Timestamp Patterns in Windows Forensics

被引:0
|
作者
Luh, Robert [1 ,2 ]
Galhuber, Michael [2 ]
机构
[1] Univ Vienna, Vienna, Austria
[2] St Polten Univ Appl Sci, St Polten, Austria
来源
ERCIM NEWS | 2022年 / 129期
关键词
D O I
暂无
中图分类号
TP39 [计算机的应用];
学科分类号
081203 ; 0835 ;
摘要
Timestamps are among the most expressive artefacts in a digital forensic investigation. Our research shows that the distinct patterns caused by the interaction with individual files can yield more insight than previously documented and enables application fingerprinting within a Windows environment through timestamps alone. Furthermore, we classify timestamp forgery tools and present a means to detect their use.
引用
下载
收藏
页码:27 / 28
页数:2
相关论文
共 50 条
  • [1] Following the breadcrumbs: Timestamp pattern identification for cloud forensics
    Ho, Shuyuan Mary
    Kao, Dayu
    Wu, Wen-Ying
    DIGITAL INVESTIGATION, 2018, 24 : 79 - 94
  • [2] Windows memory forensics
    Ruff, Nicolas
    JOURNAL IN COMPUTER VIROLOGY AND HACKING TECHNIQUES, 2008, 4 (02): : 83 - 100
  • [3] Windows Mobile advanced forensics
    Klaver, C.
    DIGITAL INVESTIGATION, 2010, 6 (3-4) : 147 - 167
  • [4] Introduction to Windows Mobile Forensics
    Casey, Eoghan
    Bann, Michael
    Doyle, John
    DIGITAL INVESTIGATION, 2010, 6 (3-4) : 136 - 146
  • [5] Windows Mobile LiveSD Forensics
    Canlar, Eyup S.
    Conti, Mauro
    Crispo, Bruno
    Di Pietro, Roberto
    JOURNAL OF NETWORK AND COMPUTER APPLICATIONS, 2013, 36 (02) : 677 - 684
  • [6] Towards interactive event log forensics: Detecting and quantifying timestamp imperfections
    Fischer, D. A.
    Goel, K.
    Andrews, R.
    van Dun, C. G. J.
    Wynn, M. T.
    Roeglinger, M.
    INFORMATION SYSTEMS, 2022, 109
  • [7] Towards interactive event log forensics: Detecting and quantifying timestamp imperfections
    Fischer, D.A.
    Goel, K.
    Andrews, R.
    van Dun, C.G.J.
    Wynn, M.T.
    Röglinger, M.
    Information Systems, 2022, 109
  • [8] Artifacts for Detecting Timestamp Manipulation in NTFS on Windows and Their Reliability
    Palmbach, David
    Breitinger, Frank
    FORENSIC SCIENCE INTERNATIONAL-DIGITAL INVESTIGATION, 2020, 32 (0S):
  • [9] Automated Windows event log forensics
    Murphey, Rich
    DIGITAL INVESTIGATION, 2007, 4 (92-100) : S92 - S100
  • [10] Line messenger forensics on Windows 10
    Chang, Ming Sang
    Chang, Chih Yen
    Journal of Computers (Taiwan), 2019, 30 (01): : 114 - 125
12345