Digital Forensics Research For Distributed Filesystem

In recent years,with the rapid growth of data volume,technologies such as cloud computing and big data have emerged,and more and more people are inclined to use cloud services to process data.Distributed file systems,as the underlying infrastructure for cloud computing,big data,and other modern systems,provide an effective way to store large volumes of diverse data.However,services such as cloud storage may also be used by some lawless elements,such as cloud services to store,process and hide crime and illegal materials.Although cloud service providers have been working hard to prevent their services from being exploited,they have had little success.Therefore,how to extract complete and reliable evidence from distributed filesystems to prove access behavior is an urgent problem to be solved.As a valid way to extract evidence,digital forensics is indispensable in handling cloud service cases.However,nowadays,both in academia and industry,the research on digital forensics of cloud services is mostly concentrated in the Software-as-a-Service(SaaS)layer of cloud computing,but that in its Infrastructure-as-a-Service(IaaS)layer,such as distributed file system level is less.Based on this problem,this thesis takes the open source distributed file system MooseFS as a research case and proposes digital forensics research for distributed file system.The main research contents of this paper are as follows:1.The system architecture of MooseFS is analyzed,and the security mechanism of MooseFS is analyzed in detail.Therefore,the key technology for digital forensics of distributed file system is proposed.2.The forensic system of MooseFS is designed.This paper proposes a forensic model suitable for distributed file system based on the widely used cloud forensics framework.The overall architecture of the forensic system and the forensic architecture are proposed and the functional modules are described.3.The Aho–Corasick multi-pattern matching algorithm is studied.In this paper,the chunk stored on all Chunk servers in the system are integrated into a text file,and the text file is used as a pattern matching object,and the filename of every chunk is used as pattern string.The pattern string collection uses the algorithm named Aho–Corasick to extract the Chunk Servers associated with the target chunk from the text file,thereby realizing the location of the Chunk Servers where the target file is located.4.The method of evidence extraction in MooseFS system is studied.The key files of the Master Server and the Chunk Servers are studied in depth,and the submodule flow for forensics of each component of MooseFS system is designed.Further,by analyzing the relationship between the Master Server and the Chunk Servers,the overall process of forensicizing the MooseFS system is designed.The simulation experiment of extracting evidence information from MooseFS was designed in combination with the process,and the specific method of extracting key chunk from MooseFS was demonstrated in clear steps.5.The security analysis and verification method of forensic data files is studied.The legality and integrity of the collected chunks are verified by digital signature and hash algorithm respectively.The simulation results are used to verify whether the extracted files meet the legality and integrity.Whether the sexual requirements can be used as evidence documents finally shows that the digital forensics based on distributed file system developed in this paper meets the requirements of security forensics design.