KJCKorea
Journal Central

@article{ART002504188},
author={Cho Gyu Sang},
title={A Digital Forensic Analysis of Timestamp Change Tools for Windows NTFS},
journal={Journal of The Korea Society of Computer and Information},
issn={1598-849X},
year={2019},
volume={24},
number={9},
pages={51-58},
doi={10.9708/jksci.2019.24.09.051}

TY - JOUR
AU - Cho Gyu Sang
TI - A Digital Forensic Analysis of Timestamp Change Tools for Windows NTFS
JO - Journal of The Korea Society of Computer and Information
PY - 2019
VL - 24
IS - 9
PB - The Korean Society Of Computer And Information
SP - 51
EP - 58
SN - 1598-849X
AB - Temporal analysis is very useful and important for digital forensics for reconstructing the timeline of digital events. Forgery of a file's timestamp can lead to inconsistencies in the overall temporal relationship, making it difficult to analyze the timeline in reconstructing actions or events and the results of the analysis might not be reliable. The purpose of the timestamp change is to hide the data in a steganographic way, and the other purpose is for anti-forensics. In both cases, the time stamp change tools are requested to use. In this paper, we propose a classification method based on the behavior of the timestamp change tools. The timestamp change tools are categorized three types according to patterns of the changed timestamps after using the tools. By analyzing the changed timestamps, it can be decided what kind of tool is used. And we show that the three types of the patterns are closely related to API functions which are used to develop the tools.
KW - $STANADARD_INFORMATION Attribute;$FILE_NAME Attribute;Timestamp Change Tool;NTFS Filesystem
DO - 10.9708/jksci.2019.24.09.051
ER -

Cho Gyu Sang. (2019). A Digital Forensic Analysis of Timestamp Change Tools for Windows NTFS. Journal of The Korea Society of Computer and Information, 24(9), 51-58.

Cho Gyu Sang. 2019, "A Digital Forensic Analysis of Timestamp Change Tools for Windows NTFS", Journal of The Korea Society of Computer and Information, vol.24, no.9 pp.51-58. Available from: doi:10.9708/jksci.2019.24.09.051

Cho Gyu Sang "A Digital Forensic Analysis of Timestamp Change Tools for Windows NTFS" Journal of The Korea Society of Computer and Information 24.9 pp.51-58 (2019) : 51.

Cho Gyu Sang. A Digital Forensic Analysis of Timestamp Change Tools for Windows NTFS. 2019; 24(9), 51-58. Available from: doi:10.9708/jksci.2019.24.09.051

Cho Gyu Sang. "A Digital Forensic Analysis of Timestamp Change Tools for Windows NTFS" Journal of The Korea Society of Computer and Information 24, no.9 (2019) : 51-58.doi: 10.9708/jksci.2019.24.09.051

Cho Gyu Sang. A Digital Forensic Analysis of Timestamp Change Tools for Windows NTFS. Journal of The Korea Society of Computer and Information, 24(9), 51-58. doi: 10.9708/jksci.2019.24.09.051

Cho Gyu Sang. A Digital Forensic Analysis of Timestamp Change Tools for Windows NTFS. Journal of The Korea Society of Computer and Information. 2019; 24(9) 51-58. doi: 10.9708/jksci.2019.24.09.051

Cho Gyu Sang. A Digital Forensic Analysis of Timestamp Change Tools for Windows NTFS. 2019; 24(9), 51-58. Available from: doi:10.9708/jksci.2019.24.09.051

Cho Gyu Sang. "A Digital Forensic Analysis of Timestamp Change Tools for Windows NTFS" Journal of The Korea Society of Computer and Information 24, no.9 (2019) : 51-58.doi: 10.9708/jksci.2019.24.09.051