@inproceedings{78807cf8d0394f5faeffcfb30f0b4efc,
title = "Understanding anti-forensic techniques with timestamp manipulation",
abstract = "Numerous security incidents caused by malwares and hackers have recently utilized anti-forensic techniques to bypass analysis and detection. It is critical to build a knowledge base that would help understand such anti-forensic techniques. In this paper, we present a forensic analysis method to detect an anti-forensic technique which leverages timestamp manipulation in NTFS file system. Our approach analyzes how timestamp manipulation occurs in NTFS file system and also extracts some features to detect timestamp manipulation behaviors. We also evaluate our approach with several use cases and describe how our approach helps detect timestamp manipulation behaviors.",
keywords = "Anti-forensics, NTFS, Timestamp Manipulation",
author = "Jang, {Dae Il} and Gail-Joon Ahn and Hyunuk Hwang and Kibom Kim",
note = "Publisher Copyright: {\textcopyright} 2016 IEEE.; 17th IEEE International Conference on Information Reuse and Integration, IRI 2016 ; Conference date: 28-07-2016 Through 30-07-2016",
year = "2016",
doi = "10.1109/IRI.2016.94",
language = "English (US)",
series = "Proceedings - 2016 IEEE 17th International Conference on Information Reuse and Integration, IRI 2016",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
pages = "609--614",
booktitle = "Proceedings - 2016 IEEE 17th International Conference on Information Reuse and Integration, IRI 2016",
}