AccountabilityFS: A File System Monitor for Forensic Readiness
Original version
10.1109/JISIC.2014.61Abstract
We present a file system monitor, AccountabilityFS, which prepares an organization for forensic analysis and incident investigation in advance by ensuring file system operation traces readily available. We demonstrate the feasibility of AccountabilityFS in terms of performance and storage overheads, and prove its reliability against malware attacks. AccountabilityFS: A File System Monitor for Forensic Readiness