Distributed filesystem forensics: XtreemFS as a case study
نویسندگان
چکیده
Distributed filesystems provide a cost-effective means of storing high-volume, velocity and variety information in cloud computing, big data and other contemporary systems. These technologies have the potential to be exploited for illegal purposes, which highlights the need for digital forensic investigations. However, there have been few papers published in the area of distributed filesystem forensics. In this paper, we aim to address this gap in knowledge. Using our previously published cloud forensic framework as the underlying basis, we conduct an in-depth forensic experiment on XtreemFS, a Contrail EU-funded project, as a case study for distributed filesystem forensics. We discuss the technical and process issues regarding collection of evidential data from distributed filesystems, particularly when used in cloud computing environments. A number of digital forensic artefacts are also discussed. We then propose a process for the collection of evidential data from distributed filesystems. © 2014 Elsevier Ltd. All rights reserved.
منابع مشابه
FFCK: The Filesystem Forensics Classifier Kit
Filesystem forensics is a general term to describe the searching and recovery of data that is on a drive that has been damaged or reformatted. There are two common applications for filesystem forensics, data recovery and criminal investigation. Certain factors in the filesystem design can make forensics difficult. If only the raw blocks exist on the disk, then it can be very difficult to determ...
متن کاملXtreemFS : A File System for the Cloud
Cloud computing poses new challenges to data storage. While cloud providers use shared distributed hardware, which is inherently unreliable and insecure, cloud users expect their data to be safely and securely stored, available at any time, and accessible in the same way as their locally stored data. In this chapter, the authors present XtreemFS, a file system for the cloud. XtreemFS reconciles...
متن کاملThe XtreemFS Architecture
This paper describes the architecture of XtreemFS, a federated and globally distributed file system. XtreemFS has to cope with scalability problems, a huge number of clients connected over WANs, the related high latency and security problems, as well as distributed file data and metadata. The XtreemFS architecture solves performance, scalability and grid-related problems by a novel design combi...
متن کاملDetecting data theft using stochastic forensics
We present a method to examine a filesystem and determine if and when files were copied from it. We develop this method by stochastically modeling filesystem behavior under both routine activity and copying, and identifying emergent patterns in MAC timestamps unique to copying. These patterns are detectable even months afterwards. We have successfully used this method to investigate data exfilt...
متن کاملIndexes for Distributed File/Storage Systems as a Large Scale Virtual Machine Disk Image Storage in a Wide Area Network
In this paper, we will show throughput measurement results of I/O operations of Ceph, Sheepdog, GlusterFS, and XtreemFS, especially when they are used as virtual disk image stores in a large scale virtual machine hosting environment. When used as a backend storage infrastructure for a virtual machine hosting environment, we need different evaluation indexes other than just I/O performance since...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- Digital Investigation
دوره 11 شماره
صفحات -
تاریخ انتشار 2014