SANS Institute has published a whitepaper by Xiaoxi Fan titled “Detection of Backdating the System Clock in Windows”. This paper presents three categories of related objects, showing how they work together in detecting system clock backdating: (1) system artifacts (e.g. Windows event log, $MFT, $Logfile, $UsnJrnl, Volume Shadow Copy, $STDINFO and $FILENAME timestamps, and Windows update logs); (2) application artifacts (e.g. antivirus update log and cloud storage sync log); and (3) Internet artifacts (e.g. Internet history and email). The paper intends to put together these artifacts and serve as a reference for investigators to detect system clock backdating.
-
PC3000 Portable III in Digital Forensics
Introduction Sooner or later, most forensics experts have to deal with damaged hard drives… -
How to analyze different types of devices and find connections between them
Modern digital forensics and incident response cases may involve quite different types of … -
Threat Hunting: What it Is, and What it Is Not
Nowadays everybody is talking about threat hunting. Everyone wants to be a threat hunter. …
Load More Related Articles
-
Smartphone Forensics Investigations: An Overview of Third Party App Examination
There are millions of applications that can be used on a smartphone. This mini webcast wit… -
Forensics and Incident Response In The Cloud
The purpose of this webinar is to delve into one of the most challenging aspects of workin… -
Building your Android Application Testing Toolbox
This webcast explores the following topics: 1) Choosing the best test device 2) Rooting yo…
Load More In Webinars
Comments are closed.
