Unlock instant, AI-driven research and patent intelligence for your innovation.

Digital forensic analysis and recognition method based on time attributes

A time attribute and time technology, applied in the field of information security, can solve problems such as loss, evidence confusion timeline, etc., and achieve the effect of reducing uncertainty

Active Publication Date: 2021-04-30
CHONGQING UNIV OF POSTS & TELECOMM
View PDF9 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Changes to this metadata can cause unintended confusion and loss of timelines when analyzing forensic evidence

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Digital forensic analysis and recognition method based on time attributes
  • Digital forensic analysis and recognition method based on time attributes
  • Digital forensic analysis and recognition method based on time attributes

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0038] Embodiments of the present invention are described below through specific examples, and those skilled in the art can easily understand other advantages and effects of the present invention from the content disclosed in this specification. The present invention can also be implemented or applied through other different specific implementation modes, and various modifications or changes can be made to the details in this specification based on different viewpoints and applications without departing from the spirit of the present invention. It should be noted that the diagrams provided in the following embodiments are only schematically illustrating the basic concept of the present invention, and the following embodiments and the features in the embodiments can be combined with each other in the case of no conflict.

[0039] Wherein, the accompanying drawings are for illustrative purposes only, and represent only schematic diagrams, rather than physical drawings, and should...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to a digital forensic analysis and recognition method based on time attributes, and belongs to the field of information safety. The method comprises the following steps: firstly, extracting electronic data and analyzing timestamp information contained in file metadata; secondly, performing basic judgment on the file according to an influence rule of common operation on the timestamp of the file; and then, further judging whether the MFT time creation record has the possibility of being tampered or not based on LogFile. Then, judging whether the MFT time modification record is tampered or not based on USNjrnl; secondly, judging whether a time forgery tool use trace exists or not on the basis of the timestamps recorded by the Precut files; and finally, judging whether the MFT time is tampered or not based on the timestamps recorded by the Link files. According to the invention, authenticity recognition of uncertainty of a single evidence in a case is facilitated, and the credibility of an evidence obtaining analysis result is improved.

Description

technical field [0001] The invention belongs to the field of information security, and relates to a time attribute-based digital forensic analysis and identification method. Background technique [0002] Forensic investigators especially rely on metadata such as timestamps during investigations. Anti-forensics techniques and tools are also increasingly being used to evade digital forensics investigations, such as tampering with timestamps. Time tampering is the intentional change of the creation, modification, or access timestamps of files or directories in the file system of a hard drive, USB flash drive, flash memory card, or other storage device. Since time stamps are critical to both security event reconstruction and timeline creation, the authenticity and reliability of time stamps extracted from electronic storage media are critical to forensic investigations. Because of their importance, and the fact that it is relatively easy to change timestamps using current open...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/62G06F21/64
CPCG06F21/6218G06F21/64G06F2221/2151
Inventor 陈龙张程董振兴
Owner CHONGQING UNIV OF POSTS & TELECOMM