IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [ntfs]

New Technology File System, or NTFS, is a Microsoft file system that debuted with Windows NT. This file system is the default in Windows land and replaced the FAT and FAT32 file systems.

New Technology File System, or NTFS, is a Microsoft file system that debuted with Windows NT. This file system is the default in Windows land and replaced the FAT and FAT32 file systems.

Related reading

30 questions
22
votes
2 answers

Is NTFS encrypted by default?

Can an NTFS volume be read by forensics without having to log into the windows user or provide any passwords? aka can data be read straight from the sectors in clear text?
ZedPython
  • 339
  • 2
  • 5
11
votes
3 answers

Is denying write access an effective way to stop ransomware?

I'm looking for ways to defend against ransomware. As part of this strategy I've come up with the idea to block myself from writing to as many locations (and files) as possible. It may be assumed that the active user is always logged-in as standard,…
SEJPM
  • 9,500
  • 5
  • 35
  • 66
11
votes
4 answers

How do Windows services access folders encrypted with NTFS EFS

If I understood correctly, when I enable NTFS encryption (EFS) for a specific folder in Windows, it uses specific account's user name/password (salted) to create asymmetric keys for data encryption and decryption. If I enable encryption for a…
Groo
  • 213
  • 1
  • 7
8
votes
4 answers

Does a rewritten file on NTFS use the same blocks?

Suppose that we produce a sensitive document on a Windows 7 box, NTFS filesystem. As we write the document, it grows longer, and we keep saving it, which means that the editor overwrites it from the beginning, truncating it to zero length and…
Kaz
  • 2,303
  • 16
  • 17
8
votes
2 answers

How can I view the NTFS $MFT using correct field names?

I am trying to view an NTFS master file table. Each tool I have used so far extracts all of the entries, but puts non standard headers such as STANDARD_INFORMATION_ON instead of say $STANDARD_INFORMATION. I have tried MFT2CSV, ntfswalk64, and…
Ninja2k
  • 301
  • 1
  • 4
  • 12
4
votes
2 answers

How to know when a file was deleted in a NTFS filesystem?

Is it possible to know when a file in a NTFS filesystem was deleted? For example, if you have the file in the recycle bin you have the metadata file that stores when the file was sent to the recycle bin. However, if the file was never in the recycle…
kinunt
  • 2,759
  • 2
  • 23
  • 30
4
votes
1 answer

Is NTFS file compression vulnerable to a CRIME-like attack when using an encrypted volume?

I know that content compression can cause SSL to be vulnerable to the CRIME attack, via changes in the content length when injected plaintext matches existing content. Does this principle carry over to NTFS file compression on volumes that are…
Polynomial
  • 132,208
  • 43
  • 298
  • 379
4
votes
3 answers

Where are NTFS security ACLs stored on Windows systems?

Are per-file and directory access permissions for an user or a group stored as part of the NTFS structures on-disk? Or are they recorded in the registry database for an installed Windows OS, or elsewhere yet? In practice, assuming several NT-class…
NimbUs
  • 101
  • 1
  • 5
3
votes
1 answer

Use RSA Encryption With ASP.NET

My goal is to implement asymmetric encryption in an ASP.NET website to secure user-entered Social Security Numbers. I want to encrypt the SSNs with a public key, and only display a masked version, to the user (ie XXX-XX-1234). (A separate…
John
  • 45
  • 4
2
votes
1 answer

How to understand how someone had ssh access, and how to remove CVE-2017-0358

I have a home server that was compromised recently, it has been used to mine some crypto currencies. I have not stopped anything yet apart from locking ssh to my user only. The processes are still running and I want to 1/ understand how they got in…
Benoit Duffez
  • 123
  • 4
2
votes
1 answer

Write protect a partition

I have an HDD partition that contains a Karaoke song library of 400 GB. Backing it up is cumbersome at best and requires a large external drive and hours of time. The library is the only thing on the partition, so there is no reason to write to…
Lew MUrray
  • 21
  • 1
2
votes
2 answers

Use NTFS permissions to prevent folder access on USB key

TL/DR: how to use NTFS permissions to prevent all users on other PCs from accessing a particular folder on an NTFS USB key? BACKGROUND I have an NTFS formatted USB key. The top level contains a single folder named "MAIN". There's an arbitrary…
Puzzled
  • 21
  • 2
1
vote
2 answers

What are hardened ACLs for the Windows %systemroot% folder?

What are the recommended file permissions for %systemroot% in Windows 8.1? I couldn't find hardened file system permissions to apply to better secure a Windows installation.
Parth Maniar
  • 349
  • 1
  • 10
1
vote
1 answer

How can I temporary disable folders links like Users\All Users in order to perform a forensic analysis?

I'm doing a forensic analysis of a hard drive that I have imaged to a dd image. The image is a NTFS filesystem that I mount in my Windows system with FTK Imager in read-only mode. Then, I search in the mounted drive for a file but in the search…
kinunt
  • 2,759
  • 2
  • 23
  • 30
1
vote
0 answers

Any Windows/NTFS trick to ignore/cancel out a file extension from a path?

I am pentesting an application. The application exposes a SOAP API, which I have access to, and internally that API makes the following call: File.Open("C:\Resources\"+resName+".res", FileMode.Open) The contents of that file is then returned to me.…
PenetrationTester
  • 11
  • 4
1
2