Poster: Data Recovery from Ransomware Attacks via File System Forensics and Flash Translation Layer Data Extraction

3Citations
Citations of this article
5Readers
Mendeley users who have this article in their library.
Get full text

Abstract

Ransomware is increasingly prevalent in recent years. To defend against ransomware in computing devices using flash memory as external storage, existing designs extract the entire raw flash memory data to restore the external storage to a good state. However, they cannot allow a fine-grained recovery in terms of user files as raw flash memory data do not have the semantics of "files''. In this work, we design FFRecovery, a new ransomware defense strategy that can support fine-grained data recovery after the attacks. Our key idea is, to recover a file corrupted by the ransomware, we can 1) restore its file system metadata via file system forensics, and 2) extract its file data via raw data extraction from the flash translation layer, and 3) assemble the corresponding file system metadata and the file data. A simple prototype of FFRecovery has been developed and some preliminary results are provided.

Cite

CITATION STYLE

APA

Chen, N., Dafoe, J., & Chen, B. (2022). Poster: Data Recovery from Ransomware Attacks via File System Forensics and Flash Translation Layer Data Extraction. In Proceedings of the ACM Conference on Computer and Communications Security (pp. 3335–3337). Association for Computing Machinery. https://doi.org/10.1145/3548606.3563538

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free