{"title":"基于时间戳变化模式的直观计算机取证方法","authors":"Gyusang Cho","doi":"10.1109/IMIS.2014.92","DOIUrl":null,"url":null,"abstract":"This proposes an intuitive computer forensic method by timestamp changing patterns of operations on file in Windows NTFS file system. It categorized by seven file operations and has ten distinguishable patterns by their timestamp changes. The distinct timestamp changing patterns make decision on identifying what kind of file operation is performed. Some patterns are easily identified by their distinct timestamp feature intuitively, and some patterns are needed past timestamp to identify the file operation clearly, and some patterns have ambiguity with similar timestamp patterns. With some performed cases, the forensic method is tested and presented for its usage.","PeriodicalId":345694,"journal":{"name":"2014 Eighth International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing","volume":"25 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2014-07-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"An Intuitive Computer Forensic Method by Timestamp Changing Patterns\",\"authors\":\"Gyusang Cho\",\"doi\":\"10.1109/IMIS.2014.92\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"This proposes an intuitive computer forensic method by timestamp changing patterns of operations on file in Windows NTFS file system. It categorized by seven file operations and has ten distinguishable patterns by their timestamp changes. The distinct timestamp changing patterns make decision on identifying what kind of file operation is performed. Some patterns are easily identified by their distinct timestamp feature intuitively, and some patterns are needed past timestamp to identify the file operation clearly, and some patterns have ambiguity with similar timestamp patterns. With some performed cases, the forensic method is tested and presented for its usage.\",\"PeriodicalId\":345694,\"journal\":{\"name\":\"2014 Eighth International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing\",\"volume\":\"25 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2014-07-02\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2014 Eighth International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/IMIS.2014.92\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2014 Eighth International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/IMIS.2014.92","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
An Intuitive Computer Forensic Method by Timestamp Changing Patterns
This proposes an intuitive computer forensic method by timestamp changing patterns of operations on file in Windows NTFS file system. It categorized by seven file operations and has ten distinguishable patterns by their timestamp changes. The distinct timestamp changing patterns make decision on identifying what kind of file operation is performed. Some patterns are easily identified by their distinct timestamp feature intuitively, and some patterns are needed past timestamp to identify the file operation clearly, and some patterns have ambiguity with similar timestamp patterns. With some performed cases, the forensic method is tested and presented for its usage.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
