Forensic Timeline Analysis of the Zettabyte File System - final Honours research presentation
Автор: Dylan Leigh
Загружено: 2026-01-09
Просмотров: 10
My final presentation of my Honours(Computer Science) studies at Victoria University, November 2014.
Thesis and other files at https://research.dylanleigh.net/zfs-t...
Abstract:
During forensic analysis of computer systems, it is often necessary to construct a chronological account of events, including when files were created, modified, accessed and deleted. Timeline analysis is the process of collating and analysing this data, using timestamps from the filesystem and other sources such as log files and internal file metadata.
The Zettabyte File System (ZFS) uses a novel and complex structure to store file data and metadata across multiple devices. Due to the unusual structure and operation of ZFS, many existing forensic tools and techniques cannot be used to analyse ZFS filesystems.
In this project, it has been demonstrated that four of the internal structures of ZFS can be used as effective sources of timeline information. Methods to extract these structures and use them for timeline analysis are provided, including algorithms to detect falsified file timestamps and to determine when individual blocks of file data were last modified.
Доступные форматы для скачивания:
Скачать видео mp4
-
Информация по загрузке:
