DocumentCode :
175306
Title :
An Intuitive Computer Forensic Method by Timestamp Changing Patterns
Author :
Gyu-Sang Cho
Author_Institution :
Dept. of Comput. Inf., Dongyang Univ., Yeongju, South Korea
fYear :
2014
fDate :
2-4 July 2014
Firstpage :
542
Lastpage :
548
Abstract :
This proposes an intuitive computer forensic method by timestamp changing patterns of operations on file in Windows NTFS file system. It categorized by seven file operations and has ten distinguishable patterns by their timestamp changes. The distinct timestamp changing patterns make decision on identifying what kind of file operation is performed. Some patterns are easily identified by their distinct timestamp feature intuitively, and some patterns are needed past timestamp to identify the file operation clearly, and some patterns have ambiguity with similar timestamp patterns. With some performed cases, the forensic method is tested and presented for its usage.
Keywords :
digital forensics; file organisation; operating systems (computers); Windows NTFS file system; file operation; intuitive computer forensic method; timestamp changing patterns; Mobile communication; Ubiquitous computing; Web and internet services; Digital forensics; NTFS filesystem; event reconstruction; intuitive forensic; timestamp changing pattern;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Innovative Mobile and Internet Services in Ubiquitous Computing (IMIS), 2014 Eighth International Conference on
Conference_Location :
Birmingham
Print_ISBN :
978-1-4799-4333-3
Type :
conf
DOI :
10.1109/IMIS.2014.92
Filename :
6975522
Link To Document :
https://search.ricest.ac.ir/dl/search/defaultta.aspx?DTC=49&DC=175306
بازگشت