Difference between pages "Bibliography" and "File Systems"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
m
 
(Cryptographic File Systems)
 
Line 1: Line 1:
=Disk Disposal and Data Recovery=
+
= Conventional File Systems =
* [http://www.deepspar.com/pdf/DeepSparDiskImagingWhitepaper3.pdf Disk Imaging: A Vital Step in Data Recovery], DeepSpar Data Recovery Systems, November 2006. An in depth look at the many issues that cause data loss / irretrievable data in the data recovery imaging process and how to overcome them.
+
* [http://www.actionfront.com/ts_whitepaper.asp Drive-Independent Data Recovery: The Current State-of-the-Art], ActionFront Data Recovery Labs, August 2005.
+
* [[Recovering Overwritten Data#The Gutmann Paper|Secure Deletion of Data from Magnetic and Solid-State Memory]], Peter Gutmann, Proceedings of the Sixth Usenix Security Symposium, 1996. [http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html]
+
* [http://www-03.ibm.com/financing/pdf/us/recovery/igf4-a032.pdf Hard Drive Disposal: The Overlooked Confidentiality Exposure], FInancial Perspectives, IBM White Paper, November 2003.
+
  
=Evidence Gathering=
+
; ffs
 +
: The Fast File System, a variant of ufs that is faster and supports symbolic links.
  
* [http://utdallas.edu/~sxs018540/index/docs/byteprints_itcc05.pdf Byteprints: A Tool to Gather Digital Evidence], Sriranjani Sitaraman, Srinivasan Krishnamurthy and S. Venkatesan, Proceedings of the International Conference on Information Technology (ITCC 2005), Las Vegas, Nevada, USA, April 4 - 6, 2005
+
; ext2fs, ext3
 +
: ext2fs was introduced with Linux. ext3 is a journaled version of ext2 which allows for speedy disk recovery after a crash.
  
=Fake Information=
+
; FAT
 +
: Originally used by MSDOS. Includes FAT12 (for floppy disks), FAT16 and FAT32
  
* [https://analysis.mitre.org/proceedings/Final_Papers_Files/84_Camera_Ready_Paper.pdf Automatic Detection of Fake File Systems], Neil C. Rowe, International Conference on Intelligence Analysis Methods and Tools, McLean, Virginia, May 2005.
+
; NTFS
 +
: The New Technology File System, introduced by Microsoft with Windows NT 4.0. Now used on XP.
  
=Other Papers=
+
; ufs
 +
: The Unix File System, introduced with Unix.
  
* [http://citeseer.ist.psu.edu/shanmugasundaram03automatic.html  Automatic Reassembly of Document Fragments via Context Based Statistical Models], Kulesh Shanmugasundaram and Nasir Memon.
+
;
  
* [http://papers.ssrn.com/sol3/papers.cfm?abstract_id=531782 A Model for When Disclosure Helps Security: What is Different About Computer and Network Security?], Peter P. Swire, Moritz College of Law of the Ohio State University, Journal on Telecommunications and High Technology Law, Vol. 2, 2004.
 
  
=Signed Evidence=
+
= Cryptographic File Systems =
<bibtex>
+
Cryptographic file systems encrypt information before it is stored on the media. Some of these file systems store encrypted files directly. Others are better thought of as device drivers, which are then used to store some of the file systems discussed above.
@article{duerr-2004,
+
 
  title="Information Assurance Applied to Authentication of Digital Evidence",
+
; Apple's File Vault
  author="Thomas E. Duerr and Nicholas D. Beser and Gregory P. Staisiunas",
+
: A clever user interface to Apple's encrypted disk images. Uses the ".sparseimage" extension on disk files.
  year=2004,
+
 
  journal="Forensic Science Communications",
+
; CFS - Matt Blaze's Cryptographic File System for Unix
  volume=6,
+
: [http://http://www.crypto.com/papers/cfskey.pdf|Key Management in an Encrypting File System], Matt Blaze, USENIX Summer 1994 Technical Conference, Boston, MA, June 1994.
  number=4,
+
: [http://http://www.crypto.com/papers/cfs.pdf|A Cryptographic File System for Unix], Matt Blaze, Proceedings of the First ACM Conference on Computer and Communications Security, Fairfax, VA, November 1993.
  url="http://www.fbi.gov/hq/lab/fsc/backissu/oct2004/research/2004_10_research01.htm"
+
 
}
+
 
</bibtex>
+
; NCryptfs
 +
: [http://http://www.fsl.cs.sunysb.edu/docs/ncryptfs/ncryptfs.pdf|NCryptfs: A Secure and Convenient Cryptographic File System ], Charles P. Wright, Michael C. Martino, and Erez Zadok, Stony Brook University ,USENIX 2003 Annual Technical Conference.
 +
 
 +
 
 +
 
 +
; Transparent Cryptographic File System
 +
: http://www.tcfs.it/
 +
 
 +
 
 +
== Full Disk Encryption ==
 +
; Seagate FDE
 +
: http://www.seagate.com/docs/pdf/marketing/PO-Momentus-FDE.pdf
 +
 
 +
; Network Appliance
 +
: http://www.netapp.com/ftp/decru-fileshredding.pdf

Revision as of 16:34, 12 November 2005

Conventional File Systems

ffs
The Fast File System, a variant of ufs that is faster and supports symbolic links.
ext2fs, ext3
ext2fs was introduced with Linux. ext3 is a journaled version of ext2 which allows for speedy disk recovery after a crash.
FAT
Originally used by MSDOS. Includes FAT12 (for floppy disks), FAT16 and FAT32
NTFS
The New Technology File System, introduced by Microsoft with Windows NT 4.0. Now used on XP.
ufs
The Unix File System, introduced with Unix.


Cryptographic File Systems

Cryptographic file systems encrypt information before it is stored on the media. Some of these file systems store encrypted files directly. Others are better thought of as device drivers, which are then used to store some of the file systems discussed above.

Apple's File Vault
A clever user interface to Apple's encrypted disk images. Uses the ".sparseimage" extension on disk files.
CFS - Matt Blaze's Cryptographic File System for Unix
Management in an Encrypting File System, Matt Blaze, USENIX Summer 1994 Technical Conference, Boston, MA, June 1994.
Cryptographic File System for Unix, Matt Blaze, Proceedings of the First ACM Conference on Computer and Communications Security, Fairfax, VA, November 1993.


NCryptfs
A Secure and Convenient Cryptographic File System , Charles P. Wright, Michael C. Martino, and Erez Zadok, Stony Brook University ,USENIX 2003 Annual Technical Conference.


Transparent Cryptographic File System
http://www.tcfs.it/


Full Disk Encryption

Seagate FDE
http://www.seagate.com/docs/pdf/marketing/PO-Momentus-FDE.pdf
Network Appliance
http://www.netapp.com/ftp/decru-fileshredding.pdf