 - Transaction indicates that the reservation of original data before committing works by executing a single work as an atomic unit. Transactional NTFS (TxF) is the thing that applies Transaction into on NTFS and is the first introduced in the Windows Vista. As Transactional NTFS, Transactional Registry (TxR) is that applies Transaction functions into Registry. When working on the task that Transaction is applied, the log relating to the work is recorded. Throughout the log, user can check work information. This paper introduces Transactional NTFS and Transactional Registry and analysis logs in the point view of digital forensics. Furthermore, this paper simulates the implement that analyze the Transaction log file.

AB - Transaction indicates that the reservation of original data before committing works by executing a single work as an atomic unit. Transactional NTFS (TxF) is the thing that applies Transaction into on NTFS and is the first introduced in the Windows Vista. As Transactional NTFS, Transactional Registry (TxR) is that applies Transaction functions into Registry. When working on the task that Transaction is applied, the log relating to the work is recorded. Throughout the log, user can check work information. This paper introduces Transactional NTFS and Transactional Registry and analysis logs in the point view of digital forensics. Furthermore, this paper simulates the implement that analyze the Transaction log file.

KW - Digital forensic

KW - NTFS

KW - Registry

KW - Transaction

UR - http://www.scopus.com/inward/record.url?scp=80655124306&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=80655124306&partnerID=8YFLogxK

U2 - 10.1109/CSA.2009.5404233

DO - 10.1109/CSA.2009.5404233

M3 - Conference contribution

AN - SCOPUS:80655124306

SN - 9781424449460

T3 - Proceedings of the 2009 2nd International Conference on Computer Science and Its Applications, CSA 2009

BT - Proceedings of the 2009 2nd International Conference on Computer Science and Its Applications, CSA 2009

T2 - 2009 2nd International Conference on Computer Science and Its Applications, CSA 2009

Y2 - 10 December 2009 through 12 December 2009

ER -

Analysis of window Transactional NTFS(TxF) and Transactional Registry(TxR) in the digital forensic perspective

Abstract

Publication series

Other

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this