Skip to main content
SpringerLink
Log in

Data investigation based on XFS file system metadata

  • Published:
Multimedia Tools and Applications Aims and scope Submit manuscript

Abstract

At present, as the amount of digitized information is increasing geometrically, the importance of digitized information as critical clues from the perspective of criminal investigation is also increasing. The importance of digital forensics has also magnified accordingly. As a fundamental technique of digital forensics, recovery of data deleted to conceal information is extremely important and needs to be studied. Although file system types and versions are diversified, sufficient studies have not been performed. The XFS file system was designed to process huge files, and thus it is expected to be applied in server systems. In this paper, we analyze the XFS file system using its structure and metadata information; then, we propose a technique to recover the deleted files through previous analysis results, and verify it through testing.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14
Fig. 15
Fig. 16
Fig. 17
Fig. 18
Fig. 19
Fig. 20
Fig. 21
Fig. 22
Fig. 23
Fig. 24

Similar content being viewed by others

References

  1. Fairbanks KD (2012) An analysis of Ext4 for digital forensics. Digit Investig 9:S118–S130

    Article  Google Scholar 

  2. Garfinkel SL (2010) Digital forensics research: the next 10 years. Digit Investig 7:S64–S73

    Article  Google Scholar 

  3. Hellwig C (2009) XFS: the big storage file system for Linux. Usenix Login Magazine

  4. Lee S, Shon T (2014) Improved deleted file recovery technique for Ext2/3 Filesystem. J Supercomput 70(1):20–30

  5. Majore SA, Lee C, Shon T (2013) XFS file system and file recovery tools. Int J Smart Home 7.1

  6. Narváez, G (2007) Taking advantage of Ext3 journaling file system in a forensic investigation. SANS Institute Reading Room

  7. Pal A, Memon N (2009) The evolution of file carving. IEEE Signal Process Mag 26(2):59–71

    Article  Google Scholar 

  8. Silicon Graphics Inc. (2006) XFS filesystem structure

  9. Silicon Graphics Inc. (2013) XFS overview

Download references

Acknowledgments

This research was supported by the Public Welfare and Safety Research Program through the National Research Foundation of Korea (NRF) funded by the Ministry of Science, ICT and Future Planning (NRF-2012M3A2A1051116).

Author information

Authors and Affiliations

  1. Division of Computer Engineering, Ajou University, Suwon, Republic of Korea

    Yongmin Park, Hyunsoo Chang & Taeshik Shon

Authors
  1. Yongmin Park
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Hyunsoo Chang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Taeshik Shon
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Yongmin Park.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Park, Y., Chang, H. & Shon, T. Data investigation based on XFS file system metadata. Multimed Tools Appl 75, 14721–14743 (2016). https://doi.org/10.1007/s11042-015-2713-3

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11042-015-2713-3

Keywords

Search

Navigation