Talks and Poster Presentations (with Proceedings-Entry):
S. Neuner, A. Voyiatzis, M Schmiedecker, E. Weippl:
"Timestamp hiccups: Detecting manipulated filesystem timestamps on NTFS";
Talk: 12th International Conference on Availability, Reliability and Security (ARES 2017),
Reggio Calabria, Italy;
- 2017-09-01; in: "Proceedings of ARES 2017 (ACM International Conference Proceedings Series)",
Redundant capacity in filesystem timestamps is recently proposed
in the literature as an effective means for information hiding and
Here, we evaluate the steganographic capabilities of such chan-
nels and propose techniques to aid digital forensics investigation
towards identifying and detecting manipulated filesystem times-
Our findings indicate that different storage media and interfaces
exhibit different timestamp creation patterns. Such differences
can be utilized to characterize file source media and increase the
analysis capabilities of the incident response process.
Created from the Publication Database of the Vienna University of Technology.