【作者】 金晶；

【导师】 陈加忠；

【作者基本信息】 华中科技大学 ， 计算机系统结构， 2009， 硕士

【摘要】 保护电脑上文件的安全已经成为大家很关心的问题。文件隐藏技术从一个方面解决了这个问题,这种技术逐渐被国内外学术界关注和重视。设计了一种NTFS(New Technology File System)文件隐藏方式,它包括三个关键技术的研究,分别是在根目录下搜索目标文件的方式,隐藏文件相关信息的保存以及修正值技术。根目录下目标文件的搜索,是通过遍历索引根属性值和索引分配属性值来实现;隐藏文件相关信息的保存,将相关信息写到卷上的保留扇区,实现了隐藏保存;修正值技术,通过分析NTFS卷,将更新序列数组(USA)改写成适当的值,否则前面的任何修改都不能生效。实现隐藏文件的同时,也实现了基于这种方式所隐藏文件的恢复。并在恢复的时候,针对隐藏文件的上层目录名发生变化的情况,提出了基于ObjectId的文件匹配方法。能够在隐藏文件的上层目录名发生变化的时候,将隐藏的文件恢复到相应的改变后的目录下。这种NTFS卷上的文件隐藏和恢复的方式,它的优点包括:操作系统无关,换成任何别的操作系统,同样的方法也可实现隐藏;能隐藏NTFS卷上的任何文件,与文件的特性无关;它不需要搬移隐藏文件的数据,只修改MFT记录中的内容,因此隐藏文件的效率与文件的大小无关;隐藏的文件隐蔽性好,不会被轻易发现;它对文件系统改动很少,却达到了很好的效果,实现方便。在计算机应用越来越广泛,数据安全越来越重要的今天,所做的工作具有一定的现实意义。更多还原

【Abstract】 To protect the security of computer files has become a matter of great concern to everyone. The file hiding technique solves the problem to some extent, and it has been paid attention and recognition by home and abroad academe.The design of file hidden research on NTFS, includes research on three key technologies. They are the pattern of target file search under root, the way of keeping the related information of hidden files and the technology of checksum. The search of target file, realizes by traversal of index root properties and index allocation properties; the preservation of the hidden file information, achieves by writing to the reservation sectors; checksum technology, though parsing NTFS, updating the USA, otherwise any modify has no effect.At the same time realize the recovery of the hidden file or folder base on this file hidden method. In the recovery, aim to the changes of the upper layer’s folder name, put forward a solution based on the matching method of ObjectId. It can recovery hidden file to the corresponding changed directory.The design of the NTFS file hidden research, has effect on: unrelated to the Operating System, it can achieve hidden function in any types of Operating Systems; it is effective to any file on NTFS file system, and unrelated to the features of the file; The method do not need to move the data stream of the hidden file, only need to modify the content of MFT record, so the speed of file hidden has no relation ship to the size of file. It has high hidden strength, and can not be easily found. It has few changes on file system, but achieves good results.At present more and more applications are used in a wide range of computer and data security is more and more important, the task this article acted has practical significance.更多还原