• International Journal of Internet, Broadcasting and Communication
• /
• v.14 no.3
• /
• pp.8-16
• /
• 2022

In this paper, we propose a method of reconstructing the file system to obtain digital forensics information from the APFS file system when meta information that can know the structure of the file system is deleted due to partial damage to the disk. This method is to reconstruct the tree structure of the file system by only retrieving the B-tree node where file/directory information is stored. This method is not a method of constructing nodes based on structural information such as Container Superblock (NXSB) and Volume Checkpoint Superblock (APSB), and B-tree root and leaf node information. The entire disk cluster is traversed to find scattered B-tree leaf nodes and to gather all the information in the file system to build information. It is a method of reconstructing a tree structure of a file/directory based on refined essential data by removing duplicate data. We demonstrate that the proposed method is valid through the results of applying the proposed method by generating numbers of user files and directories.

• The Journal of the Korea Contents Association
• /
• v.5 no.5
• /
• pp.182-190
• /
• 2005

As computers and Internet become popular, many corporations and countries are using information protection system and security network to protect their informations and resources in internet. But the Intrusional possibilities are increases in open network environments such as the Internet. Even though many security systems were developed, the implementation of these systems are mostly application level not kernel level. Also many file protection systems were developed, but they aren't used widely because of their inconvenience in usage. In this paper, we implement a kernel module to support a file protection function using Loadable Kernel Module (LKM) on Linux. When a system is damaged due to intrusion, the file system are easily recovered through periodical file system image backup.

• KIPS Transactions on Computer and Communication Systems
• /
• v.3 no.10
• /
• pp.311-322
• /
• 2014

IoT(Internet of Things) is a concept of connected internet pursuing direct access to devices or sensors in fused environment of personal, industrial and public area. In IoT environment, it is possible to access realtime data, and the data format and topology of devices are diverse. Also, there are bidirectional communications between users and devices to control actuators in IoT. In this point, IoT is different from the conventional internet in which data are produced by human desktops and gathered in server systems by way of one-sided simple internet communications. For the cloud or portal service of IoT, there should be a file management framework supporting systematic naming service and unified data access interface encompassing the variety of IoT things. This paper implements a DB-based virtual file system maintaining attributes of IoT things in a UNIX-styled file system view. Users who logged in the virtual shell are able to explore IoT things by navigating the virtual file system, and able to access IoT things directly via UNIX-styled file I O APIs. The implemented virtual file system is lightweight and flexible because it maintains only directory structure and descriptors for the distributed IoT things. The result of a test for the virtual shell primitives such as mkdir() or chdir() shows the smooth functionality of the virtual file system, Also, the exploring performance of the file system is better than that of Window file system in case of adopting a simple directory cache mechanism.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.16 no.3
• /
• pp.21-28
• /
• 2016

File Time information has a significant meaning in digital forensic investigation. File time information in Linux Ext4 (Extended File System 4) environment is the Access Time, Modification Time, Inode Change Time, Deletion Time and Creation Time. File time is variously changed by user manipulations such as creation, copy and edit. And, the study of file time change is necessary for evidence analysis. This study analyzes the change in time information of files or folders resulting from user manipulations in Linux operating system and analyzes ways to determine real time of malware infection and whether the file was modulation.

• Journal of Information Technology Services
• /
• v.7 no.1
• /
• pp.195-204
• /
• 2008

As the dependency to network system and demands of efficient storage systems rapidly grows in every networking filed, the current trends initiated by explosive networked data grow due to the wide-spread of internet multimedia data and internet requires a paradigm shift from computing-centric to data-centric in storage systems. Furthermore, the new environment of file systems such as SAN(Storage Area Network) is adopted to the existing storage paradigm for providing high availability and efficient data access. We describe the design issues and system components of $SANique^{TM}$, which is the cluster file system based on SAN environment. We, especially, present the comparative results of performance analysis for the intensive I/O test by using the DBMSs that are operated at the top of cluster file system $SANique^{TM}$, EXT3 and NFS respectively.

• International journal of advanced smart convergence
• /
• v.12 no.1
• /
• pp.76-81
• /
• 2023

Journaling file systems are widely used to keep file systems in a consistent state against crash situations. As traditional journaling file systems are designed for block I/O devices like hard disks, they are not efficient for emerging byte-addressable NVM (non-volatile memory) media. In this article, we present a new in-memory journaling file system for NVM that is different from traditional journaling file systems in two respects. First, our file system journals only modified portions of metadata instead of whole blocks based on the byte-addressable I/O feature of NVM. Second, our file system bypasses the heavy software I/O stack while journaling by making use of an in-memory file system interface. Measurement studies using the IOzone benchmark show that the proposed file system performs 64.7% better than Ext4 on average.

• Journal of Internet Computing and Services
• /
• v.4 no.2
• /
• pp.11-19
• /
• 2003

The technique which stores cache data in EXT2 or UFS designed for general purpose is not suitable for satisfying the speed required for web cache due to the general purpose file system. This study shows that there is the better solution by optimizing the file system using the characteristics of web file. It is impossible that the suggested RawCFS changes the size of cached object and the access authentication, and this results from the existence of up-to-dated object in the original server. This file system is proved in the capability test that it is faster than the technique by 40% which stores in each file by object unit. This can be used in the design of high end web server such as shoppingmall or Internet Broadcasting station which should provide objects like image or HTML as well as cache server to the client for the fast service.

• Journal of Internet Computing and Services
• /
• v.6 no.4
• /
• pp.47-58
• /
• 2005

There are two major type of flash memory products, namely, NAND-type and NOR-type flash memory. NOR-type flash memory is generally deployed as ROM BIOS code storage because if offers Byte I/O and fast read operation. However, NOR-type flash memory is more expensive than NAND-type flash memory in terms of the cost per byte ratio, and hence NAND type flash memory is more widely used as large data storage such as embedded Linux file systems. In this paper, we designed an efficient flash memory file system based an Embedded system and presented to make up for reduced to Swapping a weak System Performance to flash file system using NAND-type flash memory, then proposed Swapping algorithm insured to an Execution time. Based on Implementation and simulation studies, Then, We improved performance bases on NAND-type flash memory to the requirement of the embedded system.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.4 no.6
• /
• pp.1311-1326
• /
• 2010

Peer-to-peer (P2P) networks consume the most bandwidth in the current Internet and file sharing accounts for the majority of the P2P traffic. Thus it is important for a P2P file sharing application to be efficient in bandwidth consumption. Bandwidth consumption as much as downloaded file sizes is inevitable, but those in file search and bad downloads, e.g. wrong, corrupted, or malicious file downloads, are overheads. In this paper, we target to reduce these overheads even in the presence of high volume of malicious users and their bad files. Sybil attacks are the example of such hostile environment. Sybil attacker creates a large number of identities (Sybil nodes) and unfairly influences the system. When a large portion of the system is subverted, either in terms of the number of users or the number of files shared in the system, the overheads due to the bad downloads rapidly increase. We propose ELiSyR, a file search protocol that can tolerate such a hostile environment. ELiSyR uses social networks for P2P file search and finds benign files in 71% of searches even when more than half of the users are malicious. Furthermore, ELiSyR provides similar success with less bandwidth than other general efforts against Sybil attacks. We compare our algorithm to SybilGuard, SybilLimit and EigenTrust in terms of bandwidth consumption and the likelihood of bad downloads. Our algorithm shows lower bandwidth consumption, similar chances of bad downloads and fairer distribution of computation loads than these general efforts. In return, our algorithm takes more rounds of search than them. However the time required for search is usually much less than the time required for downloads, so the delay in search is justifiable compared to the cost of bad downloads and subsequent re-search and downloads.

• International journal of advanced smart convergence
• /
• v.1 no.1
• /
• pp.34-37
• /
• 2012

In a storage system, the performance of data deduplication can be increased if we consider the file modification pattern. For example, if a file is modified at the end of file region then fixed-length chunking algorithm superior to variable-length chunking. Therefore, it is important to predict in which location of a file is modified between files. In this paper, the essential idea is to exploit an efficient file pattern checking scheme that can be used for data deduplication system. The file modification pattern can be used for elaborating data deduplication system for selecting deduplication algorithm. Experiment result shows that the proposed system can predict file modification region with high probability.