Btrfs Forensic Analysis

University

Princess Sumaya University for Technology

Faculty

King Hussein Faculty for Computing Sciences

University Country

Jordan

Degree

Master

Degree Date

2016

English Abstract

The investigators in any crimes try to find the evidence, and in cybercrime the investigators do the same thing.

The investigators of cybercrimes usually start by checking the OS layer for evidences, failing at such layer, will lead to checks at a lower layer “file system”.

This means that the investigators should have a good understanding of the file system they want to deal with.

Btrfs is a new file system developed by Chris Mason in 2007.

Btrfs is developed in order to be the next major file system.

Btrfs provides a number of features that make it a very attractive file system solution for many use cases and workloads.

Despite that many researches aimed to discover the behavior of different file systems from a forensic perspective, none of them has considered Btrfs.

This thesis comes to highlight the actual behavior of Btrfs file system, provide an insight to the used data structures, and show how investigators could investigate and extract digital evidences properly from a Btrfs file system.

This thesis has focused on the basic file system operations including creating a file and directory, modifying the content of the file, renaming a file, copying a file, moving a file, and finally deleting a file.

Also, it has discovered the changes of the timestamps of the files and directories.

It has shown when these times change and also it has shown which operation changes which timestamps.

Finally, this thesis will be the reference for the researchers who want to study data recovery and anti-forensic (ex: hidden data) techniques that could be applied to the Btrfs file system.

Main Subjects

Information Technology and Computer Science

No. of Pages

121

Table of contents.

Abstract.

Abstract in Arabic.

Chapter One : Introduction.

Chapter Two : Background and related work.

Chapter Three : Analysis methodology.

Chapter Four : Experiments and artifacts observed.

Chapter Five : Results and evaluations.

Chapter Six : Conclusion and future work.

References.

American Psychological Association (APA)

Hraiz, Safa Fawzi. (2016). Btrfs Forensic Analysis. (Master's theses Theses and Dissertations Master). Princess Sumaya University for Technology, Jordan
https://search.emarefa.net/detail/BIM-720860

Modern Language Association (MLA)

Hraiz, Safa Fawzi. Btrfs Forensic Analysis. (Master's theses Theses and Dissertations Master). Princess Sumaya University for Technology. (2016).
https://search.emarefa.net/detail/BIM-720860

American Medical Association (AMA)

Hraiz, Safa Fawzi. (2016). Btrfs Forensic Analysis. (Master's theses Theses and Dissertations Master). Princess Sumaya University for Technology, Jordan
https://search.emarefa.net/detail/BIM-720860

Language

English

Data Type

Arab Theses

Record ID

BIM-720860

SaveSaved Print

Arab Citation & Impact Factor "Arcif"

Largest Arabic Database of Citations Analysis for the Arabic Scholarly Journals Issued in Arab World.

e-Marefa Platform for Arabic Textbook.

"Kashif" for Checking Similarity or Plagiarism in the Arabic Researches. know more