The MattockFS Computer Forensics File-System: Index to previous posts.steemCreated with Sketch.

in #forensics7 years ago

MattockFS: Priv-sep and page-cache-efficient forensic-data archive & message bus.

In the last few months, I've posted a number of blog posts on the MattockFS Computer Forensics File-System.

It is a bit difficult to describe in short what MattockFS actually is. While it was designed primarily for use by asynchronous computer forensic frameworks, it should be useful for any type of data-intensive asynchronous processing architecture that requires auditable robustness and privilege separation. MattockFS combines a write-once data archive with a capability-based API to a local message bus. Implemented as a file-system with support for the two features that are computer Forensics specific: Zero Storage Carving and Opportunistic-Hashing.

Think of MattockFS as a High-Integrity Data-Intensive but Low-Confidentiality privilege separated message bus solution with support for a few Computer-Forensics features that make it especially yet not exclusively suitable for use in asynchronous computer forensics frameworks.

Given the long time between the first and the last post, my posts might be difficult to navigate. So here is a little index to the posts from this series.

This series of post is based on the MattockFS workshop that I gave at the Digital Forensics Research Workshop in Überlingen Germany earlier this year.

If you are interested in using and or contributing to MattockFS, please check out the relevant github projects:

Oh, and don't be afraid to contact me about anything described here, please contact me with a privmsg to @RumpelstilkinFS on Twitter.

Coin Marketplace

STEEM 0.21
TRX 0.25
JST 0.038
BTC 96498.09
ETH 3358.85
USDT 1.00
SBD 3.08