Detecting timestamp forgery in NTFS file system using logfile
- Pratik Patel
- Shailendra Mishra
Computer forensics, Digital forensics, Evidence, Forensic tools, NTFS file system, $Log file.
In the current era of digital world, user and investigator are more dependent on digital data. Digital data are very vast in size and also stored in various formats. So, the major problem is identification of upcoming data as true or false by the user or investigator. To overcome this problem different methods and techniques are adapted. Forensic method is used for validation of data. A computer forensic method can be used for detecting the different types of forgeries and computer crime. Forgeries and computer crime are the most major concern of the digital world. Lots of techniques and methods have been used to find a proper solution to overcome these forgery problems. Occurrences of digital crimes or forgeries are investigated using a method or technique called forensics. Initially a general survey was carried out to understand the different methods used in computer forensics to track the evidences which could be useful for detecting the computer crime and forgery. Forensic tools can be used for making any changes to data or tampering of data. Different rule sets or methods are defined to detect the various errors regarding the changes and the tampering of the data in different windows file systems. The data is tampered or modified in either of the two ways i.e., offline or online. In this research, offline data is of upmost concern. Digital evidence which stores information in digital form can be used to detect forgery and computer crime. In this paper, a computer forensic method for detecting timestamp forgery in the Windows NTFS file system is presented. The accuracy of timestamp forgery can be further improved by using attributes of files like size, time. The tool can be used for all types of files.
Pratik Patel, Shailendra Mishra. "Detecting timestamp forgery in NTFS file system using logfile".INTERNATIONAL JOURNAL OF ENGINEERING DEVELOPMENT AND RESEARCH ISSN:2321-9939, Vol.2, Issue 3, pp.3224-3227, URL :https://rjwave.org/ijedr/papers/IJEDR1403067.pdf
Volume 2 Issue 3
Pages. 3224-3227
