Btrfs Forensic Analysis
Dissertant
Thesis advisor
Comitee Members
Qasaimih, Malik
Awad, Imad al-Din
University
Princess Sumaya University for Technology
Faculty
King Hussein Faculty for Computing Sciences
University Country
Jordan
Degree
Master
Degree Date
2016
English Abstract
The investigators in any crimes try to find the evidence, and in cybercrime the investigators do the same thing.
The investigators of cybercrimes usually start by checking the OS layer for evidences, failing at such layer, will lead to checks at a lower layer “file system”.
This means that the investigators should have a good understanding of the file system they want to deal with.
Btrfs is a new file system developed by Chris Mason in 2007.
Btrfs is developed in order to be the next major file system.
Btrfs provides a number of features that make it a very attractive file system solution for many use cases and workloads.
Despite that many researches aimed to discover the behavior of different file systems from a forensic perspective, none of them has considered Btrfs.
This thesis comes to highlight the actual behavior of Btrfs file system, provide an insight to the used data structures, and show how investigators could investigate and extract digital evidences properly from a Btrfs file system.
This thesis has focused on the basic file system operations including creating a file and directory, modifying the content of the file, renaming a file, copying a file, moving a file, and finally deleting a file.
Also, it has discovered the changes of the timestamps of the files and directories.
It has shown when these times change and also it has shown which operation changes which timestamps.
Finally, this thesis will be the reference for the researchers who want to study data recovery and anti-forensic (ex: hidden data) techniques that could be applied to the Btrfs file system.
Main Subjects
Information Technology and Computer Science
No. of Pages
121
Table of Contents
Table of contents.
Abstract.
Abstract in Arabic.
Chapter One : Introduction.
Chapter Two : Background and related work.
Chapter Three : Analysis methodology.
Chapter Four : Experiments and artifacts observed.
Chapter Five : Results and evaluations.
Chapter Six : Conclusion and future work.
References.
American Psychological Association (APA)
Hraiz, Safa Fawzi. (2016). Btrfs Forensic Analysis. (Master's theses Theses and Dissertations Master). Princess Sumaya University for Technology, Jordan
https://search.emarefa.net/detail/BIM-720860
Modern Language Association (MLA)
Hraiz, Safa Fawzi. Btrfs Forensic Analysis. (Master's theses Theses and Dissertations Master). Princess Sumaya University for Technology. (2016).
https://search.emarefa.net/detail/BIM-720860
American Medical Association (AMA)
Hraiz, Safa Fawzi. (2016). Btrfs Forensic Analysis. (Master's theses Theses and Dissertations Master). Princess Sumaya University for Technology, Jordan
https://search.emarefa.net/detail/BIM-720860
Language
English
Data Type
Arab Theses
Record ID
BIM-720860