![]() ![]() ![]() What is needed (IMHO) is an open source NTFS filesystem driver that contains NO Write commands. It has (even if only once recorded, and in a very peculiar case) ALREADY happened that a hardware write blocker (a dedicated piece of hardware, usually considered the best possible safeguard as it is physically inserted in the device BUS) missed some write commands, noone would probably fully trust a filter driver (whilst a driver containing NO writes commands would be much more reliable and more easily validated/accepted by the community). The issue in Forensics is that you need to guarantee/validate that NO WRITES are POSSIBLE, and if you put an envelope around something to prevent it from "being contaminated", there is aways *somehow* the possibility that *something* CAN (even if only in theory) go through this outer layer. Sorry to say so, but while your conclusion may be very correct from a programming standpoint: - besides NOT going successfully through Occam's razor - it is ENTIRELY "wrong" We came to the conclusion that the best option to do so was not to do it in the file system driver directly, but to provide a filter driver that forces read-only. If you encounter any problem, feedback is welcome. File read implementation is done but we need some help with NTFS writing portion.Įnough words! If you want to test this initial support for NTFS, you can grab an ISO from here: Especially if you also need PE support!Ģ) The second reason is also that we need help. I was happy to share the current state of the work with you for two reasons.ġ) First reason is that you are intensive Windows users, and you may have a need for a highly modified Windows-compatible OS which can read NTFS. Russinovich running on ReactOS and giving information about the NTFS volume. On this one, you have the NTFS Information tool from M. On this screen, you have ReactOS running the welcome.exe binary from the NT4 installation, on the NTFS volume and also display a bitmap from said installation. On this one, you see ReactOS displaying NTFS information about a volume and reading a file from it. You can see what I'm talking about on the three pictures attached with this post. This was a long awaited feature people were asking for. ReactOS now supports reading files from NTFS volume. This is a free operating system that aims to re-implement Windows, but this time with an open source license. I'm Pierre Schweitzer, one of the ReactOS developers.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |