Economics at your fingertips  

A New Timestamp Digital Forensic Method Using a Modified Superincreasing Sequence

Gyu-Sang Cho
Additional contact information
Gyu-Sang Cho: Dongyang University, Youngju, Republic of Korea

International Journal of Digital Crime and Forensics (IJDCF), 2016, vol. 8, issue 3, 11-33

Abstract: This paper proposes a new digital forensic method using a modified superincreasing sequence. Timestamp changes by file commands in Windows NTFS file system are used for identifying what commands were executed and are a useful and a logical way for performing digital forensics. A superincreasing sequence is modified for the timestamp change patterns to make each timestamp pattern have a distinct value. The method has two functions; one is a timestamp change check function and the other is a forensic evaluation function. The former checks differences of timestamps between before and after command execution, and the latter produces a characteristic output by applying ten kinds of timestamp change patterns. According to the characteristic output, the kind of command that is executed is identified. By virtue of adopting the modified superincreasing sequence, the evaluation function could produce distinct characteristic output values and thereby provides a way to reconstruct executed file commands.

Date: 2016
References: Add references at CitEc
Citations: Track citations by RSS feed

Downloads: (external link) ... 018/IJDCF.2016070102 (application/pdf)

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link:

Access Statistics for this article

More articles in International Journal of Digital Crime and Forensics (IJDCF) from IGI Global
Bibliographic data for series maintained by Journal Editor ().

Page updated 2019-11-24
Handle: RePEc:igg:jdcf00:v:8:y:2016:i:3:p:11-33