The design of the UNIX operating system
The design of the UNIX operating system
Understanding The Linux Kernel
Understanding The Linux Kernel
An efficient technique for enhancing forensic capabilities of Ext2 file system
Digital Investigation: The International Journal of Digital Forensics & Incident Response
POSTER: Dr. Watson provides data for post-breach analysis
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Hi-index | 0.00 |
Every operating system has its own set of critical files, whose access is generally protected by access control mechanisms, native to the operating system. The importance of such files also simultaneously invites their inspection, unauthorized modification and tampering. So, the need for preserving the authenticity of these critical files along with tracking any unauthorized access to them demands paramount importance. This addresses the need of a good file-system intrusion detection system which is capable of monitoring and tracking any accidental, benign, malicious, intentional changes made to the files that reside in the file-system. For any file the MAC DTS, i.e. the modification, access and creation date and timestamp is a major parameter which can be helpful in detecting any unauthorized access to the documents and monitoring file system intrusion in a broader perspective. So by preserving the MAC DTS we can gain crucial evidence about unauthorized access in the file system. This paper proposes one solution to preserve the MAC DTS for the LINUX operating system (kernel version 2.6.x) with pre-installed plug-ins in the form of Loadable Kernel Modules (LKM).