Home >The Catalogue>Services> Cybersecurity Innovation Hub, Filesystem Metadata Analysis Platform
SERVICES

Cybersecurity Innovation Hub, Filesystem Metadata Analysis Platform

TYPE
Big Data Platforms (PaaS), Infrastructure Access
REGION
Czech Republic
LANGUAGE
Czech, English

FIMETIS (FIlesystem METadata analysIS) is a web application for the analysis of file system metadata. When introduced to the forensic investigation workflow, the tool helps cybersecurity experts quickly identify signs of the incident that the attacker left on storage media. Only file system metadata are used for the analysis to protect privacy and reduce the amount of data.

SERVICE DESCRIPTION

FIMETIS (FIlesystem METadata analysIS) is a web application for the analysis of file system metadata. When introduced to the forensic investigation workflow, the tool helps cybersecurity experts quickly identify signs of the incident that the attacker left on storage media.

Only file system metadata are used for the analysis to protect privacy and reduce the amount of data.

The FIMETIS tool was designed primarily to support the following analytical tasks and functions:

  • Exploration of the file system structure: The tool supports analysts in efficiently switching between different parts of the file system and narrowing the area of interest by offering filtering functions that would localize the data by various aspects and meanings encoded in the available file system metadata.
  • Exploration of temporal relationships: Disk snapshots have strong temporal characteristics -- each record provides the timestamp of the last manipulation, e.g., the creation, modification, or access. Therefore, the tool provides a scalable temporal view of the data with efficient filtering, zooming, and preserving time coherence.
  • Predefined clusters: Some combinations of file location and attributes can be considered unusual or deserving analyst’s attention. For example, publicly writable files or directories, hidden files outside of users’ homes, executables with administrator’s privileges, files masking their names (e.g., a binary file with a .txt extension or named with only white spaces). The tool provides multiple predefined views (called clusters) on EXT filesystem metadata to localize typical situations quickly. New clusters can be defined easily in GUI by combining location paths and attributes.
  • Discontinuous analysis: The analysts can upload and manage multiple disk snapshots (FS metadata). A command-line tool for creating the snapshots is available. As the investigation process can take a long time, fluent iterative data exploration is supported, including the possibility to interrupt analysis or switch between data sources and then return back smoothly. 
  • Intuitiveness: All operations are available online via web GUI. Two versions of the user interface are supported that can be switched at any time: basic and advanced dashboard. The latter provides broader functionality.

CASE EXAMPLES

Analysing filesystem impacted by security incident - identifying data created or modified by attacker.

LINKS

SERVICE OFFERED BY

MEMBER
CIH
TYPE
DIH
COUNTRY
Czech Republic

MORE INFORMATION ABOUT THIS SERVICE

Data Controller: INSTITUTO TECNOLÓGICO DE INFORMÁTICA (G96278734)
Purposes and legal basis: We will use your personal data to contact you back and answer your inquiries and provide you with information regarding our activity and in connection with our developments, research and services.
Data recipients: Your personal data will only be shared with the DIH your inquiry or information request may concern.
Rights: Regarding your personal data you have the right to access, rectify, erase, data portability, restrict processing , object, consent withdrawal and to file a complaint before the Supervisory Authority. More info
Exercise of rights: You can exercise the aforementioned rights by sending an e-mail to the e-mail address: dpo@iti.es or by sending a letter to the address Camino de Vera s/n, CPI Edif. 8, Acceso B, 46022 Valencia (Spain).