Model-Driven Engineering in Digital Forensics. Jeroen van den Bos with Tijs van der Storm and Leon Aronson
|
|
- Roger Powell
- 6 years ago
- Views:
Transcription
1 Model-Driven Engineering in Digital Forensics Jeroen van den Bos with Tijs van der Storm and Leon Aronson
2 Contents Digital forensics MDE in forensics Domain-specific optimizations Conclusion
3 Digital Forensics Background and Challenges
4 Netherlands Forensic Institute Improve our clients information position through high-quality forensic services
5 What is digital forensics? From Wikipedia: Digital forensics is a branch of forensic science encompassing the recovery and investigation of material found in digital devices, often in relation to computer crime.
6 Do we need (custom) software (engineering)? Software: yes, there is no other way to do digital forensics. Custom software: yes, because we have specific requirements. Software engineering: yes, for legal, business and engineering reasons.
7 RDD Defraser TULP2G Aftertime
8 Main activities Acquisition Recovery Analysis Securing the data Turning data into information Finding relevant information
9 Challenges in all areas Data acquisition From hard drives to solid-state memory. Moving into the cloud (mostly legal issues). Data recovery New platforms, apps and versions emerge daily. Lots of variants due to vendor-specific implementations. Data analysis New visualizations to detect innovative use of technology. Finding complex relationships in data sets.
10 Challenges in all areas Data acquisition From hard drives to solid-state memory. Moving into the cloud (mostly legal issues). Data recovery Scalability is a problem everywhere. New platforms, apps and versions emerge daily. Lots of variants due to vendor-specific implementations. Data analysis New visualizations to detect innovative use of technology. Finding complex relationships in data sets.
11 Challenges in all areas Data acquisition From hard drives to solid-state memory. Moving into the cloud (mostly legal issues). Data recovery New platforms, apps and versions emerge daily. Lots of variants due to vendor-specific implementations. Data analysis New visualizations to detect innovative use of technology. Finding complex relationships in data sets.
12 Requirements 1. Data structure definitions that are easy to develop and modify. 2. Highest possible runtime performance and scalability. 3. Reuse of changes across applications. 4. Separation forensic investigation and software engineering concerns.
13 MDE in forensics File Carving, Excavator and Derric
14 Data acquired: 1TB. File carving
15 File carving 264GB allocated to main file system.
16 File carving 40GB found analyzing metadata, additional 240GB file system.
17 File carving That leaves 456GB unaccounted for.
18 File carving 96GB probably contains files. What about the other 360GB?
19 File carving File carving is the process of recovering files without the help of (file system) storage metadata. A file carver typically consists of two parts: The carver itself, which selects and/or combines blocks of data from the input as candidate files. A set of format validators that determine whether a candidate file is of any of the formats they validate.
20 input to storage device Derric Descriptions Code Generator Format Validators File Carver recovered files input to produces input to produces Excavator architecture
21 A DERRIC description 1. Header Name and encoding/ type defaults format PNG strings ascii size 1 unit byte sign false type integer order lsb0 endian little 2. Sequence Data structure ordering sequence Signature IHDR (ITXT ICMT)* PLTE? IDAT IDAT* IEND 3. Structures Layout of individual data structures structures IHDR { l: lengthof(d) size 4; n: IHDR ; d: {... } c: checksum (...) size 4; }
22 structures Chunk { length: lengthof(chunkdata) size 4; chunktype: type string size 4; chunkdata: size length; crc: checksum(algorithm="crc32-ieee", fields=chunktype+chunkdata) size 4; end: 0xFF3F; } IHDR = Chunk { chunktype: "IHDR"; chunkdata: { width:!0 size 4; height:!0 size 4; bitdepth: ; imagesize: (width*height*bitdepth)/8 size 4; interlace: 0 1; } }
23 Applying Derric Each format has one/several descriptions. Code generator uses descriptions: Applies (domain-specific) optimizations/transformations. Runs quickly, so easy to rerun after changes. May output for multiple targets. Runtime system uses generated validators: Recognizes, extracts or ignores files. Implements algorithms and common optimizations.
24 Comparing to Existing Tools on a Set of Benchmarks Excavator ReviveIt PhotoRec Scalpel Files Recovered (count) Processing speed (MB/second)
25 Intermediate conclusion Model-driven approach works well: Runtime performance, quality of results of Excavator are good. Derric allows division of labour to improve productivity. However, no large benchmarks exist, so scalability has not been evaluated.
26 Domain-Specific Optimizations Transformations to Improve Scalability
27 Speeding up a file carver Two ways to improve performance: Reduce the amount of validator invocations. Improve the runtime performance of the validator. Both can potentially be achieved by reducing validator accuracy.
28 Validator accuracy Clusters acquired from a hard drive: A A A A A B B B B C C C C C C C B B B B
29 Three Transformations, Four Validators Base NoCA NoDD Remove Content Analysis Remove Data Dependencies HFMatch Reduce to Header/Footer Matching
30 structures Remove Content Analysis Chunk { length: lengthof(chunkdata) size 4; chunktype: type string size 4; chunkdata: size length; crc: checksum(algorithm="crc32-ieee", fields=chunktype+chunkdata) size 4; end: 0xFF3F; } IHDR = Chunk { chunktype: "IHDR"; chunkdata: { width:!0 size 4; height:!0 size 4; bitdepth: ; imagesize: (width*height*bitdepth)/8 size 4; interlace: 0 1; } }
31 structures Removed Content Analysis Chunk { length: lengthof(chunkdata) size 4; chunktype: type string size 4; chunkdata: size length; crc: size 4; end: 0xFF3F; } IHDR = Chunk { chunktype: "IHDR"; chunkdata: { width:!0 size 4; height:!0 size 4; bitdepth: ; imagesize: (width*height*bitdepth)/8 size 4; interlace: 0 1; } }
32 structures Remove Data Dependencies Chunk { length: lengthof(chunkdata) size 4; chunktype: type string size 4; chunkdata: size length; crc: size 4; end: 0xFF3F; } IHDR = Chunk { chunktype: "IHDR"; chunkdata: { width:!0 size 4; height:!0 size 4; bitdepth: ; imagesize: (width*height*bitdepth)/8 size 4; interlace: 0 1; } }
33 structures Chunk { length: size 4; chunktype: type string size 4; crc: size 4; end: terminatedby 0xFF3F; } IHDR = Chunk { chunktype: "IHDR"; chunkdata: { width:!0 size 4; height:!0 size 4; bitdepth: ; imagesize: size 4; interlace: 0 1; } } Removed Data Dependencies
34 Reduced to Header/Footer Matching format PNG sequence start end structures start { header: 137, 80, 78, 71, 13, 10, 26, 10; } end { footer: terminatedby 0, 0, 0, 0, 73, 69, 78, 68, 174, 66, 96, 130; }
35 Constructing a Benchmark No suitable public benchmark exists Constructed own 1TB test image: >1.2M image files, 357GB total from Wikipedia JPEG, PNG and GIF files 543GB random data, 100GB zeros Fragmentation based on observations
36 Test setup Twelve runs total: Three format specifications in Derric Four validator implementations One base, three transformed 3.4GHz Intel Core i7-2600, 8GB RAM, 2TB 10kRPM SATA HDD, JavaSE6-u13
37 Results: Running Time (m) JPEG (930k files) GIF (37k files) PNG (236k files) Base NoCA NoDD HFMatch
38 Results: Precision (%) JPEG (930k files) GIF (37k files) PNG (236k files) Base NoCA NoDD HFMatch
39 Results: Recall (%) 95 71,25 47,5 23,75 0 JPEG (930k files) GIF (37k files) PNG (236k files) Base NoCA NoDD HFMatch
40 Benchmark results NoDD and HFMatch are close: Both I/O bound Return nearly the same files Base is much slower: Expensive calculations Large amount of attempts
41 Intermediate conclusion Results indicate usable approach: Up to three times the speed At the cost of 8% precision, 5% recall Some questions that remain: Other file formats? Effects on actual analysis time?
42 Conclusion MDE has clear benefits in digital forensic data recovery: Helps engineers to focus on engineering and investigators on investigating. Does not incur any penalty in terms of runtime performance or quality of results. Enables useful additional automation.
43 Questions?
DERRIC. Model-Driven Engineering in Digital Forensics. Jeroen van den Bos
DERRIC Model-Driven Engineering in Digital Forensics Jeroen van den Bos jeroen@infuse.org DERRIC Model-Driven Engineering in Digital Forensics Experience: Jeroen van den Bos jeroen@infuse.org 1998: software
More informationBringing Domain-Specific Languages to Digital Forensics
Bringing Domain-Specific Languages to Digital Forensics Jeroen van den Bos Netherlands Forensic Institute Laan van Ypenburg 6 2497 GB, Den Haag The Netherlands jeroen@infuse.org Tijs van der Storm Centrum
More informationDissecting Files. Endianness. So Many Bytes. Big Endian vs. Little Endian. Example Number. The "proper" order of things. Week 6
Dissecting Files Endianness Week 6 The "proper" order of things So Many Bytes So Many Bytes On a 32-bit system, each word consists of 4 bytes So, when any 32-bit value is stored in memory, each of those
More informationBytes are read Right to Left, so = 0x3412, = 0x
Practice - Quiz #5 CIST 2612 Computer Forensics Bitmap File Information Bytes are read Right to Left, so 12 34 = 0x3412, 12 34 56 70 = 0x70563412 Figure 1 - Bitmap File Header Figure 2 - Device Independent
More informationIntroduction. Collecting, Searching and Sorting evidence. File Storage
Collecting, Searching and Sorting evidence Introduction Recovering data is the first step in analyzing an investigation s data Recent studies: big volume of data Each suspect in a criminal case: 5 hard
More informationDomain-Specific Languages for Digital Forensics
Domain-Specific Languages for Digital Forensics Jeroen van den Bos Centrum Wiskunde & Informatica Nederlands Forensisch Instituut jeroen@infuse.org Abstract. Due to strict deadlines, custom requirements
More informationA Little Language: Little Maintenance?
A Little Language: Little Maintenance? An Experiment in Digital Forensics Jeroen van den Bos Digital Technology & Biometrics Netherlands Forensic Institute (NFI) Den Haag, The Netherlands Email: jeroen@infuse.org
More informationIntroduction to carving File fragmentation Object validation Carving methods Conclusion
Simson L. Garfinkel Presented by Jevin Sweval Introduction to carving File fragmentation Object validation Carving methods Conclusion 1 Carving is the recovery of files from a raw dump of a storage device
More informationForce Open: Lightweight Black Box File Repair
Force Open: Lightweight Black Box File Repair Karl Wüst1, Petar Tsankov1, Saša Radomirovic 2, Mohammad Torabi Dashti1 1 ETH Zürich, 2 University of Dundee DFRWS EU 2017 Karl Wüst 2017-03-23 1 Motivation
More informationGJU IT-forensics course. Storage medium analysis
Harald Baier Storage medium analysis / 2014-04-02 1/32 GJU IT-forensics course Storage medium analysis Harald Baier Hochschule Darmstadt, CASED 2014-04-02 Partitions Harald Baier Storage medium analysis
More informationFILE SYSTEMS, PART 2. CS124 Operating Systems Fall , Lecture 24
FILE SYSTEMS, PART 2 CS124 Operating Systems Fall 2017-2018, Lecture 24 2 Last Time: File Systems Introduced the concept of file systems Explored several ways of managing the contents of files Contiguous
More informationAutomatically Identifying Critical Input Regions and Code in Applications
Automatically Identifying Critical Input Regions and Code in Applications Michael Carbin MIT CSAIL, MIT EECS Cambridge, Massachusetts, USA mcarbin@csail.mit.edu Martin Rinard MIT CSAIL, MIT EECS Cambridge,
More informationCommon File Formats. Need a standard to store images Raster data Photos Synthetic renderings. Vector Graphic Illustrations Fonts
1 Image Files Common File Formats Need a standard to store images Raster data Photos Synthetic renderings Vector Graphic Illustrations Fonts Bitmap Format - Center for Graphics and Geometric Computing,
More informationThis is not yellow. Image Files - Center for Graphics and Geometric Computing, Technion 2
1 Image Files This is not yellow Image Files - Center for Graphics and Geometric Computing, Technion 2 Common File Formats Need a standard to store images Raster data Photos Synthetic renderings Vector
More informationRascal: Language Technology for Model-Driven Engineering
Rascal: Language Technology for Model-Driven Engineering Jeroen van den Bos CWI & NFI jeroen@infuse.org P.R. Griffioen CWI p.r.griffioen@cwi.nl Tijs van der Storm CWI storm@cwi.nl Abstract Model-Driven
More informationComputer Forensics: Investigating Data and Image Files, 2nd Edition. Chapter 3 Forensic Investigations Using EnCase
Computer Forensics: Investigating Data and Image Files, 2nd Edition Chapter 3 Forensic Investigations Using EnCase Objectives After completing this chapter, you should be able to: Understand evidence files
More informationSoftware-defined Storage: Fast, Safe and Efficient
Software-defined Storage: Fast, Safe and Efficient TRY NOW Thanks to Blockchain and Intel Intelligent Storage Acceleration Library Every piece of data is required to be stored somewhere. We all know about
More informationA SURVEY ON MULTIMEDIA FILE CARVING
A SURVEY ON MULTIMEDIA FILE CARVING Raj Kumar Pahade 1, Bhupendra Singh 2 and Upasna Singh 3 Department of Computer Science & Engineering, Defence Institute of Advanced Technology (DIAT), Pune, India ABSTRACT
More informationChapter 1 (Computer Forensics)
Final Study Guide Chapter 1 (Computer Forensics) CIST2612 Final will be given Sunday the 22 from 10:30 to 12:30 22 nd of May nd of Understanding Computer forensics {pages 2-3} Computer forensics involves
More informationFile Systems and Volumes
File Systems and Volumes Section II. Basic Forensic Techniques and Tools CSF: Forensics Cyber-Security MSIDC, Spring 2015 Nuno Santos Summary! Data organization in storage systems! File deletion and recovery!
More informationFILE SYSTEMS. CS124 Operating Systems Winter , Lecture 23
FILE SYSTEMS CS124 Operating Systems Winter 2015-2016, Lecture 23 2 Persistent Storage All programs require some form of persistent storage that lasts beyond the lifetime of an individual process Most
More informationMicrosoft File Allocation Table
Microsoft File Allocation Table CSC362, Information Security originally appeared in late 1970s for small disks with simple folder structures uses a FAT to index files (naturally) the original FAT- 12 gave
More informationMulti-version Data recovery for Cluster Identifier Forensics Filesystem with Identifier Integrity
Multi-version Data recovery for Cluster Identifier Forensics Filesystem with Identifier Integrity Mohammed Alhussein, Duminda Wijesekera Department of Computer Science George Mason University Fairfax,
More informationCEIC 2007 May 8, 2007
Basic File Carving With FTimes CEIC 2007 May 8, 2007 KoreLogic, Inc: Andy Bair pab-ceic@korelogic.com Jay Smith jsmith-ceic@korelogic.com 1 Overall Agenda Basic Section Introduction - File Carving Overview
More informationMain Memory and the CPU Cache
Main Memory and the CPU Cache CPU cache Unrolled linked lists B Trees Our model of main memory and the cost of CPU operations has been intentionally simplistic The major focus has been on determining
More informationAvailable online at ScienceDirect. The 4th International Conference on Electrical Engineering and Informatics (ICEEI 2013)
Available online at www.sciencedirect.com ScienceDirect Procedia Technology 11 ( 2013 ) 86 92 The 4th International Conference on Electrical Engineering and Informatics (ICEEI 2013) Systematic Literature
More informationINTEL NEXT GENERATION TECHNOLOGY - POWERING NEW PERFORMANCE LEVELS
INTEL NEXT GENERATION TECHNOLOGY - POWERING NEW PERFORMANCE LEVELS Russ Fellows Enabling you to make the best technology decisions July 2017 EXECUTIVE OVERVIEW* The new Intel Xeon Scalable platform is
More informationLATEST INTEL TECHNOLOGIES POWER NEW PERFORMANCE LEVELS ON VMWARE VSAN
LATEST INTEL TECHNOLOGIES POWER NEW PERFORMANCE LEVELS ON VMWARE VSAN Russ Fellows Enabling you to make the best technology decisions November 2017 EXECUTIVE OVERVIEW* The new Intel Xeon Scalable platform
More informationDesign Tradeoffs for Developing Fragmented Video Carving Tools
DIGITAL FORENSIC RESEARCH CONFERENCE Design Tradeoffs for Developing Fragmented Video Carving Tools By Eoghan Casey and Rikkert Zoun Presented At The Digital Forensic Research Conference DFRWS 2014 USA
More informationCloud-related Storage Research in Santa Cruz
Cloud-related Storage Research in Santa Cruz Darrell Long University of California, Santa Cruz Trading Storage for Computation (and vice versa) 2 Trade Storage for Computation Inputs rocess Result Storing
More informationComputer Science Section. Computational and Information Systems Laboratory National Center for Atmospheric Research
Computer Science Section Computational and Information Systems Laboratory National Center for Atmospheric Research My work in the context of TDD/CSS/ReSET Polynya new research computing environment Polynya
More informationOpen Source Storage. Ric Wheeler Architect & Senior Manager April 30, 2012
Open Source Storage Architect & Senior Manager rwheeler@redhat.com April 30, 2012 1 Linux Based Systems are Everywhere Used as the base for commercial appliances Enterprise class appliances Consumer home
More informationFRAME BASED RECOVERY OF CORRUPTED VIDEO FILES
FRAME BASED RECOVERY OF CORRUPTED VIDEO FILES D.Suresh 1, D.V.Ramana 2, D.Arun Kumar 3 * 1 Assistant Professor, Department of ECE, GMRIT, RAJAM, AP, INDIA 2 Assistant Professor, Department of ECE, GMRIT,
More informationSource: https://articles.forensicfocus.com/2018/03/02/evidence-acquisition-using-accessdata-ftk-imager/
by Chirath De Alwis Source: https://articles.forensicfocus.com/2018/03/02/evidence-acquisition-using-accessdata-ftk-imager/ Forensic Toolkit or FTK is a computer forensics software product made by AccessData.
More informationLEVERAGING FLASH MEMORY in ENTERPRISE STORAGE
LEVERAGING FLASH MEMORY in ENTERPRISE STORAGE Luanne Dauber, Pure Storage Author: Matt Kixmoeller, Pure Storage SNIA Legal Notice The material contained in this tutorial is copyrighted by the SNIA unless
More informationOur Turbine got Hacked! Performing Forensic Investigations of Industrial Control Systems
Siemens Our Turbine got Hacked! Performing Forensic Investigations of Industrial Control Systems Heiko Patzlaff Restricted Siemens AG 2013. All rights reserved Page 2 The traditional approach to host forensics
More informationSMCCSE: PaaS Platform for processing large amounts of social media
KSII The first International Conference on Internet (ICONI) 2011, December 2011 1 Copyright c 2011 KSII SMCCSE: PaaS Platform for processing large amounts of social media Myoungjin Kim 1, Hanku Lee 2 and
More informationThe Lion of storage systems
The Lion of storage systems Rakuten. Inc, Yosuke Hara Mar 21, 2013 1 The Lion of storage systems http://www.leofs.org LeoFS v0.14.0 was released! 2 Table of Contents 1. Motivation 2. Overview & Inside
More informationData Storage JMU Computer Science Content Teaching Academy 2014
Data Storage JMU Computer Science Content Teaching Academy 2014 Florian Buchholz buchhofp@jmu.edu Abstraction layers to interpret data and information Physical layer Data is physically stored Device BIOS
More informationDesign a Remote-Office or Branch-Office Data Center with Cisco UCS Mini
White Paper Design a Remote-Office or Branch-Office Data Center with Cisco UCS Mini February 2015 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 1 of 9 Contents
More informationPredicting the Types of File Fragments
Predicting the Types of File Fragments William C. Calhoun and Drue Coles Department of Mathematics, Computer Science and Statistics Bloomsburg, University of Pennsylvania Bloomsburg, PA 17815 Thanks to
More informationQuantifying FTK 3.0 Performance with Respect to Hardware Selection
Quantifying FTK 3.0 Performance with Respect to Hardware Selection Background A wide variety of hardware platforms and associated individual component choices exist that can be utilized by the Forensic
More informationTIBX NEXT-GENERATION ARCHIVE FORMAT IN ACRONIS BACKUP CLOUD
TIBX NEXT-GENERATION ARCHIVE FORMAT IN ACRONIS BACKUP CLOUD 1 Backup Speed and Reliability Are the Top Data Protection Mandates What are the top data protection mandates from your organization s IT leadership?
More informationNAME optipng optimize Portable Network Graphics files. SYNOPSIS optipng [? h help] optipng [options...] files...
NAME optipng optimize Portable Network Graphics files SYNOPSIS optipng [? h help] optipng [options...] files... DESCRIPTION OptiPNG shall attempt to optimize PNG files, i.e. reduce their size to a minimum,
More informationFile Carving Using Sequential Hypothesis Testing
File Carving Using Sequential Hypothesis Testing Anandabrata (Pasha) Pal, Taha Sencar and Nasir Memon Introduction File Carving: recovery without file system meta-data. Recovery based on file structure/content
More informationAudio Engineering Society. Conference Paper. Presented at the Conference on Audio Forensics 2017 June Arlington, VA, USA
Audio Engineering Society Conference Paper Presented at the Conference on Audio Forensics 2017 June 15 17 Arlington, VA, USA This paper was peer-reviewed as a complete manuscript for presentation at this
More informationHow to recover a failed Storage Spaces
www.storage-spaces-recovery.com How to recover a failed Storage Spaces ReclaiMe Storage Spaces Recovery User Manual 2013 www.storage-spaces-recovery.com Contents Overview... 4 Storage Spaces concepts and
More informationpblk the OCSSD FTL Linux FAST Summit 18 Javier González Copyright 2018 CNEX Labs
pblk the OCSSD FTL Linux FAST Summit 18 Javier González Read Latency Read Latency with 0% Writes Random Read 4K Percentiles 2 Read Latency Read Latency with 20% Writes Random Read 4K + Random Write 4K
More informationChapter 10: Mass-Storage Systems
Chapter 10: Mass-Storage Systems Silberschatz, Galvin and Gagne 2013 Chapter 10: Mass-Storage Systems Overview of Mass Storage Structure Disk Structure Disk Attachment Disk Scheduling Disk Management Swap-Space
More informationSecure Block Storage (SBS) FAQ
What is Secure Block Storage (SBS)? Atlantic.Net's Secure Block Storage allows you to easily attach additional storage to your Atlantic.Net Cloud Servers. You can use SBS for your file, database, application,
More informationINSTITUTO SUPERIOR TÉCNICO
INSTITUTO SUPERIOR TÉCNICO DEPARTAMENTO DE ENGENHARIA INFORMÁTICA FORENSICS CYBER-SECURITY MEIC, METI Lab Guide II Evidence Examination 2015/2016 nuno.m.santos@tecnico.ulisboa.pt 1 Introduction This guide
More informationChapter 10: Mass-Storage Systems. Operating System Concepts 9 th Edition
Chapter 10: Mass-Storage Systems Silberschatz, Galvin and Gagne 2013 Chapter 10: Mass-Storage Systems Overview of Mass Storage Structure Disk Structure Disk Attachment Disk Scheduling Disk Management Swap-Space
More informationV. Mass Storage Systems
TDIU25: Operating Systems V. Mass Storage Systems SGG9: chapter 12 o Mass storage: Hard disks, structure, scheduling, RAID Copyright Notice: The lecture notes are mainly based on modifications of the slides
More informationA Comprehensive Study on the Performance of Implicit LS-DYNA
12 th International LS-DYNA Users Conference Computing Technologies(4) A Comprehensive Study on the Performance of Implicit LS-DYNA Yih-Yih Lin Hewlett-Packard Company Abstract This work addresses four
More informationSATA RAID For The Enterprise? Presented at the THIC Meeting at the Sony Auditorium, 3300 Zanker Rd, San Jose CA April 19-20,2005
Logo of Your organization SATA RAID For The Enterprise? Scott K. Cleland, Director of Marketing AMCC 455 West Maude Ave., Sunnyvale, CA 94085-3517 Phone:+1-408-523-1079 FAX: +1-408-523-1001 E-mail: scleland@amcc.com
More informationSECURE, FLEXIBLE ON-PREMISE STORAGE WITH EMC SYNCPLICITY AND EMC ISILON
White Paper SECURE, FLEXIBLE ON-PREMISE STORAGE WITH EMC SYNCPLICITY AND EMC ISILON Abstract This white paper explains the benefits to the extended enterprise of the on-premise, online file sharing storage
More informationChapter 7. GridStor Technology. Adding Data Paths. Data Paths for Global Deduplication. Data Path Properties
Chapter 7 GridStor Technology GridStor technology provides the ability to configure multiple data paths to storage within a storage policy copy. Having multiple data paths enables the administrator to
More informationNetworking for Data Acquisition Systems. Fabrice Le Goff - 14/02/ ISOTDAQ
Networking for Data Acquisition Systems Fabrice Le Goff - 14/02/2018 - ISOTDAQ Outline Generalities The OSI Model Ethernet and Local Area Networks IP and Routing TCP, UDP and Transport Efficiency Networking
More informationScaling Internet TV Content Delivery ALEX GUTARIN DIRECTOR OF ENGINEERING, NETFLIX
Scaling Internet TV Content Delivery ALEX GUTARIN DIRECTOR OF ENGINEERING, NETFLIX Inventing Internet TV Available in more than 190 countries 104+ million subscribers Lots of Streaming == Lots of Traffic
More informationThe Google File System
The Google File System Sanjay Ghemawat, Howard Gobioff, and Shun-Tak Leung SOSP 2003 presented by Kun Suo Outline GFS Background, Concepts and Key words Example of GFS Operations Some optimizations in
More informationIntroduction to Volume Analysis, Part I: Foundations, The Sleuth Kit and Autopsy. Digital Forensics Course* Leonardo A. Martucci *based on the book:
Part I: Foundations, Introduction to Volume Analysis, The Sleuth Kit and Autopsy Course* Leonardo A. Martucci *based on the book: File System Forensic Analysis by Brian Carrier LAM 2007 1/12h Outline Part
More informationMultimedia Systems. Part 4. Mahdi Vasighi
Multimedia Systems Part 4 Mahdi Vasighi www.iasbs.ac.ir/~vasighi Department of Computer Science and Information Technology, Institute for Advanced Studies in Basic Sciences, Zanjan, Iran Image Formats
More informationDEDUPLICATION BASICS
DEDUPLICATION BASICS 4 DEDUPE BASICS 6 WHAT IS DEDUPLICATION 8 METHODS OF DEDUPLICATION 10 DEDUPLICATION EXAMPLE 12 HOW DO DISASTER RECOVERY & ARCHIVING FIT IN? 14 DEDUPLICATION FOR EVERY BUDGET QUANTUM
More informationSONAS Best Practices and options for CIFS Scalability
COMMON INTERNET FILE SYSTEM (CIFS) FILE SERVING...2 MAXIMUM NUMBER OF ACTIVE CONCURRENT CIFS CONNECTIONS...2 SONAS SYSTEM CONFIGURATION...4 SONAS Best Practices and options for CIFS Scalability A guide
More informationCOMPARING COST MODELS - DETAILS
COMPARING COST MODELS - DETAILS SOFTLAYER TOTAL COST OF OWNERSHIP (TCO) CALCULATOR APPROACH The Detailed comparison tab in the TCO Calculator provides a tool with which to do a cost comparison between
More informationStorage for High-Performance Computing Gets Enterprise Ready
Storage for High-Performance Computing Gets Enterprise Ready by George Crump High-Performance Computing (HPC) is the proving grounds to test a storage system s ability to handle mixed workloads. While
More informationSources of Evidence. CSF: Forensics Cyber-Security. Part I. Foundations of Digital Forensics. Fall 2015 Nuno Santos
Sources of Evidence Part I. Foundations of Digital Forensics CSF: Forensics Cyber-Security Fall 2015 Nuno Santos Summary Reasoning about sources of evidence Data representation and interpretation Number
More informationRethinking Deduplication Scalability
Rethinking Deduplication Scalability Petros Efstathopoulos Petros Efstathopoulos@symantec.com Fanglu Guo Fanglu Guo@symantec.com Symantec Research Labs Symantec Corporation, Culver City, CA, USA 1 ABSTRACT
More informationParaben Examiner 9.0 Release Notes
Paraben E-mail Examiner 9.0 Release Notes 1 Paraben Corporation Welcome to Paraben s E-mail Examiner 9.0! Paraben s Email Examiner-EMX allows for the forensic examination of the most popular local e-mail
More informationFour Components of a Computer System
Four Components of a Computer System Operating System Concepts Essentials 2nd Edition 1.1 Silberschatz, Galvin and Gagne 2013 Operating System Definition OS is a resource allocator Manages all resources
More informationPC-based data acquisition II
FYS3240 PC-based instrumentation and microcontrollers PC-based data acquisition II Data streaming to a storage device Spring 2015 Lecture 9 Bekkeng, 29.1.2015 Data streaming Data written to or read from
More informationFile System Interpretation
File System Interpretation Part III. Advanced Techniques and Tools for Digital Forensics CSF: Forensics Cyber-Security Fall 2018 Nuno Santos Previously: Introduction to Android forensics! How does Android
More informationProcess. One or more threads of execution Resources required for execution. Memory (RAM) Others
Memory Management 1 Learning Outcomes Appreciate the need for memory management in operating systems, understand the limits of fixed memory allocation schemes. Understand fragmentation in dynamic memory
More informationLinux File Systems: Challenges and Futures Ric Wheeler Red Hat
Linux File Systems: Challenges and Futures Ric Wheeler Red Hat Overview The Linux Kernel Process What Linux Does Well Today New Features in Linux File Systems Ongoing Challenges 2 What is Linux? A set
More informationSpecification of the PFS File Format version 1.5
Specification of the PFS File Format version 1.5 October 14, 2008 1 Introduction This document contains a detailed specification of the pfs file format. PFS file format is intended to store in particular
More informationPartial Acquisition Prashant Jain and Michael Kircher
1 Partial Acquisition Prashant Jain and Michael Kircher {Prashant.Jain,Michael.Kircher}@mchp.siemens.de Siemens AG, Corporate Technology Munich, Germany Partial Acquisition 2 Partial Acquisition The Partial
More informationDesigning SSDs for large scale cloud workloads FLASH MEMORY SUMMIT, AUG 2014
Designing SSDs for large scale cloud workloads FLASH MEMORY SUMMIT, AUG 2014 2 3 Cloud workloads are different! Examples: Read-mostly, write-once per day Sequential write streams for object stores Synchronous
More informationDiamond Networks/Computing. Nick Rees January 2011
Diamond Networks/Computing Nick Rees January 2011 2008 computing requirements Diamond originally had no provision for central science computing. Started to develop in 2007-2008, with a major development
More informationSolving the I/O bottleneck with Flash
Solving the I/O bottleneck with Flash Ori Balaban Director of Sales for Global Accounts SanDisk Corporation August 2007 1 Agenda Performance bottlenecks in HDD Alternative solutions SSD value proposition
More informationFile System Case Studies. Jin-Soo Kim Computer Systems Laboratory Sungkyunkwan University
File System Case Studies Jin-Soo Kim (jinsookim@skku.edu) Computer Systems Laboratory Sungkyunkwan University http://csl.skku.edu Today s Topics The Original UNIX File System FFS Ext2 FAT 2 UNIX FS (1)
More informationFile System Case Studies. Jin-Soo Kim Computer Systems Laboratory Sungkyunkwan University
File System Case Studies Jin-Soo Kim (jinsookim@skku.edu) Computer Systems Laboratory Sungkyunkwan University http://csl.skku.edu Today s Topics The Original UNIX File System FFS Ext2 FAT 2 UNIX FS (1)
More informationPresented by: Nafiseh Mahmoudi Spring 2017
Presented by: Nafiseh Mahmoudi Spring 2017 Authors: Publication: Type: ACM Transactions on Storage (TOS), 2016 Research Paper 2 High speed data processing demands high storage I/O performance. Flash memory
More informationUnit 2 Digital Information. Chapter 1 Study Guide
Unit 2 Digital Information Chapter 1 Study Guide 2.5 Wrap Up Other file formats Other file formats you may have encountered or heard of include:.doc,.docx,.pdf,.mp4,.mov The file extension you often see
More informationRecall from Tuesday. Our solution to fragmentation is to split up a process s address space into smaller chunks. Physical Memory OS.
Paging 11/10/16 Recall from Tuesday Our solution to fragmentation is to split up a process s address space into smaller chunks. Physical Memory OS Process 3 Process 3 OS: Place Process 3 Process 1 Process
More informationReducing Costs in the Data Center Comparing Costs and Benefits of Leading Data Protection Technologies
Reducing Costs in the Data Center Comparing Costs and Benefits of Leading Data Protection Technologies November 2007 Reducing Costs in the Data Center Table of Contents The Increasingly Costly Data Center...1
More informationHPE SimpliVity. The new powerhouse in hyperconvergence. Boštjan Dolinar HPE. Maribor Lancom
HPE SimpliVity The new powerhouse in hyperconvergence Boštjan Dolinar HPE Maribor Lancom 2.2.2018 Changing requirements drive the need for Hybrid IT Application explosion Hybrid growth 2014 5,500 2015
More informationADDENDUM TO: BENCHMARK TESTING RESULTS UNPARALLELED SCALABILITY OF ITRON ENTERPRISE EDITION ON SQL SERVER
ADDENDUM TO: BENCHMARK TESTING RESULTS UNPARALLELED SCALABILITY OF ITRON ENTERPRISE EDITION ON SQL SERVER EMC Information Infrastructure provides the foundation Essentials Itron and Microsoft reached 37,500
More informationBullet Cache. Balancing speed and usability in a cache server. Ivan Voras
Bullet Cache Balancing speed and usability in a cache server Ivan Voras What is it? People know what memcached is... mostly Example use case: So you have a web page which is just dynamic
More informationTest Results for Mobile Device Acquisition Tool: Zdziarski s Method
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 Test Results for Mobile Device Acquisition Tool: Zdziarski s Method October 2010 37 38 38 October 2010
More informationFORENSICS CYBER-SECURITY
FORENSICS CYBER-SECURITY MEIC, METI 2016/2017 1 st Semester 1 st Exam January 10, 2017 Duration: 2h00 - Use a pen only; no extra material is allowed, such as calculator, scratch paper, etc. - Write your
More informationC13: Files and Directories: System s Perspective
CISC 7310X C13: Files and Directories: System s Perspective Hui Chen Department of Computer & Information Science CUNY Brooklyn College 4/19/2018 CUNY Brooklyn College 1 File Systems: Requirements Long
More informationOperating Systems. Lecture File system implementation. Master of Computer Science PUF - Hồ Chí Minh 2016/2017
Operating Systems Lecture 7.2 - File system implementation Adrien Krähenbühl Master of Computer Science PUF - Hồ Chí Minh 2016/2017 Design FAT or indexed allocation? UFS, FFS & Ext2 Journaling with Ext3
More informationVoltDB vs. Redis Benchmark
Volt vs. Redis Benchmark Motivation and Goals of this Evaluation Compare the performance of several distributed databases that can be used for state storage in some of our applications Low latency is expected
More informationFinFireWire / Release Notes. FINFISHER: FinFireWire 3.5 Release Notes
1 FINFISHER: FinFireWire 3.5 Release Notes 2 Copyright 2013 by Gamma Group International, UK Date 2014-01-17 Release information Version Date Author Remarks 1.0 2010-09-27 pk Initial version 2.0 2011-08-04
More information10 th National Investigations Symposium
10 th National Investigations Symposium AVOIDING FORENSIC PITFALLS First Responders Guide to Preserving Electronic Evidence 6 November 2014 Bronwyn Barker Electronic Evidence Specialist Investigation 5
More informationAutomatically Identifying Critical Input and Code Regions in Applications
Automatically Identifying Critical Input and Code Regions in Applications Michael Carbin and Martin Rinard Massachusetts Institute of Technology! Computer Science and Artificial Intelligence Laboratory
More informationApril Copyright 2013 Cloudera Inc. All rights reserved.
Hadoop Beyond Batch: Real-time Workloads, SQL-on- Hadoop, and the Virtual EDW Headline Goes Here Marcel Kornacker marcel@cloudera.com Speaker Name or Subhead Goes Here April 2014 Analytic Workloads on
More informationCoriolis: Scalable VM Clustering in Clouds
1 / 21 Coriolis: Scalable VM Clustering in Clouds Daniel Campello 1 Carlos Crespo 1 Akshat Verma 2 RajuRangaswami 1 Praveen Jayachandran 2 1 School of Computing and Information Sciences
More informationAltair OptiStruct 13.0 Performance Benchmark and Profiling. May 2015
Altair OptiStruct 13.0 Performance Benchmark and Profiling May 2015 Note The following research was performed under the HPC Advisory Council activities Participating vendors: Intel, Dell, Mellanox Compute
More informationColumn Stores vs. Row Stores How Different Are They Really?
Column Stores vs. Row Stores How Different Are They Really? Daniel J. Abadi (Yale) Samuel R. Madden (MIT) Nabil Hachem (AvantGarde) Presented By : Kanika Nagpal OUTLINE Introduction Motivation Background
More information