[Zurück]


Vorträge und Posterpräsentationen (mit Tagungsband-Eintrag):

S. Neuner, A. Voyiatzis, M Schmiedecker, E. Weippl:
"Timestamp hiccups: Detecting manipulated filesystem timestamps on NTFS";
Vortrag: 12th International Conference on Availability, Reliability and Security (ARES 2017), Reggio Calabria, Italy; 29.08.2017 - 01.09.2017; in: "Proceedings of ARES 2017 (ACM International Conference Proceedings Series)", (2017).



Kurzfassung englisch:
Redundant capacity in filesystem timestamps is recently proposed
in the literature as an effective means for information hiding and
data leakage.
Here, we evaluate the steganographic capabilities of such chan-
nels and propose techniques to aid digital forensics investigation
towards identifying and detecting manipulated filesystem times-
tamps.
Our findings indicate that different storage media and interfaces
exhibit different timestamp creation patterns. Such differences
can be utilized to characterize file source media and increase the
analysis capabilities of the incident response process.

Erstellt aus der Publikationsdatenbank der Technischen Universität Wien.