Forensic implications of Ext4
暂无分享,去创建一个
Ext4 has become the default file system on popular Linux distributions; this means that it will be the subject of digital forensic investigations. In this paper a brief overview of Ext4 is given followed by a discussion of how the differences between it and its predecessors affects file system forensics. The new file system presents some unique challenges not only to digital forensics but to privacy in general. Therefore, strides must be made in the open source forensic community for its support.
[1] J. R. Santos,et al. Ext 4 block and inode allocator improvements , 2010 .
[2] Stephen Tweedie,et al. Planned Extensions to the Linux Ext2/Ext3 Filesystem , 2002, USENIX Annual Technical Conference, FREENIX Track.
[3] Brian D. Carrier,et al. File System Forensic Analysis , 2005 .