Analysis of time information for digital investigation

Jewan Bang, Byeongyeong Yoo, Jongsung Kim, Sangjin Lee

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    11 Citations (Scopus)

    Abstract

    In digital forensics, the creation time, last written time, and last accessed time of a file or folder are important factors that can indicate events that have affected a computer system. The form of the time information varies with the file system, and the information changes the features, depending on the users actions such as copy, transfer, or network transport of files. Specific changes in the time information may be of considerable help in analyzing the users actions in the computer system. This paper analyzes changes in the time information of files and folders for different operations of the FAT and NTFS file systems and attempts to reconstruct the users actions. Further, it demonstrates the use of time information for digital evidence analysis by presenting a case study.

    Original languageEnglish
    Title of host publicationNCM 2009 - 5th International Joint Conference on INC, IMS, and IDC
    Pages1858-1864
    Number of pages7
    DOIs
    Publication statusPublished - 2009
    EventNCM 2009 - 5th International Joint Conference on Int. Conf. on Networked Computing, Int. Conf. on Advanced Information Management and Service, and Int. Conf. on Digital Content, Multimedia Technology and its Applications - Seoul, Korea, Republic of
    Duration: 2009 Aug 252009 Aug 27

    Publication series

    NameNCM 2009 - 5th International Joint Conference on INC, IMS, and IDC

    Other

    OtherNCM 2009 - 5th International Joint Conference on Int. Conf. on Networked Computing, Int. Conf. on Advanced Information Management and Service, and Int. Conf. on Digital Content, Multimedia Technology and its Applications
    Country/TerritoryKorea, Republic of
    CitySeoul
    Period09/8/2509/8/27

    Keywords

    • Digital investigation
    • File system
    • Time
    • Windows

    ASJC Scopus subject areas

    • Computer Graphics and Computer-Aided Design
    • Computer Science Applications
    • Software

    Fingerprint

    Dive into the research topics of 'Analysis of time information for digital investigation'. Together they form a unique fingerprint.

    Cite this