SANS Institute has published a whitepaper by Xiaoxi Fan titled “Detection of Backdating the System Clock in Windows”. This paper presents three categories of related objects, showing how they work together in detecting system clock backdating: (1) system artifacts (e.g. Windows event log, $MFT, $Logfile, $UsnJrnl, Volume Shadow Copy, $STDINFO and $FILENAME timestamps, and Windows update logs); (2) application artifacts (e.g. antivirus update log and cloud storage sync log); and (3) Internet artifacts (e.g. Internet history and email). The paper intends to put together these artifacts and serve as a reference for investigators to detect system clock backdating.
-
No Tool Fits All – Why Building a Solid Toolbox Matters
In the world of forensics, mobile device investigations could be the most complicated of a… -
Security Event Logging and Monitoring Techniques for Incident Response in Hadoop
This presentation will share some of the techniques and lessons learned in real-world Hado… -
Smart Car Forensics and Vehicle Weaponization
Given a relatively new car with an infotainment system completely decoupled from the car&#…
Load More Related Articles
-
Threat Intelligence Naming Conventions: Threat Actors, & Other Ways of Tracking Threats
Cyber Threat Intelligence (CTI) analysts must have ways of clustering adversary intrusions… -
Apple File System (APFS) – Acquisition, Decryption and Analysis
During this webinar BlackBag Technologies representatives will show you how to acquire, de… -
The Magic of Raw Data Carving
You have used all of the utilities in your expensive forensic suite, and other programs to…
Load More In Webinars
