Tools
Tools
Bentley, Peter 
ORCID: 0000-0002-6438-0028
(2023)
A comparison of storage hard disk drive used by the Windows master file table and cluster table to highlight inconsistencies which may indicate the existence of malware.
Discussion Paper.
University of Gloucestershire.
(Unpublished)
|
Text (Published version)
13173 BENTLEY Peter (2023) A comparison of storage hard disk paper.pdf - Published Version Available under License All Rights Reserved. Download (280kB) | Preview |
Abstract
It is known that some advanced persistent threats store malware at the end of a Microsoft Windows partition. It is not known if the operating system documents the allocation of this used disk space in the master file table and, or, cluster table. This paper presents a comparison of hard disk drive storage listed as allocated in the master file table with that listed as allocated in the cluster table. Five machines were analysed, one in two different states, and discrepancies between the two tables were found on all machines and states: disk space not flagged as being used by the master file table but flagged as being used by the cluster table was found being used within, and at the end of, the partition.
| Item Type: | Monograph (Discussion Paper) |
|---|---|
| Uncontrolled Keywords: | Microsoft Windows; Master file table; $MFT; Cluster table; $Bitmap; Malware; Advanced persistent threat (APT); Hard disk drive; Hiding in plain sight |
| Subjects: | Q Science > QA Mathematics > QA75 Electronic computers. Computer science Q Science > QA Mathematics > QA76 Computer software |
| Divisions: | Schools and Research Institutes > School of Business, Computing and Social Sciences |
| Research Priority Areas: | Applied Business & Technology |
| Depositing User: | Pete Bentley |
| Date Deposited: | 21 Sep 2023 12:12 |
| Last Modified: | 27 Sep 2023 11:25 |
| URI: | https://eprints.glos.ac.uk/id/eprint/13173 |
University Staff: Request a correction | Repository Editors: Update this record
