Abstract
The National Institute of Standards and Technology [1] lists the importance of preservation of file time stamps for forensic and intrusion detection purposes. Most operating systems keep track of certain timestamps related to files, the most commonly used timestamps being modification, access, er, UNIX based Operating systems retain the last modification, last inode change, and last access times. This relates to the fact that operating systems only have the most recently updated file timestamp information, which along with any inaccuracies does not guarantee a successful recreation of timeline of events, for an effective incident response. This paper proposes a novel approach in terms of augmenting the core of pathname lookup operation in the LINUX kernel, towards accurate and authentic preservation of file time stamps of system wide critical files.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callMore From: Journal of Computational Methods in Sciences and Engineering
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
