Abstract
Numerous security incidents caused by malwares and hackers have recently utilized anti-forensic techniques to bypass analysis and detection. It is critical to build a knowledge base that would help understand such anti-forensic techniques. In this paper, we present a forensic analysis method to detect an anti-forensic technique which leverages timestamp manipulation in NTFS file system. Our approach analyzes how timestamp manipulation occurs in NTFS file system and also extracts some features to detect timestamp manipulation behaviors. We also evaluate our approach with several use cases and describe how our approach helps detect timestamp manipulation behaviors.
| Original language | English (US) |
|---|---|
| Title of host publication | Proceedings - 2016 IEEE 17th International Conference on Information Reuse and Integration, IRI 2016 |
| Publisher | Institute of Electrical and Electronics Engineers Inc. |
| Pages | 609-614 |
| Number of pages | 6 |
| ISBN (Electronic) | 9781509032075 |
| DOIs | |
| State | Published - 2016 |
| Event | 17th IEEE International Conference on Information Reuse and Integration, IRI 2016 - Pittsburgh, United States Duration: Jul 28 2016 → Jul 30 2016 |
Other
| Other | 17th IEEE International Conference on Information Reuse and Integration, IRI 2016 |
|---|---|
| Country | United States |
| City | Pittsburgh |
| Period | 7/28/16 → 7/30/16 |
Fingerprint
Keywords
- Anti-forensics
- NTFS
- Timestamp Manipulation
ASJC Scopus subject areas
- Information Systems
- Information Systems and Management
Cite this
Understanding anti-forensic techniques with timestamp manipulation. / Jang, Dae Il; Ahn, Gail-Joon; Hwang, Hyunuk; Kim, Kibom.
Proceedings - 2016 IEEE 17th International Conference on Information Reuse and Integration, IRI 2016. Institute of Electrical and Electronics Engineers Inc., 2016. p. 609-614.Research output: Chapter in Book/Report/Conference proceeding › Conference contribution
}
TY - GEN
T1 - Understanding anti-forensic techniques with timestamp manipulation
AU - Jang, Dae Il
AU - Ahn, Gail-Joon
AU - Hwang, Hyunuk
AU - Kim, Kibom
PY - 2016
Y1 - 2016
N2 - Numerous security incidents caused by malwares and hackers have recently utilized anti-forensic techniques to bypass analysis and detection. It is critical to build a knowledge base that would help understand such anti-forensic techniques. In this paper, we present a forensic analysis method to detect an anti-forensic technique which leverages timestamp manipulation in NTFS file system. Our approach analyzes how timestamp manipulation occurs in NTFS file system and also extracts some features to detect timestamp manipulation behaviors. We also evaluate our approach with several use cases and describe how our approach helps detect timestamp manipulation behaviors.
AB - Numerous security incidents caused by malwares and hackers have recently utilized anti-forensic techniques to bypass analysis and detection. It is critical to build a knowledge base that would help understand such anti-forensic techniques. In this paper, we present a forensic analysis method to detect an anti-forensic technique which leverages timestamp manipulation in NTFS file system. Our approach analyzes how timestamp manipulation occurs in NTFS file system and also extracts some features to detect timestamp manipulation behaviors. We also evaluate our approach with several use cases and describe how our approach helps detect timestamp manipulation behaviors.
KW - Anti-forensics
KW - NTFS
KW - Timestamp Manipulation
UR - http://www.scopus.com/inward/record.url?scp=84991231110&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84991231110&partnerID=8YFLogxK
U2 - 10.1109/IRI.2016.94
DO - 10.1109/IRI.2016.94
M3 - Conference contribution
SP - 609
EP - 614
BT - Proceedings - 2016 IEEE 17th International Conference on Information Reuse and Integration, IRI 2016
PB - Institute of Electrical and Electronics Engineers Inc.
ER -