Exploratory Analysis of File System Metadata for Rapid Investigation of Security Incidents

被引：4

作者：

Beran, Michal ^{[1
]}

Hrdina, Frantisek ^{[1
]}

Kouril, Daniel ^{[1
]}

Oslejsek, Radek ^{[1
]}

Zakopcanova, Kristina ^{[1
]}

机构：

[1] Masaryk Univ, Brno, Czech Republic

来源：

2020 IEEE SYMPOSIUM ON VISUALIZATION FOR CYBER SECURITY (VIZSEC 2020) | 2020年

关键词：

incident investigation; digital evidence; file system metadata; data analysis;

D O I：

10.1109/VizSec51108.2020.00008

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

Investigating cybersecurity incidents requires in-depth knowledge from the analyst. Moreover, the whole process is demanding due to the vast data volumes that need to be analyzed. While various techniques exist nowadays to help with particular tasks of the analysis, the process as a whole still requires a lot of manual activities and expert skills. We propose an approach that allows the analysis of disk snapshots more efficiently and with lower demands on expert knowledge. Following a user-centered design methodology, we implemented an analytical tool to guide analysts during security incident investigations. The viability of the solution was validated by an evaluation conducted with members of different security teams.

引用

页码：11 / 20

页数：10

共 50 条

[21] Distributed Metadata Management for Exascale Parallel File System
Yamamoto, Keiji
Hori, Atushi
Ishikawa, Yutaka
[J]. 2012 SC COMPANION: HIGH PERFORMANCE COMPUTING, NETWORKING, STORAGE AND ANALYSIS (SCC), 2012, : 1438 - 1438
[22] ADAPTIVE TRADEOFF IN METADATA-BASED SMALL FILE OPTIMIZATIONS FOR A CLUSTER FILE SYSTEM
Li, Xiuqiao
Dong, Bin
Xiao, Limin
Ruan, Li
[J]. INTERNATIONAL JOURNAL OF NUMERICAL ANALYSIS AND MODELING, 2012, 9 (02) : 289 - 303
[23] An Security Analysis of Ext Filesystem metadata
Shin, Yeonghun
Kim, Hyungchan
Jo, Wooyeon
Shon, Taeshik
[J]. 2019 4TH TECHNOLOGY INNOVATION MANAGEMENT AND ENGINEERING SCIENCE INTERNATIONAL CONFERENCE (TIMES-ICON), 2019,
[24] Dynamic file system semantics to enable metadata optimizations in PVFS
Kuhn, Michael
Kunkel, Julian Martin
Ludwig, Thomas
[J]. CONCURRENCY AND COMPUTATION-PRACTICE & EXPERIENCE, 2009, 21 (14): : 1775 - 1788
[25] Forensic Application-Fingerprinting based on File System Metadata
Kaelber, Sven
Dewald, Andreas
Freiling, Felix C.
[J]. 2013 SEVENTH INTERNATIONAL CONFERENCE ON IT SECURITY INCIDENT MANAGEMENT AND IT FORENSICS (IMF 2013), 2013, : 98 - 112
[26] Using asynchronous writes on metadata to improve file system performance
Feng, LC
Chang, RC
[J]. JOURNAL OF SYSTEMS AND SOFTWARE, 1996, 35 (01) : 43 - 54
[27] A five-year study of file-system metadata
Agrawal, Nitin
Bolosky, William J.
Douceur, John R.
Lorch, Jacob R.
[J]. USENIX ASSOCIATION PROCEEDINGS OF THE 5TH USENIX CONFERENCE ON FILE AND STORAGE TECHNOLOGIES ( FAST '07), 2007, : 31 - +
[28] Metal: A Metadata-Hiding File-Sharing System
Chen, Weikeng
Popa, Raluca Ada
[J]. 27TH ANNUAL NETWORK AND DISTRIBUTED SYSTEM SECURITY SYMPOSIUM (NDSS 2020), 2020,
[29] Using asynchronous writes on metadata to improve file system performance
Natl Chiao Tung Univ, Hsinshu, Taiwan
[J]. J Syst Software, 1 (43-54):
[30] Mantle: A Programmable Metadata Load Balancer for the Ceph File System
Sevilla, Michael A.
Watkins, Noah
Maltzahn, Carlos
Nassi, Ike
Brandt, Scott A.
Weil, Sage A.
Farnum, Greg
Fineberg, Sam
[J]. PROCEEDINGS OF SC15: THE INTERNATIONAL CONFERENCE FOR HIGH PERFORMANCE COMPUTING, NETWORKING, STORAGE AND ANALYSIS, 2015,

← 1 2 3 4 5 →