Cross-Platform File System Activity Monitoring and Forensics – A Semantic Approach

Kabul Kurniawan; Andreas Ekelhart; Elmar Kiesling; Fajar J. Ekaputra

doi:10.1007/978-3-030-58201-2_26

Cross-Platform File System Activity Monitoring and Forensics – A Semantic Approach

Kabul Kurniawan, Andreas Ekelhart, Elmar Kiesling, Fajar J. Ekaputra

Publication: Chapter in book/Conference proceeding › Contribution to conference proceedings

Abstract

Ensuring data confidentiality and integrity are key concerns for information security professionals, who typically have to obtain and integrate information from multiple sources to detect unauthorized data modifications and transmissions. The instrumentation that operating systems provide for the monitoring of file system level activity can yield important clues on possible data tampering and exfiltration activity but the raw data that these tools provide is difficult to interpret, contextualize and query. In this paper, we propose and implement an architecture for file system activity log acquisition, extraction, linking and storage that leverages semantic techniques to tackle limitations of existing monitoring approaches in terms of integration, contextualization, and cross-platform interoperability. We illustrate the applicability of the proposed approach in both forensic and monitoring scenarios and conduct a performance evaluation in a virtual setting.

Original language	English
Title of host publication	ICT Systems Security and Privacy Protection
Editors	Hölbl, Marko, Rannenberg, Kai, Welzer, Tatjana
Place of Publication	Maribor, Slovenia
Publisher	Springer International Publishing
Pages	384 - 397
ISBN (Print)	978-3-030-58201-2
DOIs	https://doi.org/10.1007/978-3-030-58201-2_26
Publication status	Published - 2020

Austrian Classification of Fields of Science and Technology (ÖFOS)

102
509018 Knowledge management
505002 Data protection

Access to Document

10.1007/978-3-030-58201-2_26Licence: Unspecified

Check availability

University Library Catalogue

Cite this

@inproceedings{8e35fa0638e4428ea32bd6f77b563172,

title = "Cross-Platform File System Activity Monitoring and Forensics – A Semantic Approach",

abstract = "Ensuring data confidentiality and integrity are key concerns for information security professionals, who typically have to obtain and integrate information from multiple sources to detect unauthorized data modifications and transmissions. The instrumentation that operating systems provide for the monitoring of file system level activity can yield important clues on possible data tampering and exfiltration activity but the raw data that these tools provide is difficult to interpret, contextualize and query. In this paper, we propose and implement an architecture for file system activity log acquisition, extraction, linking and storage that leverages semantic techniques to tackle limitations of existing monitoring approaches in terms of integration, contextualization, and cross-platform interoperability. We illustrate the applicability of the proposed approach in both forensic and monitoring scenarios and conduct a performance evaluation in a virtual setting.",

author = "Kabul Kurniawan and Andreas Ekelhart and Elmar Kiesling and Ekaputra, {Fajar J.}",

year = "2020",

doi = "10.1007/978-3-030-58201-2_26",

language = "English",

isbn = "978-3-030-58201-2",

pages = "384 -- 397",

editor = "{H{\"o}lbl, Marko, Rannenberg, Kai, Welzer, Tatjana}",

booktitle = "ICT Systems Security and Privacy Protection",

publisher = "Springer International Publishing",

}

Cross-Platform File System Activity Monitoring and Forensics – A Semantic Approach. / Kurniawan, Kabul; Ekelhart, Andreas; Kiesling, Elmar et al.
ICT Systems Security and Privacy Protection. ed. / Hölbl, Marko, Rannenberg, Kai, Welzer, Tatjana. Maribor, Slovenia: Springer International Publishing, 2020. p. 384 - 397.

Publication: Chapter in book/Conference proceeding › Contribution to conference proceedings

TY - GEN

T1 - Cross-Platform File System Activity Monitoring and Forensics – A Semantic Approach

AU - Kurniawan, Kabul

AU - Ekelhart, Andreas

AU - Kiesling, Elmar

AU - Ekaputra, Fajar J.

PY - 2020

Y1 - 2020

N2 - Ensuring data confidentiality and integrity are key concerns for information security professionals, who typically have to obtain and integrate information from multiple sources to detect unauthorized data modifications and transmissions. The instrumentation that operating systems provide for the monitoring of file system level activity can yield important clues on possible data tampering and exfiltration activity but the raw data that these tools provide is difficult to interpret, contextualize and query. In this paper, we propose and implement an architecture for file system activity log acquisition, extraction, linking and storage that leverages semantic techniques to tackle limitations of existing monitoring approaches in terms of integration, contextualization, and cross-platform interoperability. We illustrate the applicability of the proposed approach in both forensic and monitoring scenarios and conduct a performance evaluation in a virtual setting.

AB - Ensuring data confidentiality and integrity are key concerns for information security professionals, who typically have to obtain and integrate information from multiple sources to detect unauthorized data modifications and transmissions. The instrumentation that operating systems provide for the monitoring of file system level activity can yield important clues on possible data tampering and exfiltration activity but the raw data that these tools provide is difficult to interpret, contextualize and query. In this paper, we propose and implement an architecture for file system activity log acquisition, extraction, linking and storage that leverages semantic techniques to tackle limitations of existing monitoring approaches in terms of integration, contextualization, and cross-platform interoperability. We illustrate the applicability of the proposed approach in both forensic and monitoring scenarios and conduct a performance evaluation in a virtual setting.

U2 - 10.1007/978-3-030-58201-2_26

DO - 10.1007/978-3-030-58201-2_26

M3 - Contribution to conference proceedings

SN - 978-3-030-58201-2

SP - 384

EP - 397

BT - ICT Systems Security and Privacy Protection

A2 - Hölbl, Marko, Rannenberg, Kai, Welzer, Tatjana, null

PB - Springer International Publishing

CY - Maribor, Slovenia

ER -