Visible to the public Biblio

Filters: Keyword is timestamps  [Clear All Filters]
2021-03-04
Knyazeva, N., Khorkov, D., Vostretsova, E..  2020.  Building Knowledge Bases for Timestamp Changes Detection Mechanisms in MFT Windows OS. 2020 Ural Symposium on Biomedical Engineering, Radioelectronics and Information Technology (USBEREIT). :553—556.

File timestamps do not receive much attention from information security specialists and computer forensic scientists. It is believed that timestamps are extremely easy to fake, and the system time of a computer can be changed. However, operating system for synchronizing processes and working with file objects needs accurate time readings. The authors estimate that several million timestamps can be stored on the logical partition of a hard disk with the NTFS. The MFT stores four timestamps for each file object in \$STANDARDİNFORMATION and \$FILE\_NAME attributes. Furthermore, each directory in the İNDEX\_ROOT or İNDEX\_ALLOCATION attributes contains four more timestamps for each file within it. File timestamps are set and changed as a result of file operations. At the same time, some file operations differently affect changes in timestamps. This article presents the results of the tool-based observation over the creation and update of timestamps in the MFT resulting from the basic file operations. Analysis of the results is of interest with regard to computer forensic science.

2018-02-02
Braun, Johannes, Buchmann, Johannes, Demirel, Denise, Geihs, Matthias, Fujiwara, Mikio, Moriai, Shiho, Sasaki, Masahide, Waseda, Atsushi.  2017.  LINCOS: A Storage System Providing Long-Term Integrity, Authenticity, and Confidentiality. Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security. :461–468.
The amount of digital data that requires long-term protection of integrity, authenticity, and confidentiality grows rapidly. Examples include electronic health records, genome data, and tax data. In this paper we present the secure storage system LINCOS, which provides protection of integrity, authenticity, and confidentiality in the long-term, i.e., for an indefinite time period. It is the first such system. It uses the long-term integrity scheme COPRIS, which is also presented here and is the first such scheme that does not leak any information about the protected data. COPRIS uses information-theoretic hiding commitments for confidentiality-preserving integrity and authenticity protection. LINCOS uses proactive secret sharing for confidential storage of secret data. We also present implementations of COPRIS and LINCOS. A special feature of our LINCOS implementation is the use of quantum key distribution and one-time pad encryption for information-theoretic private channels within the proactive secret sharing protocol. The technological platform for this is the Tokyo QKD Network, which is one of worlds most advanced networks of its kind. Our experimental evaluation establishes the feasibility of LINCOS and shows that in view of the expected progress in quantum communication technology, LINCOS is a promising solution for protecting very sensitive data in the cloud.