Abstract:
Until recently, various researches on Linux have been conducted, but the characteristics of the filesystem that can be changed as the Linux kernel version is diversified ...Show MoreMetadata
Abstract:
Until recently, various researches on Linux have been conducted, but the characteristics of the filesystem that can be changed as the Linux kernel version is diversified in terms of security have not been considered. Digital forensic investigations, which are not properly analyzed for major metadata changes by kernel version, can undermine investigative capabilities and lead to serious doubts about evidence. Since investigations can be conducted on a variety of Linux filesystems at the actual forensic investigation, it is necessary to analyze metadata of various filesystems by Linux distribution and kernel version. Therefore, this paper compares the difference of metadata changes that occur when deleting files for various kernel versions of Ext2 filesystems. Furthermore, we provide information about the kernel version and change time which has the change in metadata related to file recovery.
Published in: 2019 4th Technology Innovation Management and Engineering Science International Conference (TIMES-iCON)
Date of Conference: 11-13 December 2019
Date Added to IEEE Xplore: 05 March 2020
ISBN Information: