Skip to main content
Disciplines
Automotive Business IT + Informatics Construction + Real Estate Electrical Engineering + Electronics Energy + Sustainability Insurance + Risk Finance + Banking Management + Leadership Marketing + Sales Mechanical Engineering + Materials
Events
DE
EN
Books
Journals
Topic Page
Marketing
Start single access now
Access for companies
EXTENDED SEARCH
Log in
Top
Published in:
A Social Tagging Recommendation Model Based on Improved Artificial Fish Swarm Algorithm and Tensor Decomposition Read chapter Read first chapter

2018 | OriginalPaper | Chapter

Identifying Temporal Patterns Using ADS in NTFS for Digital Forensics

Authors : Da-Yu Kao, Yuan-Pei Chan

Published in: Security with Intelligent Computing and Big-data Services

Publisher: Springer International Publishing

Log in

Activate our intelligent search to find suitable subject content or patents.

search-config
loading …

Abstract

The storage and handling of alternate data stream (ADS) in NTFS have posted significant challenges for law enforcement agencies (LEAs). ADS can hide data as any formats in additional $DATA attributes of digital file. The process of data content will update some metadata attributes of date-time stamp in files. This paper introduces ADS and reviews the literature pertaining to the forensic analysis of its data hiding. It describes some temporal patterns for evaluating if ADS are hidden in digital files or not. The analysis of file metadata assists in accurately correlating activities from date-time stamp evidence. The results demonstrate the effectiveness of temporal patterns for digital forensics across various types of file operations.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

inform now
previous chapter An Automatic Approach of Building Threat Patterns in Android
next chapter Ant-Based Botnet C&C Server Traceback
Literature
1.
Arnes, A.: Digital Forensics, pp. 147–190. Wiley, Hoboken (2017)
2.
Carrier, B.: File System Forensic Analysis, pp. 273–396. Pearson Education Inc., London (2005)
3.
Casey, E.: Handbook of Digital Forensics and Investigation, pp. 209–300. Elsevier Inc., Amsterdam (2010)
4.
Casey, E.: Digital Evidence and Computer Crime: Forensic Science, Computers, and the Internet, 3rd edn., pp. 187–306. Elsevier Inc., Amsterdam (2011)
5.
Chow, K.P., Law, F.Y.W., Kwan, M.Y.K., Lai, K.Y.: The rules of time on NTFS file system. In: 2nd International Workshop on Systematic Approaches to Digital Forensic Engineering (SADFE), Bell Harbor, WA, USA, 10–12 April 2007
6.
Ding, X., Zou, H.: Reliable Time Based Forensics in NTFS, pp. 1–2. School of Software, Shanghai Jiao Tong University (2010)
7.
Kao, D.Y.: Cybercrime investigation countermeasure using created-accessed-modified model in cloud computing environments. J. Supercomput. Spec. Issue Emerg. Platf. Technol. 1–20 (2015)
8.
Krahl, K.M.: Using Microsoft Word to Hide Data. Thesis, pp. 1–13. Utica College, ProQuest Dissertations Publishing (2017)
9.
Mahajan, R.: Design and Development of Improved Stealth Alternate Data Streams. Thesis, pp. 6–42. Thapar University, Patiala, India (2014)
Metadata
Title
Identifying Temporal Patterns Using ADS in NTFS for Digital Forensics
Authors
Da-Yu Kao
Yuan-Pei Chan
Copyright Year
2018
Book
Security with Intelligent Computing and Big-data Services

Print ISBN: 978-3-319-76450-4

Electronic ISBN: 978-3-319-76451-1

Copyright Year: 2018

DOI
https://doi.org/10.1007/978-3-319-76451-1_26

Premium Partner

    Image Credits