Abstract

Numerous security incidents caused by malwares and hackers have recently utilized anti-forensic techniques to bypass analysis and detection. It is critical to build a knowledge base that would help understand such anti-forensic techniques. In this paper, we present a forensic analysis method to detect an anti-forensic technique which leverages timestamp manipulation in NTFS file system. Our approach analyzes how timestamp manipulation occurs in NTFS file system and also extracts some features to detect timestamp manipulation behaviors. We also evaluate our approach with several use cases and describe how our approach helps detect timestamp manipulation behaviors.

Original languageEnglish (US)
Title of host publicationProceedings - 2016 IEEE 17th International Conference on Information Reuse and Integration, IRI 2016
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages609-614
Number of pages6
ISBN (Electronic)9781509032075
DOIs
StatePublished - 2016
Event17th IEEE International Conference on Information Reuse and Integration, IRI 2016 - Pittsburgh, United States
Duration: Jul 28 2016Jul 30 2016

Other

Other17th IEEE International Conference on Information Reuse and Integration, IRI 2016
CountryUnited States
CityPittsburgh
Period7/28/167/30/16

Fingerprint

Manipulation
Malware
Incidents
Knowledge base
Leverage

Keywords

  • Anti-forensics
  • NTFS
  • Timestamp Manipulation

ASJC Scopus subject areas

  • Information Systems
  • Information Systems and Management

Cite this

Jang, D. I., Ahn, G-J., Hwang, H., & Kim, K. (2016). Understanding anti-forensic techniques with timestamp manipulation. In Proceedings - 2016 IEEE 17th International Conference on Information Reuse and Integration, IRI 2016 (pp. 609-614). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/IRI.2016.94

Understanding anti-forensic techniques with timestamp manipulation. / Jang, Dae Il; Ahn, Gail-Joon; Hwang, Hyunuk; Kim, Kibom.

Proceedings - 2016 IEEE 17th International Conference on Information Reuse and Integration, IRI 2016. Institute of Electrical and Electronics Engineers Inc., 2016. p. 609-614.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Jang, DI, Ahn, G-J, Hwang, H & Kim, K 2016, Understanding anti-forensic techniques with timestamp manipulation. in Proceedings - 2016 IEEE 17th International Conference on Information Reuse and Integration, IRI 2016. Institute of Electrical and Electronics Engineers Inc., pp. 609-614, 17th IEEE International Conference on Information Reuse and Integration, IRI 2016, Pittsburgh, United States, 7/28/16. https://doi.org/10.1109/IRI.2016.94
Jang DI, Ahn G-J, Hwang H, Kim K. Understanding anti-forensic techniques with timestamp manipulation. In Proceedings - 2016 IEEE 17th International Conference on Information Reuse and Integration, IRI 2016. Institute of Electrical and Electronics Engineers Inc. 2016. p. 609-614 https://doi.org/10.1109/IRI.2016.94
Jang, Dae Il ; Ahn, Gail-Joon ; Hwang, Hyunuk ; Kim, Kibom. / Understanding anti-forensic techniques with timestamp manipulation. Proceedings - 2016 IEEE 17th International Conference on Information Reuse and Integration, IRI 2016. Institute of Electrical and Electronics Engineers Inc., 2016. pp. 609-614
@inproceedings{78807cf8d0394f5faeffcfb30f0b4efc,
title = "Understanding anti-forensic techniques with timestamp manipulation",
abstract = "Numerous security incidents caused by malwares and hackers have recently utilized anti-forensic techniques to bypass analysis and detection. It is critical to build a knowledge base that would help understand such anti-forensic techniques. In this paper, we present a forensic analysis method to detect an anti-forensic technique which leverages timestamp manipulation in NTFS file system. Our approach analyzes how timestamp manipulation occurs in NTFS file system and also extracts some features to detect timestamp manipulation behaviors. We also evaluate our approach with several use cases and describe how our approach helps detect timestamp manipulation behaviors.",
keywords = "Anti-forensics, NTFS, Timestamp Manipulation",
author = "Jang, {Dae Il} and Gail-Joon Ahn and Hyunuk Hwang and Kibom Kim",
year = "2016",
doi = "10.1109/IRI.2016.94",
language = "English (US)",
pages = "609--614",
booktitle = "Proceedings - 2016 IEEE 17th International Conference on Information Reuse and Integration, IRI 2016",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
address = "United States",

}

TY - GEN

T1 - Understanding anti-forensic techniques with timestamp manipulation

AU - Jang, Dae Il

AU - Ahn, Gail-Joon

AU - Hwang, Hyunuk

AU - Kim, Kibom

PY - 2016

Y1 - 2016

N2 - Numerous security incidents caused by malwares and hackers have recently utilized anti-forensic techniques to bypass analysis and detection. It is critical to build a knowledge base that would help understand such anti-forensic techniques. In this paper, we present a forensic analysis method to detect an anti-forensic technique which leverages timestamp manipulation in NTFS file system. Our approach analyzes how timestamp manipulation occurs in NTFS file system and also extracts some features to detect timestamp manipulation behaviors. We also evaluate our approach with several use cases and describe how our approach helps detect timestamp manipulation behaviors.

AB - Numerous security incidents caused by malwares and hackers have recently utilized anti-forensic techniques to bypass analysis and detection. It is critical to build a knowledge base that would help understand such anti-forensic techniques. In this paper, we present a forensic analysis method to detect an anti-forensic technique which leverages timestamp manipulation in NTFS file system. Our approach analyzes how timestamp manipulation occurs in NTFS file system and also extracts some features to detect timestamp manipulation behaviors. We also evaluate our approach with several use cases and describe how our approach helps detect timestamp manipulation behaviors.

KW - Anti-forensics

KW - NTFS

KW - Timestamp Manipulation

UR - http://www.scopus.com/inward/record.url?scp=84991231110&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84991231110&partnerID=8YFLogxK

U2 - 10.1109/IRI.2016.94

DO - 10.1109/IRI.2016.94

M3 - Conference contribution

SP - 609

EP - 614

BT - Proceedings - 2016 IEEE 17th International Conference on Information Reuse and Integration, IRI 2016

PB - Institute of Electrical and Electronics Engineers Inc.

ER -