Cross-Platform File System Activity Monitoring and Forensics – A Semantic Approach

Publication: Chapter in book/Conference proceedingContribution to conference proceedings


Ensuring data confidentiality and integrity are key concerns for information security professionals, who typically have to obtain and integrate information from multiple sources to detect unauthorized data modifications and transmissions. The instrumentation that operating systems provide for the monitoring of file system level activity can yield important clues on possible data tampering and exfiltration activity but the raw data that these tools provide is difficult to interpret, contextualize and query. In this paper, we propose and implement an architecture for file system activity log acquisition, extraction, linking and storage that leverages semantic techniques to tackle limitations of existing monitoring approaches in terms of integration, contextualization, and cross-platform interoperability. We illustrate the applicability of the proposed approach in both forensic and monitoring scenarios and conduct a performance evaluation in a virtual setting.
Original languageEnglish
Title of host publicationICT Systems Security and Privacy Protection
Editors Hölbl, Marko, Rannenberg, Kai, Welzer, Tatjana
Place of PublicationMaribor, Slovenia
PublisherSpringer International Publishing
Pages384 - 397
ISBN (Print)978-3-030-58201-2
Publication statusPublished - 2020

Austrian Classification of Fields of Science and Technology (ÖFOS)

  • 102
  • 509018 Knowledge management
  • 505002 Data protection

Cite this