Mapping the File Systems Genome: rationales, technique, results and applications

This paper provides evidence of a feature of Hard-Disk Drives (HDDs), that we call File System Genome. Such a feature is originated by the areas where (on the HDD) the file blocks are placed by the operating system during the installation procedure. It appears from our study that the File System Genome is a distinctive and unique feature of each indi- vidual HDD. In particular, our extensive set of experiments shows that the installation of the same operating system on two identical hardware configurations generates two different File System Genomes. Further, the application of sound information theory tools, such as min entropy, show that the differences between two File System Genome are considerably relevant. The results provided in this paper constitute the scientific basis for a number of applications in various fields of information technology, such as forensic identification and security. Finally, this work also paves the way for the application of the highlighted technique to other classes of mass-storage devices (e.g. SSDs, Flash memories).