Abstract
Numerous security incidents caused by malwares and hackers have recently utilized anti-forensic techniques to bypass analysis and detection. It is critical to build a knowledge base that would help understand such anti-forensic techniques. In this paper, we present a forensic analysis method to detect an anti-forensic technique which leverages timestamp manipulation in NTFS file system. Our approach analyzes how timestamp manipulation occurs in NTFS file system and also extracts some features to detect timestamp manipulation behaviors. We also evaluate our approach with several use cases and describe how our approach helps detect timestamp manipulation behaviors.
| Original language | English (US) |
|---|---|
| Title of host publication | Proceedings - 2016 IEEE 17th International Conference on Information Reuse and Integration, IRI 2016 |
| Publisher | Institute of Electrical and Electronics Engineers Inc. |
| Pages | 609-614 |
| Number of pages | 6 |
| ISBN (Electronic) | 9781509032075 |
| DOIs | |
| State | Published - 2016 |
| Event | 17th IEEE International Conference on Information Reuse and Integration, IRI 2016 - Pittsburgh, United States Duration: Jul 28 2016 → Jul 30 2016 |
Other
| Other | 17th IEEE International Conference on Information Reuse and Integration, IRI 2016 |
|---|---|
| Country/Territory | United States |
| City | Pittsburgh |
| Period | 7/28/16 → 7/30/16 |
Keywords
- Anti-forensics
- NTFS
- Timestamp Manipulation
ASJC Scopus subject areas
- Information Systems
- Information Systems and Management