Know what happened.
Filesystem Activity as Evidence.
JCOOP (Journaled Continuity of Operations Program) records filesystem activity as tamper-evident journals that can be independently verified and replayed under explicit policy control.
The Problem
Most systems preserve state.
Few preserve history.
When something changes unexpectedly, the missing information is often the sequence of events that led to the current state.
Investigate
Determine what happened, when it happened, and what sequence of filesystem operations occurred.
Verify
Hash chains and segment seals make tampering evident and allow independent validation of recorded activity.
Understand
Replay recorded events to understand how a system reached its current state.
Recover
Apply explicit policies to include or exclude events during replay and reconstruction.
Selective Restore
Recreate history minus the events you don't want. Exclude deletes, recover from ransomware, or explore alternate outcomes.
Independent Journals
Journals can be stored separately from the protected filesystem and replicated to independent locations.
Who Is JCOOP For?
Security Teams
Investigate filesystem activity, incident timelines, and unexpected changes.
Auditors
Verify historical integrity without relying on the original recorder.
System Administrators
Understand how systems reached their current state.
Engineers
Replay activity under explicit policy control for testing and recovery.
Learn More
Explore the architecture, validation results, and known limits in the JCOOP whitepaper.
Download Whitepaper