Abstract

Numerous security incidents caused by malwares and hackers have recently utilized anti-forensic techniques to bypass analysis and detection. It is critical to build a knowledge base that would help understand such anti-forensic techniques. In this paper, we present a forensic analysis method to detect an anti-forensic technique which leverages timestamp manipulation in NTFS file system. Our approach analyzes how timestamp manipulation occurs in NTFS file system and also extracts some features to detect timestamp manipulation behaviors. We also evaluate our approach with several use cases and describe how our approach helps detect timestamp manipulation behaviors.

Original languageEnglish (US)
Title of host publicationProceedings - 2016 IEEE 17th International Conference on Information Reuse and Integration, IRI 2016
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages609-614
Number of pages6
ISBN (Electronic)9781509032075
DOIs
StatePublished - 2016
Event17th IEEE International Conference on Information Reuse and Integration, IRI 2016 - Pittsburgh, United States
Duration: Jul 28 2016Jul 30 2016

Other

Other17th IEEE International Conference on Information Reuse and Integration, IRI 2016
CountryUnited States
CityPittsburgh
Period7/28/167/30/16

    Fingerprint

Keywords

  • Anti-forensics
  • NTFS
  • Timestamp Manipulation

ASJC Scopus subject areas

  • Information Systems
  • Information Systems and Management

Cite this

Jang, D. I., Ahn, G-J., Hwang, H., & Kim, K. (2016). Understanding anti-forensic techniques with timestamp manipulation. In Proceedings - 2016 IEEE 17th International Conference on Information Reuse and Integration, IRI 2016 (pp. 609-614). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/IRI.2016.94