ZARGARI, Shahrzad and JANARTHANAN, Tharmini (2015). The evidentiary value of link files in Linux file system to digital forensic investigation. In: WU, Yulei, MIN, Geyong, GEORGALIS, Nektarios, HU, Jia, ATZORI, Luigi, JIN, Xiaolong, JARVIS, Stephen, LIU, Lei and CALVO, Ramon Aguero, (eds.) Computer and Information Technology; Ubiquitous Computing and Communications; Dependable, Autonomic and Secure Computing; Pervasive Intelligence and Computing (CIT/IUCC/DASC/PICOM), 2015 IEEE International Conference on. IEEE Computer Society, 1984-1988.Full text not available from this repository.
A link file in Linux operating systems functions as an entry in the file system which connects a file name to the actual bytes of data on the disk. Although, the initial purpose of the link files was for convenient access to certain files, documents or programs but this study demonstrates that the link files can be considered as an artefact to gain information about the users' activities in digital forensic investigations. However, they can be only used as a body of evidence. This paper discusses the information that can be gathered from the metadata of link files in Linux system during digital forensic investigations and also addresses the complexity of interpreting the MAC Times.
|Item Type:||Book Section|
|Research Institute, Centre or Group:||Cultural Communication and Computing Research Institute > Communication and Computing Research Centre|
|Depositing User:||Shahrzad Zargari|
|Date Deposited:||06 Jan 2016 12:28|
|Last Modified:||06 Jan 2016 12:28|
Actions (login required)
Downloads per month over past year