Understanding anti-forensic techniques with timestamp manipulation

Dae Il Jang; Gail-Joon Ahn; Hyunuk Hwang; Kibom Kim

doi:10.1109/IRI.2016.94

Understanding anti-forensic techniques with timestamp manipulation

Dae Il Jang, Gail-Joon Ahn, Hyunuk Hwang, Kibom Kim

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

6 Scopus citations

Abstract

Numerous security incidents caused by malwares and hackers have recently utilized anti-forensic techniques to bypass analysis and detection. It is critical to build a knowledge base that would help understand such anti-forensic techniques. In this paper, we present a forensic analysis method to detect an anti-forensic technique which leverages timestamp manipulation in NTFS file system. Our approach analyzes how timestamp manipulation occurs in NTFS file system and also extracts some features to detect timestamp manipulation behaviors. We also evaluate our approach with several use cases and describe how our approach helps detect timestamp manipulation behaviors.

Original language	English (US)
Title of host publication	Proceedings - 2016 IEEE 17th International Conference on Information Reuse and Integration, IRI 2016
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	609-614
Number of pages	6
ISBN (Electronic)	9781509032075
DOIs	https://doi.org/10.1109/IRI.2016.94
State	Published - 2016
Event	17th IEEE International Conference on Information Reuse and Integration, IRI 2016 - Pittsburgh, United States Duration: Jul 28 2016 → Jul 30 2016

Publication series

Name	Proceedings - 2016 IEEE 17th International Conference on Information Reuse and Integration, IRI 2016

Other

Other	17th IEEE International Conference on Information Reuse and Integration, IRI 2016
Country/Territory	United States
City	Pittsburgh
Period	7/28/16 → 7/30/16

Keywords

Anti-forensics
NTFS
Timestamp Manipulation

ASJC Scopus subject areas

Information Systems
Information Systems and Management

Access to Document

10.1109/IRI.2016.94

Cite this

Jang, D. I., Ahn, G-J., Hwang, H., & Kim, K. (2016). Understanding anti-forensic techniques with timestamp manipulation. In Proceedings - 2016 IEEE 17th International Conference on Information Reuse and Integration, IRI 2016 (pp. 609-614). (Proceedings - 2016 IEEE 17th International Conference on Information Reuse and Integration, IRI 2016). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/IRI.2016.94

Understanding anti-forensic techniques with timestamp manipulation. / Jang, Dae Il; Ahn, Gail-Joon; Hwang, Hyunuk et al.

Proceedings - 2016 IEEE 17th International Conference on Information Reuse and Integration, IRI 2016. Institute of Electrical and Electronics Engineers Inc., 2016. p. 609-614 (Proceedings - 2016 IEEE 17th International Conference on Information Reuse and Integration, IRI 2016).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Jang, DI, Ahn, G-J, Hwang, H & Kim, K 2016, Understanding anti-forensic techniques with timestamp manipulation. in Proceedings - 2016 IEEE 17th International Conference on Information Reuse and Integration, IRI 2016. Proceedings - 2016 IEEE 17th International Conference on Information Reuse and Integration, IRI 2016, Institute of Electrical and Electronics Engineers Inc., pp. 609-614, 17th IEEE International Conference on Information Reuse and Integration, IRI 2016, Pittsburgh, United States, 7/28/16. https://doi.org/10.1109/IRI.2016.94

Jang DI, Ahn G-J, Hwang H, Kim K. Understanding anti-forensic techniques with timestamp manipulation. In Proceedings - 2016 IEEE 17th International Conference on Information Reuse and Integration, IRI 2016. Institute of Electrical and Electronics Engineers Inc. 2016. p. 609-614. (Proceedings - 2016 IEEE 17th International Conference on Information Reuse and Integration, IRI 2016). https://doi.org/10.1109/IRI.2016.94

Jang, Dae Il ; Ahn, Gail-Joon ; Hwang, Hyunuk et al. / Understanding anti-forensic techniques with timestamp manipulation. Proceedings - 2016 IEEE 17th International Conference on Information Reuse and Integration, IRI 2016. Institute of Electrical and Electronics Engineers Inc., 2016. pp. 609-614 (Proceedings - 2016 IEEE 17th International Conference on Information Reuse and Integration, IRI 2016).

@inproceedings{78807cf8d0394f5faeffcfb30f0b4efc,

title = "Understanding anti-forensic techniques with timestamp manipulation",

abstract = "Numerous security incidents caused by malwares and hackers have recently utilized anti-forensic techniques to bypass analysis and detection. It is critical to build a knowledge base that would help understand such anti-forensic techniques. In this paper, we present a forensic analysis method to detect an anti-forensic technique which leverages timestamp manipulation in NTFS file system. Our approach analyzes how timestamp manipulation occurs in NTFS file system and also extracts some features to detect timestamp manipulation behaviors. We also evaluate our approach with several use cases and describe how our approach helps detect timestamp manipulation behaviors.",

keywords = "Anti-forensics, NTFS, Timestamp Manipulation",

author = "Jang, {Dae Il} and Gail-Joon Ahn and Hyunuk Hwang and Kibom Kim",

note = "Publisher Copyright: {\textcopyright} 2016 IEEE.; 17th IEEE International Conference on Information Reuse and Integration, IRI 2016 ; Conference date: 28-07-2016 Through 30-07-2016",

year = "2016",

doi = "10.1109/IRI.2016.94",

language = "English (US)",

series = "Proceedings - 2016 IEEE 17th International Conference on Information Reuse and Integration, IRI 2016",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "609--614",

booktitle = "Proceedings - 2016 IEEE 17th International Conference on Information Reuse and Integration, IRI 2016",

}

TY - GEN

T1 - Understanding anti-forensic techniques with timestamp manipulation

AU - Jang, Dae Il

AU - Ahn, Gail-Joon

AU - Hwang, Hyunuk

AU - Kim, Kibom

PY - 2016

Y1 - 2016

N2 - Numerous security incidents caused by malwares and hackers have recently utilized anti-forensic techniques to bypass analysis and detection. It is critical to build a knowledge base that would help understand such anti-forensic techniques. In this paper, we present a forensic analysis method to detect an anti-forensic technique which leverages timestamp manipulation in NTFS file system. Our approach analyzes how timestamp manipulation occurs in NTFS file system and also extracts some features to detect timestamp manipulation behaviors. We also evaluate our approach with several use cases and describe how our approach helps detect timestamp manipulation behaviors.

AB - Numerous security incidents caused by malwares and hackers have recently utilized anti-forensic techniques to bypass analysis and detection. It is critical to build a knowledge base that would help understand such anti-forensic techniques. In this paper, we present a forensic analysis method to detect an anti-forensic technique which leverages timestamp manipulation in NTFS file system. Our approach analyzes how timestamp manipulation occurs in NTFS file system and also extracts some features to detect timestamp manipulation behaviors. We also evaluate our approach with several use cases and describe how our approach helps detect timestamp manipulation behaviors.

KW - Anti-forensics

KW - NTFS

KW - Timestamp Manipulation

UR - http://www.scopus.com/inward/record.url?scp=84991231110&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84991231110&partnerID=8YFLogxK

U2 - 10.1109/IRI.2016.94

DO - 10.1109/IRI.2016.94

M3 - Conference contribution

AN - SCOPUS:84991231110

T3 - Proceedings - 2016 IEEE 17th International Conference on Information Reuse and Integration, IRI 2016

SP - 609

EP - 614

BT - Proceedings - 2016 IEEE 17th International Conference on Information Reuse and Integration, IRI 2016

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 17th IEEE International Conference on Information Reuse and Integration, IRI 2016

Y2 - 28 July 2016 through 30 July 2016

ER -

Understanding anti-forensic techniques with timestamp manipulation

Abstract

Publication series

Other

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this