Skip to Main content Skip to Navigation
New interface
Conference papers

Cross-Platform File System Activity Monitoring and Forensics – A Semantic Approach

Abstract : Ensuring data confidentiality and integrity are key concerns for information security professionals, who typically have to obtain and integrate information from multiple sources to detect unauthorized data modifications and transmissions. The instrumentation that operating systems provide for the monitoring of file system level activity can yield important clues on possible data tampering and exfiltration activity but the raw data that these tools provide is difficult to interpret, contextualize and query. In this paper, we propose and implement an architecture for file system activity log acquisition, extraction, linking and storage that leverages semantic techniques to tackle limitations of existing monitoring approaches in terms of integration, contextualization, and cross-platform interoperability. We illustrate the applicability of the proposed approach in both forensic and monitoring scenarios and conduct a performance evaluation in a virtual setting.
Document type :
Conference papers
Complete list of metadata
Contributor : Hal Ifip Connect in order to contact the contributor
Submitted on : Monday, November 22, 2021 - 3:32:15 PM
Last modification on : Monday, November 22, 2021 - 4:37:51 PM
Long-term archiving on: : Wednesday, February 23, 2022 - 7:57:03 PM


 Restricted access
To satisfy the distribution rights of the publisher, the document is embargoed until : 2023-01-01

Please log in to resquest access to the document


Distributed under a Creative Commons Attribution 4.0 International License




Kabul Kurniawan, Andreas Ekelhart, Fajar Ekaputra, Elmar Kiesling. Cross-Platform File System Activity Monitoring and Forensics – A Semantic Approach. 35th IFIP International Conference on ICT Systems Security and Privacy Protection (SEC), Sep 2020, Maribor, Slovenia. pp.384-397, ⟨10.1007/978-3-030-58201-2_26⟩. ⟨hal-03440824⟩



Record views