Skip to main content
Springer Nature Link
Log in

A Method of Traceless File Deletion for NTFS File System

  • Conference paper
  • First Online:
Cyberspace Safety and Security (CSS 2022)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13547))

Included in the following conference series:

  • 1016 Accesses

Abstract

NTFS is the most widely used disk partition format today, especially in personal computers and mobile storage devices, for its high security, excellent performance, and good convenience. After a file is normally deleted in NTFS file system, it can be still recovered by analyzing the file records and properties in MFT, and the deletion leave traces in the operation system which can be detected by the forensic tools. If the computer/USB device is lost or stolen, files on the hard disk, including the files that has been deleted, can be leaked which leaves a huge security risk. To securely and completely delete a file, this paper proposes a method of traceless file deletion for Windows NTFS file system. Experimental results show that the deleted file cannot be recovered and the deletion operation leaves no trace even by the forensic tools.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Govindarajan, M.: Challenges for big data security and privacy. Encyclopedia of Information Science and Technology. 4th edn, pp. 373–380. IGI Global, New York, NY (2018)

    Google Scholar 

  2. Gahi, Y., Guennoun, M., Mouftah, H.T.: Big data analytics: security and privacy challenges. In: IEEE Symposium on Computers and Communication, pp. 952–957. IEEE, Messina, Italy (2016)

    Google Scholar 

  3. Chen, L., Liu, F., Yao, D.: Enterprise data breach: causes, challenges, prevention, and future directions: enterprise data breach. Wiley Interdiscip. Rev. Data Mining Knowl. Discov. 7(C), e1211 (2017)

    Google Scholar 

  4. Microsoft Corporation: The NTFS File System (2008)

    Google Scholar 

  5. Microsoft Corporation: Choosing Between File Systems (2014)

    Google Scholar 

  6. Wang, L.Y., Ju, J.W.: Analysis of NTFS file system structure. Comput. Eng. Des. 27(3), 418–420 (2006)

    Google Scholar 

  7. Oommen, R.R., Sugathan, P.: Recovering deleted Files from NTFS. Int. J. Sci. Res. 51(6), 205–208 (2016)

    Google Scholar 

  8. Yoo, B., Park, J., Bang J., Lee S.: A study on a carving method for deleted NTFS compressed files, In: 3rd International Conference on Human-Centric Computing, pp. 1–6. IEE, Cebu, Philippines (2010)

    Google Scholar 

  9. Peng, Z., Feng, X., Tang, L., Zhai, M.: A data recovery method for NTFS files system. In: Niu, W., Li, G., Liu, J., Tan, J., Guo, L., Han, Z., Batten, L. (eds.) ATIS 2015. CCIS, vol. 557, pp. 379–386. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-48683-2_34

    Chapter  Google Scholar 

  10. Feng, F.J., Li, X.J., Yao, J.P.: Design and implementation of data recovery system based on NTFS. DEStech Trans. Comput. Sci. Eng. 291, 240–244 (2018)

    Google Scholar 

  11. Zhang, N., Jiang, Y., Wang, J.: The research of data recovery on Windows file systems. In: International Conference on Intelligent Transportation, Big Data & Smart City, pp. 644–647, IEEE, Vientiane, Laos (2020)

    Google Scholar 

  12. Frields, J.: National Industrial Security Program. Operating manual supplement technical report, Department of defense Washington DC (1995)

    Google Scholar 

  13. Dong, B.O., Park, K.H., Kim, H.K.: De-wipimization: detection of data wiping traces for investigating NTFS file system. Comput. Secur. 99, 102034 (2020)

    Article  Google Scholar 

  14. Park, K.J., Park, J.M., Kim, E.J., Cheon, C.G., James, J.I.: Anti-forensic trace detection in digital forensic triage investigations. J. Dig. Foren. Secur. Law 12(1), 8–15 (2017)

    Google Scholar 

  15. Horsman, G.: Digital tool marks (DTMs): a forensic analysis of file wiping software. Aust. J. Forensic Sci. 53(1), 1–16 (2019)

    Google Scholar 

  16. Karresand, M., Axelsson, S., Dyrkolbotn, G.O.: Disk cluster allocation behavior in Windows and NTFS. Mobile Networks Appl. 25(3), 248–258 (2020)

    Article  Google Scholar 

Download references

Acknowledgments

This work was supported by the National Key Research and Development Program of China (2018YFB0804104), National Natural Science Foundation of China (62102209), Shandong Provincial Key Research and Development Program (2021CXGC010107, 2020CXGC010107, 2019JZZY020715), the Shandong Provincial Natural Science Foundation of China (ZR2020KF035).

Author information

Authors and Affiliations

  1. Shandong Provincial Key Laboratory of Computer Networks, Shandong Computer Science Center (National Supercomputer Center in Jinan), Qilu University of Technology (Shandong Academy of Science), Jinan, 250014, China

    Shujiang Xu, Fansheng Wang & Lianhai Wang

  2. School of Cyber Security, Shandong University of Political Science and Law, Jinan, 250014, China

    Xu Chang & Tongfeng Yang

  3. First Research Institute of the Ministry of Public Security of PRC, Beijing, 100044, China

    Weijun Yang

Authors
  1. Shujiang Xu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Fansheng Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Lianhai Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Xu Chang
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Tongfeng Yang
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Weijun Yang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Shujiang Xu .

Editor information

Editors and Affiliations

  1. Xidian University, Xi'an, China

    Xiaofeng Chen

  2. Nanjing University of Information Science, Nanjing, China

    Jian Shen

  3. University of Wollongong, Wollongong, NSW, Australia

    Willy Susilo

Rights and permissions

Reprints and permissions

Copyright information

© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Xu, S., Wang, F., Wang, L., Chang, X., Yang, T., Yang, W. (2022). A Method of Traceless File Deletion for NTFS File System. In: Chen, X., Shen, J., Susilo, W. (eds) Cyberspace Safety and Security. CSS 2022. Lecture Notes in Computer Science, vol 13547. Springer, Cham. https://doi.org/10.1007/978-3-031-18067-5_8

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-18067-5_8

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-18066-8

  • Online ISBN: 978-3-031-18067-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics