Hilgert et al., 2024 - Google Patents
Mount SMB. pcap: Reconstructing file systems and file operations from network trafficHilgert et al., 2024
View HTML- Document ID
- 11863900623122458088
- Author
- Hilgert J
- Mahr A
- Lambertz M
- Publication year
- Publication venue
- Forensic Science International: Digital Investigation
External Links
Snippet
File system and network forensics are fundamental in forensic investigations, but are often treated as distinct disciplines. This work seeks to unify these fields by introducing a novel framework capable of mounting network captures, enabling investigators to seamlessly …
- 238000000034 method 0 abstract description 38
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F17/00—Digital computing or data processing equipment or methods, specially adapted for specific functions
- G06F17/30—Information retrieval; Database structures therefor; File system structures therefor
- G06F17/30067—File systems; File servers
- G06F17/30129—Details of further file system functionalities
- G06F17/30144—Details of monitoring file system events, e.g. by the use of hooks, filter drivers, logs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F17/00—Digital computing or data processing equipment or methods, specially adapted for specific functions
- G06F17/30—Information retrieval; Database structures therefor; File system structures therefor
- G06F17/30861—Retrieval from the Internet, e.g. browsers
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F17/00—Digital computing or data processing equipment or methods, specially adapted for specific functions
- G06F17/30—Information retrieval; Database structures therefor; File system structures therefor
- G06F17/30067—File systems; File servers
- G06F17/30182—File system types
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F17/00—Digital computing or data processing equipment or methods, specially adapted for specific functions
- G06F17/30—Information retrieval; Database structures therefor; File system structures therefor
- G06F17/30286—Information retrieval; Database structures therefor; File system structures therefor in structured data stores
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network-specific arrangements or communication protocols supporting networked applications
- H04L67/28—Network-specific arrangements or communication protocols supporting networked applications for the provision of proxy services, e.g. intermediate processing or storage in the network
- H04L67/2804—Network-specific arrangements or communication protocols supporting networked applications for the provision of proxy services, e.g. intermediate processing or storage in the network for adding application control or application functional data, e.g. adding metadata
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network-specific arrangements or communication protocols supporting networked applications
- H04L67/28—Network-specific arrangements or communication protocols supporting networked applications for the provision of proxy services, e.g. intermediate processing or storage in the network
- H04L67/2823—Network-specific arrangements or communication protocols supporting networked applications for the provision of proxy services, e.g. intermediate processing or storage in the network for conversion or adaptation of application content or format
- H04L67/2828—Network-specific arrangements or communication protocols supporting networked applications for the provision of proxy services, e.g. intermediate processing or storage in the network for conversion or adaptation of application content or format for reducing the amount or size of exchanged application data
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network-specific arrangements or communication protocols supporting networked applications
- H04L67/10—Network-specific arrangements or communication protocols supporting networked applications in which an application is distributed across nodes in the network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network-specific arrangements or communication protocols supporting networked applications
- H04L67/02—Network-specific arrangements or communication protocols supporting networked applications involving the use of web-based technology, e.g. hyper text transfer protocol [HTTP]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Teing et al. | Forensic investigation of P2P cloud storage services and backbone for IoT networks: BitTorrent Sync as a case study | |
| Martini et al. | Cloud storage forensics: ownCloud as a case study | |
| Cohen | PyFlag–An advanced network forensic framework | |
| Federici | Cloud data imager: A unified answer to remote acquisition of cloud storage areas | |
| Garfinkel et al. | A general strategy for differential forensic analysis | |
| Teing et al. | CloudMe forensics: A case of big data forensic investigation | |
| JP5492295B2 (en) | Content mesh search | |
| Shafqat | Forensic investigation of user's web activity on Google Chrome using various forensic tools | |
| US7941386B2 (en) | Forensic systems and methods using search packs that can be edited for enterprise-wide data identification, data sharing, and management | |
| Teing et al. | Greening cloud-enabled big data storage forensics: Syncany as a case study | |
| Hilgert et al. | Mount SMB. pcap: Reconstructing file systems and file operations from network traffic | |
| Mendoza et al. | BrowStEx: A tool to aggregate browser storage artifacts for forensic analysis | |
| Motyliński et al. | Digital forensic acquisition and analysis of discord applications | |
| Teing et al. | Private cloud storage forensics: Seafile as a case study | |
| CN110266792A (en) | Address conversion method, device, device and computer-readable storage medium | |
| Flowers et al. | Web browser artefacts in private and portable modes: a forensic investigation | |
| Brinson et al. | Dark Web Forensics: An investigation of tracking dark web activity with digital forensics | |
| Reed et al. | Forensic analysis of epic privacy browser on windows operating systems | |
| Breitinger et al. | A forensic analysis of rclone and rclone's prospects for digital forensic investigations of cloud storage | |
| Litchfield | Oracle forensics part 4: Live response | |
| Latib et al. | Analysing log files for web intrusion investigation using hadoop | |
| Marsh et al. | Iot database forensics: An investigation on harperdb security | |
| Son et al. | IF-DSS: A forensic investigation framework for decentralized storage services | |
| Kävrestad et al. | Collecting Data | |
| Lim et al. | On-the-spot digital investigation by means of LDFS: Live Data Forensic System |