• DocumentCode
    175429
  • Title

    AccountabilityFS: A File System Monitor for Forensic Readiness

  • Author

    Nordvik, Rune ; Yi-Ching Liao ; Langweg, Hanno

  • Author_Institution
    Norwegian Inf. Security Lab., Gjovik Univ. Coll., Gjovik, Norway
  • fYear
    2014
  • fDate
    24-26 Sept. 2014
  • Firstpage
    308
  • Lastpage
    311
  • Abstract
    We present a file system monitor, AccountabilityFS, which prepares an organization for forensic analysis and incident investigation in advance by ensuring file system operation traces readily available. We demonstrate the feasibility of AccountabilityFS in terms of performance and storage overheads, and prove its reliability against malware attacks.
  • Keywords
    digital forensics; invasive software; AccountabilityFS file system monitor; file system operation; forensic analysis; forensic readiness; malware attacks; performance overhead; storage overhead; Educational institutions; Forensics; Kernel; Malware; Monitoring; Reliability;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Intelligence and Security Informatics Conference (JISIC), 2014 IEEE Joint
  • Conference_Location
    The Hague
  • Print_ISBN
    978-1-4799-6363-8
  • Type

    conf

  • DOI
    10.1109/JISIC.2014.61
  • Filename
    6975599
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=175429