Obtaining file system view in block-level data storage systems

1. A computer implemented method for obtaining file-level information from block level information of files stored on a storage medium, the method comprising:

• intercepting block-level commands initiated by a host to access data blocks on a data storage medium connected to the host over a data communication network, wherein an inverse block-to-file map of files stored on the data storage medium is constructed to provide an association between a first data block in th data storage medium and a file name having a respective inode, wherein a file identified in a file directory by said file name and inode includes first data stored in the first data block;
  
  parsing the incoming block-level commands initiated by the host, independent of arrival order of the block-level commands, to determine transitions between valid and invalid states in at least one of a first state machine and a second state machine,wherein the first state machine tracks a first plurality of related incoming block-level commands to determine if a data block has been created or deleted, andwherein the second state machine tracks a second plurality of related incoming block-level commands to determine if an inode associated with a filename is to be registered to indicate the creation or deletion of a file directory;
  
  inferring file-level information from the parsed block level commands to detect unauthorized access to the data storage medium based on identifying modifications to data or metadata, stored on the data storage medium, that are expected to remain unchanged; and
  
  updating the inverse block-to-file map.