Computer Forensics Method in Analysis of Files Timestamps in Microsoft Windows Operating System and NTFS File System

Vesta Sergeevna Matveeva; Alexander Vladimirovich Mamaev

Безопасность информационных технологий (Feb 2013)

Computer Forensics Method in Analysis of Files Timestamps in Microsoft Windows Operating System and NTFS File System

Vesta Sergeevna Matveeva,
Alexander Vladimirovich Mamaev

Affiliations

Vesta Sergeevna Matveeva: National Research Nuclear University MEPhI
Alexander Vladimirovich Mamaev: National Research Nuclear University MEPhI

Journal volume & issue: Vol. 20, no. 1
pp. 114 – 115

Abstract

Read online

All existing file browsers displays 3 timestamps for every file in file system NTFS. Nowadays there are a lot of utilities that can manipulate temporal attributes to conceal the traces of file using. However every file in NTFS has 8 timestamps that are stored in file record and used in detecting the fact of attributes substitution. The authors suggest a method of revealing original timestamps after replacement and automated variant of it in case of a set of files.

Published in Безопасность информационных технологий

ISSN: 2074-7128 (Print); 2074-7136 (Online)
Publisher: Joint Stock Company "Experimental Scientific and Production Association SPELS
Country of publisher: Russian Federation
LCC subjects: Technology: Technology (General): Industrial engineering. Management engineering: Information technology; Science: Science (General): Cybernetics: Information theory
Website: https://bit.spels.ru

About the journal

Abstract

Keywords