Title :
The Evidentiary Value of Link Files in Linux File System to Digital Forensic Investigation
Author :
Tharmini Janarthanan;Shahrzad Zargari
Author_Institution :
Fac. of Arts, Comput., Eng. &
Abstract :
A link file in Linux operating systems functions as an entry in the file system which connects a file name to the actual bytes of data on the disk. Although, the initial purpose of the link files was for convenient access to certain files, documents or programs but this study demonstrates that the link files can be considered as an artefact to gain information about the users´ activities in digital forensic investigations. However, they can be only used as a body of evidence. This paper discusses the information that can be gathered from the metadata of link files in Linux system during digital forensic investigations and also addresses the complexity of interpreting the MAC Times.
Keywords :
"Linux","File systems","Metadata","Digital forensics","Operating systems","Graphical user interfaces"
Conference_Titel :
Computer and Information Technology; Ubiquitous Computing and Communications; Dependable, Autonomic and Secure Computing; Pervasive Intelligence and Computing (CIT/IUCC/DASC/PICOM), 2015 IEEE International Conference on
DOI :
10.1109/CIT/IUCC/DASC/PICOM.2015.294
