Quotation Kurniawan, Kabul, Ekelhart, Andreas, Kiesling, Elmar. 2020. Cross-Platform File System Activity Monitoring and Forensics – A Semantic Approach. In ICT Systems Security and Privacy Protection, Hrsg. Hölbl, Marko, Rannenberg, Kai, Welzer, Tatjana, 384-397. Maribor, Slovenia: Springer International Publishing.


RIS


BibTeX

Abstract

Ensuring data confidentiality and integrity are key concerns for information security professionals, who typically have to obtain and integrate information from multiple sources to detect unauthorized data modifications and transmissions. The instrumentation that operating systems provide for the monitoring of file system level activity can yield important clues on possible data tampering and exfiltration activity but the raw data that these tools provide is difficult to interpret, contextualize and query. In this paper, we propose and implement an architecture for file system activity log acquisition, extraction, linking and storage that leverages semantic techniques to tackle limitations of existing monitoring approaches in terms of integration, contextualization, and cross-platform interoperability. We illustrate the applicability of the proposed approach in both forensic and monitoring scenarios and conduct a performance evaluation in a virtual setting.

Tags

Press 'enter' for creating the tag

Publication's profile

Status of publication Published
Affiliation WU
Type of publication Contribution to conference proceedings
Language English
Title Cross-Platform File System Activity Monitoring and Forensics – A Semantic Approach
Title of whole publication ICT Systems Security and Privacy Protection
Editor Hölbl, Marko, Rannenberg, Kai, Welzer, Tatjana
Page from 384
Page to 397
Location Maribor, Slovenia
Publisher Springer International Publishing
Year 2020
ISBN 978-3-030-58201-2
URL http://link.springer.com/content/pdf/10.1007/978-3-030-58201-2_26
Open Access N

Associations

People
Kurniawan, Kabul (Details)
Ekelhart, Andreas (Former researcher)
Kiesling, Elmar (Details)
Organization
Institute for Data, Process and Knowledge Management (AE Polleres) (Details)
Research areas (ÖSTAT Classification 'Statistik Austria')
1109 Information and data processing (Details)
1925 Knowledge management (Details)
2953 Data security and data privacy (Details)
Google Scholar: Search