Detection of Suspicious Timestamps in NTFS using Volume Shadow Copies
نویسندگان
چکیده
When a computer gets involved in crime, it is the mission of digital forensic experts to extract left binary artifacts on that device. Among those artifacts, there may be some volume shadow copy files Windows operating system. Those are snapshots recorded by system case needed restore specific past date. Before this study, we did not know if valuable information hold within snapshot can exploited locate suspicious timestamps an NTFS formatted partition. This study provides reader with inter-snapshot time analysis for detecting file timestamp manipulation. In other words, will leverage presence multiples copies detect any tampering timestamps. A detection algorithm contributed. Its main role assist investigator spot manipulation has occurred. addition, virtual environment been set up validate use proposed detection.
منابع مشابه
metrics for the detection of changed buildings in 3d old vector maps using als data (case study: isfahan city)
هدف از این تحقیق، ارزیابی و بهبود متریک های موجود جهت تایید صحت نقشه های قدیمی سه بعدی برداری با استفاده از ابر نقطه حاصل از لیزر اسکن جدید شهر اصفهان می باشد . بنابراین ابر نقطه حاصل از لیزر اسکنر با چگالی حدودا سه نقطه در هر متر مربع جهت شناسایی عوارض تغییر کرده در نقشه های قدیمی سه بعدی استفاده شده است. تمرکز ما در این تحقیق بر روی ساختمان به عنوان یکی از اصلی ترین عارضه های شهری می باشد. من...
Detecting Suspicious Card Transactions in unlabeled data of bank Using Outlier Detection Techniqes
With the advancement of technology, the use of ATM and credit cards are increased. Cyber fraud and theft are the kinds of threat which result in using these Technologies. It is therefore inevitable to use fraud detection algorithms to prevent fraudulent use of bank cards. Credit card fraud can be thought of as a form of identity theft that consists of an unauthorized access to another person's ...
متن کاملDamage Detection in Beam-like Structures using Finite Volume Method
In this paper the damage location in beam like-structure is determined using static and dynamic data obtained using finite volume method. The change of static and dynamic displacement due to damage is used to establish an indicator for determining the damage location. In order to assess the robustness of the proposed method for structural damage detection, three test examples including a static...
متن کاملReal-Time Volume Shadow Using Stencil Buffer
Two of the best methods to recognize silhouette to create real-time volume shadow in virtual environment are described in this paper. Volume shadow algorithm is implemented for virtual environment with moveable illuminated light source. Triangular method and the Visible-non visible method are introduced. The recent traditional silhouette detection and implementation techniques used in volume sh...
متن کاملMoving Shadow Detection in Video Using Cepstrum
Moving shadows constitute problems in various applications such as image segmentation and object tracking. The main cause of these problems is the misclassification of the shadow pixels as target pixels. Therefore, the use of an accurate and reliable shadow detection method is essential to realize intelligent video processing applications. In this paper, a cepstrum‐based meth...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: International Journal of Computer Network and Information Security
سال: 2021
ISSN: ['2074-9090', '2074-9104']
DOI: https://doi.org/10.5815/ijcnis.2021.04.06