• Journal of the Institute of Electronics Engineers of Korea CI
• /
• v.49 no.4
• /
• pp.1-8
• /
• 2012

The NTFS journaling file($LogFile) is used to keep the file system clean in the event of a system crash or power failure. The operation on files leaves large amounts of information in the $LogFile. Despite the importance of a journal file as a forensic evidence repository, its structure is not well documented. The researchers used reverse engineering in order to gain a better understanding of the log record structures of address parts, and utilized the address for identifying object files to gain forensic information.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.6 no.2
• /
• pp.107-118
• /
• 2010

This paper proposes a digital forensic method to a file creation transaction using a journal file($LogFile) on NTFS File System. The journal file contains lots of information which can help recovering the file system when system failure happens, so knowledge of the structure is very helpful for a forensic analysis. The structure of the journal file, however, is not officially opened. We find out the journal file structure with analyzing the structure of log records by using reverse engineering. We show the digital forensic procedure extracting information from the log records of a sample file created on a NTFS volume. The related log records are as follows: bitmap and segment allocation information of MFT entry, index entry allocation information, resident value update information($FILE_NAME, $STANDARD_INFORMATION, and INDEX_ALLOCATION attribute etc.).

• IEMEK Journal of Embedded Systems and Applications
• /
• v.2 no.3
• /
• pp.184-193
• /
• 2007

Flash memory adoption in the mobile devices is increasing or vanous multimedia services such as audio, videos, and games. Although the traditional research issues such as out-place update, garbage collection, and wear-leveling are important, the performance, memory usage, and fast mount issues of flash memory file system are becoming much more important than ever because flash memory capacity is rapidly increasing. In this paper, we address the problems of the existing log-based flash memory file systems analytically and propose an efficient log-based file system, which produces higher performance, less memory usage and mount time than the existing log-based file systems. Our ideas are applied to a well-known log-based flash memory file system (YAFFS2) and the performance tests are conducted by comparing our prototype with YAFFS2. The experimental results show that our prototype achieves higher performance, less system memory usage, and faster mounting than YAFFS2, which is better than JFFS2.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.17 no.7
• /
• pp.623-628
• /
• 2016

Because the log information provides some critical clues for solving the problem of illegal system access, it is very important for a system administrator to gather and analyze the log data. In a Linux system, the syslog utility has been used to gather various kinds of log data. Unfortunately, there is a limitation that a system administrator should rely on the services only provided by the syslog utility. To overcome this limitation, this paper suggests a syslog agent that allows the system administrator to gather log information for file access that is not serviced by syslog utility. The basic concept of the suggested syslog agent is that after creating a FUSE, it stores the accessed information of the files under the directory on which FUSE has been mounted into the log file via syslog utility. To review its functional validity, a FUSE file system was implemented on Linux (Ubunt 14.04), and the log information of a file access was collected and confirmed.

• Journal of Internet Computing and Services
• /
• v.19 no.6
• /
• pp.73-82
• /
• 2018

We often experience complex presence of files within the compute environment. It could be an end-user's desktop environment or a professional part of file management. We would like to suggest one way to manage these different cases of duplicate files. It is a rule-based file management tool, and we want to use it as a tool to consolidate facility management log files. In this paper, we will describe the rule-based file management tools and show examples of how files are managed using them. We are interested in the management of the disaster environment and would like to apply this method to the management of log data related to facilities to be considered in the event of a disaster.

• Journal of information and communication convergence engineering
• /
• v.10 no.4
• /
• pp.405-410
• /
• 2012

Several attempts have been made to add journaling capability to a traditional file allocation table (FAT) file system. However, they encountered issues such as excessive system load or instability of the journaling data itself. If journaling data is saved as a file format, it can be corrupted by a user application. However, if journaling data is saved in a fixed area such as a reserved area, the storage can be physically corrupted because of excessive system load. To solve this problem, a new method that dynamically allocates journaling data is introduced. In this method, the journaling data is not saved as a file format. Using a reserved area and reserved FAT status entry of the FAT file system specification, the journaling data can be dynamically allocated and cannot be accessed by user applications. The experimental results show that this method is more stable and scalable than other log-based FAT file systems. HFAT was tested with more than 12,000 power failures and was stable.

• Information Systems Review
• /
• v.4 no.1
• /
• pp.47-67
• /
• 2002

Since mid 90's, most of firms utilizing web as a communication vehicle with customers are keenly interested in web log file which contains a lot of trails customers left on the web, such as IP address, reference address, cookie file, duration time, etc. Therefore, an appropriate analysis of the web log file leads to understanding customer's behaviors on the web. Its analysis results can be used as an effective marketing information for locating potential target customers. In this study, we introduced a web mining technique using Clementine of SPSS, and analyzed a set of real web log data file on a certain Internet hub site. We also suggested a process of various strategies build-up based on the web mining results.

• Convergence Security Journal
• /
• v.5 no.2
• /
• pp.51-56
• /
• 2005

Service operating management to keep stable and effective environment according as user increase and network environment of the Internet become complex gradually and requirements of offered service and user become various is felt constraint gradually. To solve this problem, invasion confrontation system through proposed this log analysis can be consisted as search of log file that is XML's advantage storing log file by XML form is easy and fast, and can have advantage log files of system analyze unification and manages according to structure anger of data. Also, created log file by Internet Protocol Address sort by do log and by Port number sort do log, invasion type sort log file and comparative analysis created in other invasion feeler system because change sort to various form such as do log by do logarithm, feeler time possible.

• Journal of KIISE
• /
• v.43 no.6
• /
• pp.627-635
• /
• 2016

When many processes issue write operations alternately on Log-structured File System (LFS), the created files can be fragmented on the file system layer although LFS sequentially allocates new blocks of each process. Unfortunately, this file fragmentation degrades read performance because it increases the number of block I/Os. Additionally, read-ahead operations which increase the number of data to request at a time exacerbates the performance degradation. In this paper, we suggest a new cleaning method on LFS that minimizes file fragmentation. During a cleaning process of LFS, our method sorts valid data blocks by inode numbers before copying the valid blocks to a new segment. This sorting re-locates fragmented blocks contiguously. Our cleaning method experimentally eliminates 60% of file fragmentation as compared to file fragmentation before cleaning. Consequently, our cleaning method improves sequential read throughput by 21% when read-ahead is applied.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.5
• /
• pp.125-132
• /
• 2010

Web browser is essential application for using internet. If suspect use a web browser for crime, evidence related crime is stored in log file. Therefore, we obtain the useful information related crime as investigating web browser log file. In this paper, we look at the related work and tools for web browser log file. And we introduce analysis methodology of web browser log file focus on the digital forensics. In addition, we apply to our tool at real case.