The FCluster architectureFCluster i

The FCluster architecture
FCluster is a peer-to-peer middleware for a network of heterogeneous host computers. The prototype is built on Ubuntu Linux with future development planned for Windows and MacOS. Most of the code is either in C or Bash scripts. It uses MySQL, libcurl, ftp servers and ntfs-3g. FCluster SIPs FCluster includes a design for an SIP with a simple structurewhich only works with NTFS file-systems. This was done for the sake of simplicity when developing the prototype. An FCluster SIP comprises of 2 parts (Fig. 2). An extensive header section contains XML delimited meta-data about the file’s place on the original evidence media. This includes data from the file’s entry in the NTFS $MFT and also a list of cluster numbers the file originally occupied on the source file-system together with an SHA1 for each of the clusters. The data section holds the file data which is encrypted using AES-256, with the key sent from FCluster, and then UUencoded to reduce problems in portability. The SIPs themselves are named in a regular manner, [VolumeID]-[SHA1].meta. When the SIP is finally unpacked,decoded and decrypted on the FCluster the resulting filemust have the same SHA1 as its filename suggests and is included within the header section of the SIP. To achieve this it must have been generated on the imaging device authorised by the key created by the FCluster when it authorizes imaging (see section 14.1) or itwill not decryptwhen it is ingested into the FCluster file system. These form two assurances, one of a property of the file, the name and the ‘double entry’ of the success of the encryption/decryption key.