Software Design of EXT3 File Operation Trace Extraction

doi:10.3969/j.issn.1671-1122.2014.12.010

Abstract

Abstract: Most of the Linux hosts use the EXT3 file system. The hard disk of EXT3 format can store a large number of suspicious files. It's very important to identify the increase, delete, change operation of the suspect in the documents. Extraction of the modified data is important for the investigation and forensic of the public security organs. The operation traces of different files are analyzed in this paper. The basic structure of the EXT3 log file and a method to extract the file name and the inode node information from the log are studied. Extraction method of operating traces based on inode and a state transition machine are designed. The software can be run directly in the Linux host and complete the trace extraction by scanning the log file. After a lot of practical testing, the software can effectively extract the uncovered traces of operation in EXT3 file system.

Key words: operation trace, extraction, EXT3, journal, inode

CLC Number:

TP309

XU Guo-tian. Software Design of EXT3 File Operation Trace Extraction[J]. 信息网络安全, 2014, 14(12): 47-50.

[1]	KANG Jian, WANG Jie, LI Zhengxu, ZHANG Guangda. A Model for Anomaly Intrusion Detection with Different Feature Extraction Strategies in IoT [J]. Netinfo Security, 2019, 19(9): 21-25.
[2]	DUAN Yongcheng, WANG Yuqing, LI Xin, YANG Le. RSAR-based Random Forest Network Security Situation Factor Extraction [J]. Netinfo Security, 2019, 19(7): 75-81.
[3]	LI Hui, NI Shice, XIAO Jia, ZHAO Tianzhong. Emotion Classification Technology for Online Video Comments on the Internet [J]. 信息网络安全, 2019, 19(5): 61-68.
[4]	WANG Xudong, YU Xiangzhan, ZHANG Hongli. Research on Traffic Identification Technology for Unknown Protocols [J]. Netinfo Security, 2019, 19(10): 74-83.
[5]	WEN Weiping, LI Jingwei, JIAO Yingnan, LI Hailin. A Vulnerability Detection Method Based on Random Detection Algorithm and Information Aggregation [J]. 信息网络安全, 2019, 19(1): 1-7.
[6]	LU Gang, GUO Ronghua, ZHOU Ying, WANG Jun. Review of Malicious Traffic Feature Extraction [J]. 信息网络安全, 2018, 18(9): 1-9.
[7]	MA Chenxi, CHEN Xingshu, WANG Wenxian, WANG Haizhou. Chinese Event Detection Based on Recurrent Neural Network [J]. 信息网络安全, 2018, 18(5): 75-81.
[8]	DUAN Guihua, SHEN Zhuoxiang, SHEN Dongjie, LI Zhi. Research on a Download Link Recognition Scheme Based on Feature Extraction [J]. 信息网络安全, 2018, 18(10): 31-36.
[9]	QI Ben, WANG Mengdi. A Method Using Information Gain and Naive Bayes to Extract Network Situation Information [J]. 信息网络安全, 2017, 17(9): 54-57.
[10]	XU Yan. Research on Network Link Prediction Based on Data Mining [J]. 信息网络安全, 2017, 17(6): 30-34.
[11]	SONG Shunan, YANG Zhen. Research on Quantization Method of Reducing Bit Disagreement Rate in Secret Key Extraction [J]. 信息网络安全, 2017, 17(4): 46-52.
[12]	LI Hongling, ZOU Jianxin. Research of SQL Injection Detection Based on SVM and Text Feature Extraction [J]. 信息网络安全, 2017, 17(12): 40-46.
[13]	GAO Chuan, YAN Hanbing, JIA Zixiao. Research on the Method for Network Vulnerabilities Situational Awareness Based on the Features [J]. 信息网络安全, 2016, 16(12): 28-33.
[14]	QIU Yue. Research on the Hidden Web Technology for the Network Content Security [J]. 信息网络安全, 2015, 15(9): 106-108.
[15]	ZHANG Fan, ZHONG Zhang-dui. Detection and Prevention of Mobile Malware Based on the Analysis of Permissions [J]. 信息网络安全, 2015, 15(10): 66-73.

Software Design of EXT3 File Operation Trace Extraction

RichHTML

Knowledge

Abstract

Cite this article

share this article

References

Related Articles 15

Recommended Articles

Metrics

Comments