• DocumentCode
    175306
  • Title

    An Intuitive Computer Forensic Method by Timestamp Changing Patterns

  • Author

    Gyu-Sang Cho

  • Author_Institution
    Dept. of Comput. Inf., Dongyang Univ., Yeongju, South Korea
  • fYear
    2014
  • fDate
    2-4 July 2014
  • Firstpage
    542
  • Lastpage
    548
  • Abstract
    This proposes an intuitive computer forensic method by timestamp changing patterns of operations on file in Windows NTFS file system. It categorized by seven file operations and has ten distinguishable patterns by their timestamp changes. The distinct timestamp changing patterns make decision on identifying what kind of file operation is performed. Some patterns are easily identified by their distinct timestamp feature intuitively, and some patterns are needed past timestamp to identify the file operation clearly, and some patterns have ambiguity with similar timestamp patterns. With some performed cases, the forensic method is tested and presented for its usage.
  • Keywords
    digital forensics; file organisation; operating systems (computers); Windows NTFS file system; file operation; intuitive computer forensic method; timestamp changing patterns; Mobile communication; Ubiquitous computing; Web and internet services; Digital forensics; NTFS filesystem; event reconstruction; intuitive forensic; timestamp changing pattern;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Innovative Mobile and Internet Services in Ubiquitous Computing (IMIS), 2014 Eighth International Conference on
  • Conference_Location
    Birmingham
  • Print_ISBN
    978-1-4799-4333-3
  • Type

    conf

  • DOI
    10.1109/IMIS.2014.92
  • Filename
    6975522
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=175306