Abstract
ZFS is a relatively new, open source file system designed and developed by Sun Microsystems. 1 1 As of the writing of this article, Sun Microsystems publicly acknowledged a plan for Oracle to acquire Sun. ZFS was released as open source software under a CDDL license. It is unknown what impact the not yet finalized acquisition will have on ZFS. The stated intent was to develop “…a new kind of file system that provides simple administration, transactional semantics, end-to-end data integrity, and immense scalability” ( OpenSolaris community). Its functionality, architecture, and disk layout take a relatively radical departure from many commonly used file systems (e.g. FAT, NTFS, EXT2/3, UFS, HFS+, etc.). Since file systems play a very important role in how and where data are stored, as well as the likelihood of their retrieval during digital forensic investigations, it is important that forensics researchers and practitioners understand ZFS and its forensic implications. That is the goal of this article. We first provide the reader with a primer of sorts about ZFS, which lays the foundation for our discussion of ZFS forensics. We then present the results of our analysis of ZFS functionality, architecture, and disk layout – identifying and discussing several digital forensic artifacts and challenges unique to ZFS.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
