Visible to the public Biblio

Filters: Keyword is NTFS  [Clear All Filters]
2018-05-01
Neuner, Sebastian, Voyiatzis, Artemios G., Schmiedecker, Martin, Weippl, Edgar R..  2017.  Timestamp Hiccups: Detecting Manipulated Filesystem Timestamps on NTFS. Proceedings of the 12th International Conference on Availability, Reliability and Security. :33:1–33:6.

Redundant capacity in filesystem timestamps is recently proposed in the literature as an effective means for information hiding and data leakage. Here, we evaluate the steganographic capabilities of such channels and propose techniques to aid digital forensics investigation towards identifying and detecting manipulated filesystem timestamps. Our findings indicate that different storage media and interfaces exhibit different timestamp creation patterns. Such differences can be utilized to characterize file source media and increase the analysis capabilities of the incident response process.