SANS Institute has published a whitepaper by Xiaoxi Fan titled “Detection of Backdating the System Clock in Windows”. This paper presents three categories of related objects, showing how they work together in detecting system clock backdating: (1) system artifacts (e.g. Windows event log, $MFT, $Logfile, $UsnJrnl, Volume Shadow Copy, $STDINFO and $FILENAME timestamps, and Windows update logs); (2) application artifacts (e.g. antivirus update log and cloud storage sync log); and (3) Internet artifacts (e.g. Internet history and email). The paper intends to put together these artifacts and serve as a reference for investigators to detect system clock backdating.
-
Results from the 2018 Volatility Contests
Results from the 2018 Volatility Contests have been published. We congratulate Aliz Hammon… -
Building your Android Application Testing Toolbox
This webcast explores the following topics: 1) Choosing the best test device 2) Rooting yo… -
Load More Related Articles
-
Building your Android Application Testing Toolbox
This webcast explores the following topics: 1) Choosing the best test device 2) Rooting yo… -
Webinar on Timeline Forensics
In April 2018 Microsoft updated Windows 10 with a new feature called “Timeline”. The Timel… -
The Challenges of APFS and How EnCase Can Help
The new Apple File System (APFS) was developed to replace HFS+ and became the default file…
Load More In Webinars
