Analysis of time information for digital investigation

Jewan Bang, Byeongyeong Yoo, Jongsung Kim, Sangjin Lee

Research output: Chapter in Book/Report/Conference proceedingConference contribution

11 Citations (Scopus)

Abstract

In digital forensics, the creation time, last written time, and last accessed time of a file or folder are important factors that can indicate events that have affected a computer system. The form of the time information varies with the file system, and the information changes the features, depending on the users actions such as copy, transfer, or network transport of files. Specific changes in the time information may be of considerable help in analyzing the users actions in the computer system. This paper analyzes changes in the time information of files and folders for different operations of the FAT and NTFS file systems and attempts to reconstruct the users actions. Further, it demonstrates the use of time information for digital evidence analysis by presenting a case study.

Original languageEnglish
Title of host publicationNCM 2009 - 5th International Joint Conference on INC, IMS, and IDC
Pages1858-1864
Number of pages7
DOIs
Publication statusPublished - 2009
EventNCM 2009 - 5th International Joint Conference on Int. Conf. on Networked Computing, Int. Conf. on Advanced Information Management and Service, and Int. Conf. on Digital Content, Multimedia Technology and its Applications - Seoul, Korea, Republic of
Duration: 2009 Aug 252009 Aug 27

Publication series

NameNCM 2009 - 5th International Joint Conference on INC, IMS, and IDC

Other

OtherNCM 2009 - 5th International Joint Conference on Int. Conf. on Networked Computing, Int. Conf. on Advanced Information Management and Service, and Int. Conf. on Digital Content, Multimedia Technology and its Applications
Country/TerritoryKorea, Republic of
CitySeoul
Period09/8/2509/8/27

Keywords

  • Digital investigation
  • File system
  • Time
  • Windows

ASJC Scopus subject areas

  • Computer Graphics and Computer-Aided Design
  • Computer Science Applications
  • Software

Fingerprint

Dive into the research topics of 'Analysis of time information for digital investigation'. Together they form a unique fingerprint.

Cite this