Association of Chief Police Officers (2012) Good Practice Guide for Computer-Based
Electronic Evidence
Arghire, I. (2012) Windows
8's ReFS Won't Initially Support Boot. [online] Available at: http://news.softpedia.com/news/Windows-8-ReFS-Won-t-Initially-Support-Boot-247156.shtml
[Accessed 10th Feb 2015].
Arpaci-Dusseau, A.C., Arpaci-Dusseau, R.H., Bairavasundaram,
L.N., Goodson, G.R., Schroeder, B. (2008) An Analysis of Data Corruption in the Storage Stack.
Bright, P. (2012) Microsoft
introduces new robust "Resilient File System" for Windows Server 8.
[online] Available at: http://arstechnica.com/information-technology/2012/01/microsoft-introduces-new-robust-resilient-file-system-for-windows-server-8/
[Accessed 3rd Jan 2015].
Buchholz, F. (2006) The
structure of a PKZip file. [online] Available at: https://users.cs.jmu.edu/buchhofp/forensics/formats/pkzip.html
[Accessed 12th Feb 2015].
Bunting, S. (2008) EnCase
computer forensics. Indianapolis, Ind.: Wiley Pub.
Carrier, B. (2005) File
System Forensic Analysis. Boston, Mass.: Addison-Wesley.
Carpio, R.P. (2012) Understanding
SIDs. [online] Available at: http://rpcarpio.blogspot.co.uk/2012/11/deciphering-sids.html
[Accessed 11th Feb 2015].
Christiansen, N.R., Garson, M.S., Mehra, K., Ou-Yang, D. and
Thind, S.R. (2012) File System Recognition
Structure. US Patent Office, Patent No.: US8200895 B2. [online] Available at:
http://www.google.co.uk/patents/US8200895
[Accessed 7th Jan 2015].
Dempsey, J.D. (2012) Decoding
Directory Data
ISO/IEC 27037:2012, (2012) Guidelines for identification, collection, acquisition and preservation
of digital evidence
Leschke, T.R. (2009) Cyber
Dumpster-Diving: $Recycle.Bin Forensics for Windows 7 and Windows Vista
Lucas, M. (2013) Windows
Server 2012: Does ReFS replace NTFS? When should I use it? [online]
Available at: http://blogs.technet.com/b/askpfeplat/archive/2013/01/02/windows-server-2012-does-refs-replace-ntfs-when-should-i-use-it.aspx
[Accessed 4th Jan 2015].
Machor, M. (2008) The
Forensic Analysis of the Microsoft Windows Vista Recycle Bin
Mayer, K. (2012) Improve
File Server Data Resiliency with ReFS in Windows Server 2012 - 31 Days of
Favorite Features in #WinServ 2012 ( Part 15 of 31 ) [online] Available at:
http://blogs.technet.com/b/keithmayer/archive/2012/10/15/refs-in-windows-server-2012.aspx
[Accessed 3rd Jan 2015].
Metz, J. (2013) Resilient
File System (ReFS) - Analysis of the Windows Resilient File System
Microsoft, (2007) Recovering
NTFS Boot Sector on NTFS Partitions. [online] Available at: http://support.microsoft.com/kb/153973[Accessed
18th Jan 2015].
Microsoft, (2011) FILE_SYSTEM_RECOGNITION_STRUCTURE
structure. [online] Available
at: https://msdn.microsoft.com/en-us/library/windows/desktop/dd442654(v=vs.85).aspx
[Accessed 7th Jan 2015].
Microsoft, (2012) Building the next generation file system
for Windows: ReFS.
[online] Available at: http://blogs.msdn.com/b/b8/archive/2012/01/16/building-the-next-generation-file-system-for-windows-refs.aspx
[Accessed 4th Jan 2015].
Microsoft, (2013a) Resilient
file system. [online] Available at: https://msdn.microsoft.com/en-us/library/windows/desktop/hh848060(v=vs.85).aspx
[Accessed 3rd Jan 2015].
Microsoft, (n.d.a) 5
Appendix A: Product Behavior [online] Available at: https://msdn.microsoft.com/en-us/library/ff469400.aspx
[Accessed 9th Feb 2015].
Microsoft, (n.d.b) Master
Boot Record. [online] Available at: https://technet.microsoft.com/en-us/library/cc976786.aspx
[Accessed 4th Jan 2015].
Microsoft, (n.d.c) Obtaining
File System Recognition Information. [online] Available at: https://msdn.microsoft.com/en-us/library/windows/desktop/dd442656(v=vs.85).aspx
[Accessed 7th Jan 2015].
Microsoft, (n.d.d) File
System Recognition. [online] Available at: https://msdn.microsoft.com/en-gb/library/windows/desktop/dd442652(v=vs.85).aspx
[Accessed 7th Jan 2015].
Microsoft, (n.d.e) Security
Descriptors. [online] Available at: https://msdn.microsoft.com/en-us/library/windows/hardware/ff556612(v=vs.85).aspx
[Accessed 28th Jan 2015].
Microsoft, (n.d.f) Understanding
SIDs. [online] Available at: http://support.microsoft.com/kb/243330/ [Accessed 11th
Feb 2015].
Ntfs.com, (n.d.a) Hard
Drive Partition. Partition Table. [online] Available at: http://www.ntfs.com/partition-table.htm
[Accessed 5th Jan 2015].
Ntfs.com, (n.d.b) NTFS
File Types. NTFS File Attributes. [online] Available at: http://ntfs.com/ntfs-files-types.htm
[Accessed 7th Feb 2015].
Refs-data-recovery.com (n.d.) New Features in ReFS. [online] Available at: http://www.refs-data-recovery.com/new-features-in-refs.aspx
[Accessed 3rd Jan 2015].
Sedory, D. (2009) A
Disk Editor View of the NTFS Boot Sector and "Bootstrap Code" for
Windows™ 2000 and XP. [online] Available at: http://thestarman.pcministry.com/asm/mbr/NTFSbrHexEd.htm
[Accessed 8th Jan 2015].
Tilbury, C. (2011) NTFS
$I30 Index Attributes: Evidence of Deleted and Overwritten Files. [online]
Available at: http://digital-forensics.sans.org/blog/2011/09/20/ntfs-i30-index-attributes-evidence-of-deleted-and-overwritten-files
[Accessed 8th Feb 2015].
Wlodarz, D. (2014) Windows
Storage Spaces and ReFS: Is it time to ditch RAID for good? [online]
Available at: http://betanews.com/2014/01/15/windows-storage-spaces-and-refs-is-it-time-to-ditch-raid-for-good/
[Accessed 3rd Jan 2015].
Wpathulin, (2013) Interpretation
of NTFS Timestamps [online] Available at: http://articles.forensicfocus.com/2013/04/06/interpretation-of-ntfs-timestamps/
[Accessed 11th Jan 2015].