Exploratory Analysis of File System Metadata for Rapid Investigation of Security Incidents

被引:4
|
作者
Beran, Michal [1 ]
Hrdina, Frantisek [1 ]
Kouril, Daniel [1 ]
Oslejsek, Radek [1 ]
Zakopcanova, Kristina [1 ]
机构
[1] Masaryk Univ, Brno, Czech Republic
来源
2020 IEEE SYMPOSIUM ON VISUALIZATION FOR CYBER SECURITY (VIZSEC 2020) | 2020年
关键词
incident investigation; digital evidence; file system metadata; data analysis;
D O I
10.1109/VizSec51108.2020.00008
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
Investigating cybersecurity incidents requires in-depth knowledge from the analyst. Moreover, the whole process is demanding due to the vast data volumes that need to be analyzed. While various techniques exist nowadays to help with particular tasks of the analysis, the process as a whole still requires a lot of manual activities and expert skills. We propose an approach that allows the analysis of disk snapshots more efficiently and with lower demands on expert knowledge. Following a user-centered design methodology, we implemented an analytical tool to guide analysts during security incident investigations. The viability of the solution was validated by an evaluation conducted with members of different security teams.
引用
收藏
页码:11 / 20
页数:10
相关论文
共 50 条
  • [1] Data investigation based on XFS file system metadata
    Park, Yongmin
    Chang, Hyunsoo
    Shon, Taeshik
    [J]. MULTIMEDIA TOOLS AND APPLICATIONS, 2016, 75 (22) : 14721 - 14743
  • [2] Data investigation based on XFS file system metadata
    Yongmin Park
    Hyunsoo Chang
    Taeshik Shon
    [J]. Multimedia Tools and Applications, 2016, 75 : 14721 - 14743
  • [3] Forensic Recovery of File System Metadata for Digital Forensic Investigation
    Oh, Junghoon
    Lee, Sangjin
    Hwang, Hyunuk
    [J]. IEEE ACCESS, 2022, 10 : 111591 - 111606
  • [4] Implementation and Analysis of the File System Based on Metadata Dynamic Hashing
    Ma, Si
    Cai, Tao
    Zhan, Yongzhao
    [J]. MECHATRONICS AND INTELLIGENT MATERIALS II, PTS 1-6, 2012, 490-495 : 1034 - 1038
  • [5] Metadata management of the SANtopia file system
    Lee, YK
    Kim, SW
    Kim, GB
    Shin, BJ
    [J]. PROCEEDINGS OF THE EIGHTH INTERNATIONAL CONFERENCE ON PARALLEL AND DISTRIBUTED SYSTEMS, 2001, : 492 - 499
  • [6] Adaptive metadata rebalance in exascale file system
    Cha, Myung-Hoon
    Kim, Dong-Oh
    Kim, Hong-Yeon
    Kim, Young-Kyun
    [J]. JOURNAL OF SUPERCOMPUTING, 2017, 73 (04): : 1337 - 1359
  • [7] Metadata Namespace Management of Distributed File System
    Luo, Baoshan
    Zhang, Xinyan
    Tan, Zhipeng
    [J]. 14TH INTERNATIONAL SYMPOSIUM ON DISTRIBUTED COMPUTING AND APPLICATIONS FOR BUSINESS, ENGINEERING AND SCIENCE (DCABES 2015), 2015, : 21 - 25
  • [8] On the role of file system metadata in digital forensics
    Buchholz, Florian
    Spafford, Eugene
    [J]. Digital Investigation, 2004, 1 (04) : 298 - 309
  • [9] Effective metadata management in exascale file system
    Cha, Myung-Hoon
    Lee, Sang-Min
    Kim, Hong-Yeon
    Kim, Young-Kyun
    [J]. JOURNAL OF SUPERCOMPUTING, 2019, 75 (11): : 7665 - 7689
  • [10] DMFSsim: a Distributed Metadata File System Simulator
    Wu, Qimeng
    Xie, Ke
    Zhu, Mingfa
    Xiao, Limin
    Ruan, Li
    [J]. INDUSTRIAL INSTRUMENTATION AND CONTROL SYSTEMS, PTS 1-4, 2013, 241-244 : 1556 - 1561
12345