Detection Method of the Remaining Files Based on Logs Regarding Changed Directory and Hash Values

DOI Web Site Web Site BIBCODE 19 References
  • Ishizawa Chikako
    Graduate School of Engineering and Resource Science, Akita University
  • Andoh Yuu
    Graduate School of Engineering and Resource Science, Akita University
  • Nishida Makoto
    Graduate School of Engineering and Resource Science, Akita University

Bibliographic Information

Other Title
  • ディレクトリの変更履歴およびハッシュ値に基づいた残留ファイルの検出手法
  • ディレクトリ ノ ヘンコウ リレキ オヨビ ハッシュチ ニ モトズイタ ザンリュウ ファイル ノ ケンシュツ シュホウ

Search this article

Abstract

There are a lot of information leakages because the files are copied from the removable storage medium and are left in the storage unit of personal computer without deleting. In order to prevent human mistakes, this paper proposes a method for detecting the remaining files copied from the removable storage medium. The proposed method records logs regarding changed information registering in a directory that is management list of files in storage unit and the hash values of file contents. The remaining files are detected when the removable storage medium removes from the personal computer, and they are displayed on the monitor. The detection processing works in five steps. First, copy operation toward file is detected by tracing the sequence of logs. Secondly, files copied from the removable storage medium are distinguished based on hash values. Thirdly, file operation and folder operation to copied files are distinguished. Fourthly, the deletion operation against the copied file is detected by using file name and path matching. Finally, file name and path using for tracing are changed according to folder operation. In case of the deletion operation is not found, it is judged that copied files are remaining. Our experimental result suggests that the proposed method can accurately detect remaining files left on the storage unit.

Journal

References(19)*help

See more

Keywords

Details 詳細情報について

Report a problem

Back to top