SANS Institute has published a whitepaper by Xiaoxi Fan titled “Detection of Backdating the System Clock in Windows”. This paper presents three categories of related objects, showing how they work together in detecting system clock backdating: (1) system artifacts (e.g. Windows event log, $MFT, $Logfile, $UsnJrnl, Volume Shadow Copy, $STDINFO and $FILENAME timestamps, and Windows update logs); (2) application artifacts (e.g. antivirus update log and cloud storage sync log); and (3) Internet artifacts (e.g. Internet history and email). The paper intends to put together these artifacts and serve as a reference for investigators to detect system clock backdating.
-
Tools up: the best software and hardware tools for computer forensics
Igor Mikhailov is a digital forensic analyst of the digital forensic laboratory at Group-I… -
Following the RTM
Researchers became aware of the activities of the RTM group in December 2015. Since then, … -
Using MITRE ATT&CK for Forensics: Image File Execution Options Injection (T1183)
As was promised, we continue our Using MITRE ATT&CK for Forensics series. This time we…
Load More Related Articles
-
Smartphone Forensics Investigations: An Overview of Third Party App Examination
There are millions of applications that can be used on a smartphone. This mini webcast wit… -
Forensics and Incident Response In The Cloud
The purpose of this webinar is to delve into one of the most challenging aspects of workin… -
Building your Android Application Testing Toolbox
This webcast explores the following topics: 1) Choosing the best test device 2) Rooting yo…
Load More In Webinars
