Self-securing storage turns storage devices into active parts of an intrusion survival strategy. From behind a thin storage interface (e.g., SCSI or CIFS), a self-securing storage sen,er can watch storage requests, keep a record of all storage activity, and prevent compromised clients from destroying stored data. This paper describes three ways selfsecuring storage enhances an administrator's ability to detect, diagnose, and recover from client system intrusions. First, storage-based intrusion detection offers a new obsen,ation point for noticing suspect activity. Second, post-hoc intrusion diagnosis starts with a plethora of normally-unavailable information. Finally, post-intrusion recovery is reduced to restarting the system with a pre-intrusion storage image retained by the sensor. Combined, these features can improve an organization's ability to survive successful digital intrusions.

The increase in incidence of criminal, illegal and inappropriate computer behaviour has resulted in organisations forming specialist teams to investigate these behaviours. Academia has also responded by endeavouring to research critical aspects and to support organisations mounting these types of investigations. As a result an infant discipline has developed in which researchers and practitioners consider how to prepare for such incidents, gather intelligence on criminal, illegal and inappropriate computer behaviour, and identify, preserve, collect, analyse and present digital evidence. As the discipline of Forensic Computing has developed, several authors from both practical and academic backgrounds have provided definitional suggestions to assist in framing the notion of Forensic Computing. This paper seeks to discuss definitional ambiguity in the discipline. Further it attempts to provide practical insight into how the practice of Forensic Computing has evolved and how this evolution has influenced both practitioners and academics involved in the discipline. The paper concludes by identifying the key concepts contained within the definitions presented and suggesting future influences on understanding what is meant by the term Forensic Computing. Keywords: Forensic Computing, Digital Evidence, e-crime

This thesis discusses the design and implementation of a distributed file service for the Dragon Slayer system. Dragon Slayer is a distributed and decentralized file system. Distributed and decentralized systems o#er the potential for a degree of concurrency, modularity and reliability higher than that which can be achieved in a centralized system.