The evidentiary value of link files in Linux file system to digital forensic investigation

ZARGARI, Shahrzad and JANARTHANAN, Tharmini (2015). The evidentiary value of link files in Linux file system to digital forensic investigation. In: WU, Yulei, MIN, Geyong, GEORGALIS, Nektarios, HU, Jia, ATZORI, Luigi, JIN, Xiaolong, JARVIS, Stephen, LIU, Lei and CALVO, Ramon Aguero, (eds.) Computer and Information Technology; Ubiquitous Computing and Communications; Dependable, Autonomic and Secure Computing; Pervasive Intelligence and Computing (CIT/IUCC/DASC/PICOM), 2015 IEEE International Conference on. IEEE Computer Society, 1984-1988.

Full text not available from this repository.
Official URL:
Link to published version:: 10.1109/CIT/IUCC/DASC/PICOM.2015.294


A link file in Linux operating systems functions as an entry in the file system which connects a file name to the actual bytes of data on the disk. Although, the initial purpose of the link files was for convenient access to certain files, documents or programs but this study demonstrates that the link files can be considered as an artefact to gain information about the users' activities in digital forensic investigations. However, they can be only used as a body of evidence. This paper discusses the information that can be gathered from the metadata of link files in Linux system during digital forensic investigations and also addresses the complexity of interpreting the MAC Times.

Item Type: Book Section
Research Institute, Centre or Group: Cultural Communication and Computing Research Institute > Communication and Computing Research Centre
Identification Number: 10.1109/CIT/IUCC/DASC/PICOM.2015.294
Depositing User: Shahrzad Zargari
Date Deposited: 06 Jan 2016 12:28
Last Modified: 06 Jan 2016 12:28

Actions (login required)

View Item View Item


Downloads per month over past year

View more statistics