A New Timestamp Digital Forensic Method Using a Modified Superincreasing Sequence

Gyu-Sang Cho

首页> 外文期刊>International journal of digital crime and forensics >A New Timestamp Digital Forensic Method Using a Modified Superincreasing Sequence

【24h】

A New Timestamp Digital Forensic Method Using a Modified Superincreasing Sequence

机译：修改后的超递增序列的新时间戳数字取证方法

获取原文

获取原文并翻译 | 示例

掌桥外文数据库（机构版） >>

开具论文收录证明 >>

文献代查 >>

页面导航

摘要
著录项
相似文献
相关主题

摘要

This paper proposes a new digital forensic method using a modified superincreasing sequence. Timestamp changes by file commands in Windows NTFS file system are used for identifying what commands were executed and are a useful and a logical way for performing digital forensics. A superincreasing sequence is modified for the timestamp change patterns to make each timestamp pattern have a distinct value. The method has two functions; one is a timestamp change check function and the other is a forensic evaluation function. The former checks differences of timestamps between before and after command execution, and the latter produces a characteristic output by applying ten kinds of timestamp change patterns. According to the characteristic output, the kind of command that is executed is identified. By virtue of adopting the modified superincreasing sequence, the evaluation function could produce distinct characteristic output values and thereby provides a way to reconstruct executed file commands.

机译：本文提出了一种使用改进的超增序列的新数字取证方法。 Windows NTFS文件系统中文件命令的时间戳更改用于标识执行了哪些命令，并且是执行数字取证的有用且逻辑的方式。修改了时间戳更改模式的超增序列，以使每个时间戳模式都具有不同的值。该方法具有两个功能。一个是时间戳更改检查功能，另一个是法医评估功能。前者检查命令执行前后的时间戳差异，后者通过应用十种时间戳更改模式来产生特征输出。根据特征输出，确定执行的命令的种类。通过采用修改的超增序列，评估函数可以产生不同的特征输出值，从而提供一种重构执行的文件命令的方式。

著录项

来源
《International journal of digital crime and forensics》 |2016年第3期|a11-a33|共23页
作者
Gyu-Sang Cho;
展开▼
作者单位

Dongyang University, Youngju, Republic of Korea;

展开▼
收录信息
原文格式 PDF
正文语种 eng
中图分类
关键词
Digital Forensics; Evaluation Function; NTFS Filesystem; Superincreasing Sequence; Timestamp Change Pattern;

机译：数字取证评估功能;NTFS文件系统;超增序列时间戳更改模式;

相似文献

外文文献
中文文献
专利

1. A computer forensic method for detecting timestamp forgery in NTFS [J] . Gyu-Sang Cho Computers & Security . 2013,第may期

机译：在NTFS中检测时间戳伪造的计算机取证方法
2. Characterization of the caucasian haplogroups present in the SWGDAM forensic mtDNA dataset for 1771 human control region sequences. Scientific Working Group on DNA Analysis Methods. [J] . Allard MW, Miller K, Wilson M, Journal of forensic sciences. . 2002,第6期

机译：SWGDAM法医mtDNA数据集中存在的1771个人类控制区序列的白种人单倍体的特征。 DNA分析方法科学工作组。
3. A modified mini-primer set for analyzing mitochondrial DNA control region sequences from highly degraded forensic samples. [J] . Lee HY, Kim NY, Park MJ, BioTechniques . 2008,第4期

机译：一种改进的微型引物组，用于分析来自高度降解的法医样品的线粒体DNA控制区序列。
4. An Intuitive Computer Forensic Method by Timestamp Changing Patterns [C] . Gyu-Sang Cho International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing . 2014

机译：时间戳变化模式的直观计算机取证方法
5. Adli bili?imde Kaynak do?rulama Ve tan?lamada Ileri Metodlar =Advanced methods for source authentication and attribution in digital forensics [D] . Karakü?ük, Ahmet. 2021

机译：法医毕丽？资源？统治和棕褐色？Lamada方法=数字取证源认证和归因的高级方法
6. Digital Sequences and a Time Reversal-Based Impact Region Imaging and Localization Method [O] . Lei Qiu, Shenfang Yuan, Hanfei Mei, 2013

机译：数字序列和基于时间反转的影响区域成像和定位方法
7. Methods for Enhancement of Timestamp Evidence in Digital Investigations [O] . Willassen Svein Yngvar 2008

机译：在数字调查中增强时间戳证据的方法

A New Timestamp Digital Forensic Method Using a Modified Superincreasing Sequence

摘要

著录项

相似文献

相关主题

期刊订阅