Exploratory Analysis of File System Metadata for Rapid
Investigation of Security Incidents

BERAN, Michal, František HRDINA, Daniel KOUŘIL, Radek OŠLEJŠEK and Kristína ZÁKOPČANOVÁ. Exploratory Analysis of File System Metadata for Rapid Investigation of Security Incidents. Online. In 2020 IEEE Symposium on Visualization for Cyber Security (VizSec). Salt Lake City, US: IEEE, 2020, p. 11-20. ISBN 978-1-7281-8262-9. Available from: https://dx.doi.org/10.1109/VizSec51108.2020.00008.

Other formats: BibTeX LaTeX RIS

Basic information
Original name	Exploratory Analysis of File System Metadata for Rapid Investigation of Security Incidents
Authors	BERAN, Michal (203 Czech Republic, belonging to the institution), František HRDINA (203 Czech Republic, belonging to the institution), Daniel KOUŘIL (203 Czech Republic, belonging to the institution), Radek OŠLEJŠEK (203 Czech Republic, guarantor, belonging to the institution) and Kristína ZÁKOPČANOVÁ (203 Czech Republic, belonging to the institution).
Edition	Salt Lake City, US, 2020 IEEE Symposium on Visualization for Cyber Security (VizSec), p. 11-20, 10 pp. 2020.
Publisher	IEEE

Other information
Original language	English
Type of outcome	Proceedings paper
Field of Study	10201 Computer sciences, information science, bioinformatics
Country of publisher	United States of America
Confidentiality degree	is not subject to a state or trade secret
Publication form	electronic version available online
WWW	Permalink to the IEEE archive Preprint (arxiv.org)
RIV identification code	RIV/00216224:14610/20:00116329
Organization unit	Institute of Computer Science
ISBN	978-1-7281-8262-9
Doi	http://dx.doi.org/10.1109/VizSec51108.2020.00008
UT WoS	000657259100002
Keywords in English	incident investigation; digital evidence; file system metadata; data analysis
Tags	firank_B, rivok
Tags	International impact, Reviewed
Changed by	Changed by: doc. RNDr. Radek Ošlejšek, Ph.D., učo 3636. Changed: 3/10/2022 16:22.

Abstract

Investigating cybersecurity incidents requires in-depth knowledge from the analyst. Moreover, the whole process is demanding due to the vast data volumes that need to be analyzed. While various techniques exist nowadays to help with particular tasks of the analysis, the process as a whole still requires a lot of manual activities and expert skills. We propose an approach that allows the analysis of disk snapshots more efficiently and with lower demands on expert knowledge. Following a user-centered design methodology, we implemented an analytical tool to guide analysts during security incident investigations. The viability of the solution was validated by an evaluation conducted with members of different security teams.

Links
EF16_019/0000822, research and development project	Name: Centrum excelence pro kyberkriminalitu, kyberbezpečnost a ochranu kritických informačních infrastruktur
MUNI/A/1411/2019, interní kód MU	Name: Aplikovaný výzkum: softwarové architektury kritických infrastruktur, bezpečnost počítačových systémů, zpracování přirozeného jazyka a jazykové inženýrství, vizualizaci velkých dat a rozšířená realita.
MUNI/A/1411/2019, interní kód MU	Investor: Masaryk University, Category A

Type	Name	Uploaded/Created by	Uploaded/Created
	2020-VizSec-exploratory-analysis-file-system-metadata-rapid-investigation-security-incidents-paper.pdf	Ošlejšek, R.	5/3/2021
Properties Address within IS https://is.muni.cz/auth/publication/1677096/2020-VizSec-exploratory-analysis-file-system-metadata-rapid-investigation-security-incidents-paper.pdf Address for the users outside IS https://is.muni.cz/publication/1677096/2020-VizSec-exploratory-analysis-file-system-metadata-rapid-investigation-security-incidents-paper.pdf Address within Manager https://is.muni.cz/auth/publication/1677096/2020-VizSec-exploratory-analysis-file-system-metadata-rapid-investigation-security-incidents-paper.pdf?info Address within Manager for the users outside IS https://is.muni.cz/publication/1677096/2020-VizSec-exploratory-analysis-file-system-metadata-rapid-investigation-security-incidents-paper.pdf?info Uploaded/Created Fri 5/3/2021 08:56, doc. RNDr. Radek Ošlejšek, Ph.D. Rights Right to read anyone on the Internet a concrete person RNDr. Daniel Kouřil, Ph.D., učo 1388 a concrete person Mgr. Alena Mokrá, učo 362754 a concrete person doc. RNDr. Radek Ošlejšek, Ph.D., učo 3636 a concrete person RNDr. Kristína Pšorn Zákopčanová, učo 390623 a concrete person Mgr. Michal Beran, učo 422189 a concrete person Mgr. František Hrdina, učo 422195 Right to upload Right to administer: a concrete person RNDr. Daniel Kouřil, Ph.D., učo 1388 a concrete person Mgr. Alena Mokrá, učo 362754 a concrete person doc. RNDr. Radek Ošlejšek, Ph.D., učo 3636 a concrete person RNDr. Kristína Pšorn Zákopčanová, učo 390623 a concrete person Mgr. Michal Beran, učo 422189 a concrete person Mgr. František Hrdina, učo 422195 Attributes 2020-VizSec-exploratory-analysis-file-system-metadata-rapid-investigation-security-incidents-paper.pdf Application Open the file Download file. Address within IS https://is.muni.cz/auth/publication/1677096/2020-VizSec-exploratory-analysis-file-system-metadata-rapid-investigation-security-incidents-paper.pdf Address for the users outside IS https://is.muni.cz/publication/1677096/2020-VizSec-exploratory-analysis-file-system-metadata-rapid-investigation-security-incidents-paper.pdf File type PDF (application/pdf) Size 996,3 KB Hash md5 69372a1a8079b3d248a2001010691cb0 Uploaded/Created Tue 5/7/2022 15:01 2020-VizSec-exploratory-analysis-file-system-metadata-rapid-investigation-security-incidents-paper_Archive.pdf Application Open the file Download file. Address within IS https://is.muni.cz/auth/publication/1677096/2020-VizSec-exploratory-analysis-file-system-metadata-rapid-investigation-security-incidents-paper_Archive.pdf Address for the users outside IS https://is.muni.cz/publication/1677096/2020-VizSec-exploratory-analysis-file-system-metadata-rapid-investigation-security-incidents-paper_Archive.pdf File type PDF/A (application/x-pdf) Size 6,8 MB Hash md5 bb52f8f129f88cc061d4df5f83e47e82 Uploaded/Created Tue 5/7/2022 16:40 2020-VizSec-exploratory-analysis-file-system-metadata-rapid-investigation-security-incidents-paper.txt Application Open the file Download file. Address within IS https://is.muni.cz/auth/publication/1677096/2020-VizSec-exploratory-analysis-file-system-metadata-rapid-investigation-security-incidents-paper.txt Address for the users outside IS https://is.muni.cz/publication/1677096/2020-VizSec-exploratory-analysis-file-system-metadata-rapid-investigation-security-incidents-paper.txt File type plain text (text/plain) Size 59 KB Hash md5 4d7ea0a91d62db2c07f138d38e9164b1 Uploaded/Created Tue 5/7/2022 16:41
	2020-VizSec-exploratory-analysis-file-system-metadata-rapid-investigation-security-incidents-presentation.mp4	Ošlejšek, R.	5/3/2021
Properties Address within IS https://is.muni.cz/auth/publication/1677096/2020-VizSec-exploratory-analysis-file-system-metadata-rapid-investigation-security-incidents-presentation.mp4 Address for the users outside IS https://is.muni.cz/publication/1677096/2020-VizSec-exploratory-analysis-file-system-metadata-rapid-investigation-security-incidents-presentation.mp4 Address within Manager https://is.muni.cz/auth/publication/1677096/2020-VizSec-exploratory-analysis-file-system-metadata-rapid-investigation-security-incidents-presentation.mp4?info Address within Manager for the users outside IS https://is.muni.cz/publication/1677096/2020-VizSec-exploratory-analysis-file-system-metadata-rapid-investigation-security-incidents-presentation.mp4?info Uploaded/Created Fri 5/3/2021 08:54, doc. RNDr. Radek Ošlejšek, Ph.D. Rights Right to read anyone on the Internet a concrete person RNDr. Daniel Kouřil, Ph.D., učo 1388 a concrete person Mgr. Alena Mokrá, učo 362754 a concrete person doc. RNDr. Radek Ošlejšek, Ph.D., učo 3636 a concrete person RNDr. Kristína Pšorn Zákopčanová, učo 390623 a concrete person Mgr. Michal Beran, učo 422189 a concrete person Mgr. František Hrdina, učo 422195 Right to upload Right to administer: a concrete person RNDr. Daniel Kouřil, Ph.D., učo 1388 a concrete person Mgr. Alena Mokrá, učo 362754 a concrete person doc. RNDr. Radek Ošlejšek, Ph.D., učo 3636 a concrete person RNDr. Kristína Pšorn Zákopčanová, učo 390623 a concrete person Mgr. Michal Beran, učo 422189 a concrete person Mgr. František Hrdina, učo 422195 Attributes 2020-VizSec-exploratory-analysis-file-system-metadata-rapid-investigation-security-incidents-presentation.mp4 Application Play video Open the video in the player. Download file. Address within IS https://is.muni.cz/auth/publication/1677096/2020-VizSec-exploratory-analysis-file-system-metadata-rapid-investigation-security-incidents-presentation.mp4 Address for the users outside IS https://is.muni.cz/publication/1677096/2020-VizSec-exploratory-analysis-file-system-metadata-rapid-investigation-security-incidents-presentation.mp4 File type video mp4 (video/mp4) Size 555,4 MB Hash md5 a70ae7ef740ae2582f3bfef477ce621a Uploaded/Created Fri 5/3/2021 08:57

Print
Report a file uploaded without authorization. Displayed: 25/4/2024 04:34

Exploratory Analysis of File System Metadata for Rapid Investigation of Security Incidents

Properties

Rights

2020-VizSec-exploratory-analysis-file-system-metadata-rapid-investigation-security-incidents-paper.pdf

2020-VizSec-exploratory-analysis-file-system-metadata-rapid-investigation-security-incidents-paper_Archive.pdf

2020-VizSec-exploratory-analysis-file-system-metadata-rapid-investigation-security-incidents-paper.txt

Properties

Rights

2020-VizSec-exploratory-analysis-file-system-metadata-rapid-investigation-security-incidents-presentation.mp4

Other applications