The evidentiary value of link files in Linux file system to digital forensic investigation

Tools

ZARGARI, Shahrzad and JANARTHANAN, Tharmini (2015). The evidentiary value of link files in Linux file system to digital forensic investigation. In: WU, Yulei, MIN, Geyong, GEORGALIS, Nektarios, HU, Jia, ATZORI, Luigi, JIN, Xiaolong, JARVIS, Stephen, LIU, Lei and CALVO, Ramon Aguero, (eds.) Computer and Information Technology; Ubiquitous Computing and Communications; Dependable, Autonomic and Secure Computing; Pervasive Intelligence and Computing (CIT/IUCC/DASC/PICOM), 2015 IEEE International Conference on. IEEE Computer Society, 1984-1988. [Book Section]

Abstract
More Information
Metrics
Share

[+][-]

Abstract

A link file in Linux operating systems functions as an entry in the file system which connects a file name to the actual bytes of data on the disk. Although, the initial purpose of the link files was for convenient access to certain files, documents or programs but this study demonstrates that the link files can be considered as an artefact to gain information about the users' activities in digital forensic investigations. However, they can be only used as a body of evidence. This paper discusses the information that can be gathered from the metadata of link files in Linux system during digital forensic investigations and also addresses the complexity of interpreting the MAC Times.

More Information

Official URL:

http://ieeexplore.ieee.org/xpl/mostRecentIssue.jsp...

Research Institute, Centre or Group - Does NOT include content added after October 2018:

Cultural Communication and Computing Research Institute > Communication and Computing Research Centre

Departments - Does NOT include content added after October 2018:

Faculty of Science, Technology and Arts > Department of Computing

Page Range:

1984-1988

Identifiers

Identification Number:

10.1109/CIT/IUCC/DASC/PICOM.2015.294