Publication
Analysis of Timestamp Manipulation Detection Tools
| datacite.subject.fos | Engenharia e Tecnologia::Outras Engenharias e Tecnologias | pt_PT |
| dc.contributor.advisor | Negrão, Miguel Cerdeira Marreiros | |
| dc.contributor.advisor | Domingues, Patrício Rodrigues | |
| dc.contributor.advisor | Frade, Miguel Monteiro de Sousa | |
| dc.contributor.author | Santos, Luís Paulo Monteiro dos | |
| dc.date.accessioned | 2024-12-11T16:02:31Z | |
| dc.date.available | 2024-12-11T16:02:31Z | |
| dc.date.issued | 2024-11-19 | |
| dc.description.abstract | Detecting timestamp manipulation on NTFS file systems has historically been challenging, with early tools producing unreliable results in real-world scenarios. Previous methods, as highlighted by Oh et al., often suffered from limitations such as generating false positives by misidentifying normal file system events as manipulation or being unable to detect intentional alterations in timestamps.Tools like NTFS Log Tracker v1.71 and TimestampAnalyser struggled to reliably identify such manipulations. However, recent advancements, such as the release of NTFS Log Tracker v1.9 in May 2024, have demonstrated improved accuracy. The updated tool, as detailed in “Forensic Detection of Timestamp Manipulation for Digital Forensic Investigation,” integrates multiple forensic detection algorithms by leveraging the $MFT, $LogFile, and $UsnJrnl, along with additional system artifacts like Windows Prefetch and LNK files. These enhancements aim to more effectively detect timestamp manipulation in digital forensic investigations. This project explores these advancements and provides updated information about the file operations effects on NTFS timestamps. | pt_PT |
| dc.identifier.tid | 203754344 | pt_PT |
| dc.identifier.uri | http://hdl.handle.net/10400.8/10299 | |
| dc.language.iso | eng | pt_PT |
| dc.subject | Informática forense | pt_PT |
| dc.subject | Sistema de ficheiros NTFS | pt_PT |
| dc.subject | Empresa | pt_PT |
| dc.subject | Análise digital forense | pt_PT |
| dc.title | Analysis of Timestamp Manipulation Detection Tools | pt_PT |
| dc.type | master thesis | |
| dspace.entity.type | Publication | |
| rcaap.rights | openAccess | pt_PT |
| rcaap.type | masterThesis | pt_PT |
| thesis.degree.name | Mestrado em Cibersegurança e Informática Forense | pt_PT |