Journal of Information Processing Systems

  • 제18권3호
  • /
  • Pages.402-410
  • /
  • 2022
  • /
  • 1976-913X(pISSN)
  • /
  • 2092-805X(eISSN)
한국정보처리학회 (Korea Information Processing Society)
권호 표지
DOI QR코드

DOI QR Code

A Study on the Processing of Timestamps in the Creation of Multimedia Files on Mobile Devices

  • Han, Jaehyeok (School of Cybersecurity, Institute of Cyber Security & Privacy (ICSP), Korea University) ;
  • Lee, Sangjin (School of Cybersecurity, Institute of Cyber Security & Privacy (ICSP), Korea University)
  • 투고 : 2021.01.14
  • 심사 : 2021.06.27
  • 발행 : 2022.06.30
PDF 다운로드
⟨ 이전 논문 다음 논문 ⟩

초록

Digital data can be manipulated easily, so information related to the timestamp is important in establishing the reliability of the data. The time values for a certain file can be extracted following the analysis of the filesystem metadata or file internals, and the information can be utilized to organize a timeline for a digital investigation. Suppose the reversal of a timestamp is found on a mobile device during this process. In this case, a more detailed analysis is required due to the possibility of anti-forensic activity, but little previous research has investigated the handling and possible manipulation of timestamps on mobile devices. Therefore, in this study, we determine how time values for multimedia files are handled according to the operating system or filesystem on mobile devices. We also discuss five types of timestamps-file created (C), last modified (M), last accessed (A), digitalized (Di), and filename (FN) of multimedia files, and experimented with their operational features across multiple devices such as smartphones and cameras.

키워드

참고문헌

  1. S. Garfinkel, "Digital forensics XML and the DFXML toolset," Digital Investigation, vol. 8, no. 3-4, pp. 161-174, 2012. https://doi.org/10.1016/j.diin.2011.11.002
  2. C. Chen, X. Zhao, and M. C. Stamm, "Mislgan: an anti-forensic camera model falsification framework using a generative adversarial network," in Proceedings of 2018 25th IEEE International Conference on Image Processing (ICIP), Athens, Greece, 2018, pp. 535-539.
  3. H. Pomeranz, "Understanding EXT4 (Part 4): Demolition Derby," 2011 [Online]. Available: https://www.sans.org/blog/understanding-ext4-part-4-demolition-derby/.
  4. Wikipedia, "Comparison of file systems," 2015 [Online]. Available: https://en.wikipedia.org/wiki/Comparison_of_file_systems.
  5. B. Carrier, File System Forensic Analysis. Upper Saddle River, NJ: Addison-Wesley, 2005.
  6. D. Palmbach and F. Breitinger, "Artifacts for detecting timestamp manipulation in NTFS on windows and their reliability," Forensic Science International: Digital Investigation, vol. 32, article no. 300920, 2020. https://doi.org/10.1016/j.fsidi.2020.300920
  7. C. G. Lim, Y. S. Jeong, and H. J. Choi, "Survey of temporal information extraction," Journal of Information Processing Systems, vol. 15, no. 4, pp. 931-956, 2019. https://doi.org/10.3745/JIPS.04.0129
  8. Date and time-Representations for information interchange-Part 1: Basic rules, ISO 8601-1:2019, 2019.
  9. Microsoft, "MS-DOS Date and Time," 2021 [Online]. Available: https://docs.microsoft.com/enus/windows/win32/sysinfo/ms-dos-date-and-time.
  10. Microsoft, "File times," 2021 [Online]. Available: https://docs.microsoft.com/en-us/windows/win32/sysinfo/file-times.
  11. P. Harvey, "ExifTool version 12.14," 2022 [Online]. Available: https://exiftool.org/.
  12. Digital Detective, "DCode version 5.2," 2022 [Online]. Available: https://www.digital-detective.net/dcode/.
  13. J. O. Nelson, "Comparative analysis of iPhone image data across various transfer methods," Ph.D. dissertation, University of Colorado, Denver, CO, 2020
  14. P. Yacovetta, "Benefits of using multiple timestamps during timeline analysis in digital forensics," 2010 [Online]. Available: https://www.sans.org/blog/benefits-of-using-multiple-timestamps-during-timeline-analy sis-in-digital-forensics/.
  15. E. Antsilevich, "Capturing timestamp precision for digital forensics," James Madison University, Harrisonburg, VA, Report No. JMU-INFOSEC-TR-2009-002, 2009.
  16. T. Gobel and H. Baier, "Anti-forensics in ext4: on secrecy and usability of timestamp-based data hiding," Digital Investigation, vol. 24, pp. S111-S120, 2018. https://doi.org/10.1016/j.diin.2018.01.014
  17. T. Knutson, "Filesystem timestamps: what makes them tick?," 2016 [Online]. Available: https://www.sans.org/white-papers/36842/.
  18. A. Nieto and R. Rios, "Cybersecurity profiles based on human-centric IoT devices," Human-centric Computing and Information Sciences, vol. 9, article no. 39, 2019. https://doi.org/10.1186/s13673-019-0200-y
  19. M. A. Alqarni, S. H. Chauhdary, M. N. Malik, M. Ehatisham-ul-Haq, and M. A. Azam, "Identifying smartphone users based on how they interact with their phones," Human-centric Computing and Information Sciences, vol. 10, article no. 7, 2020. https://doi.org/10.1186/s13673-020-0212-7
  20. S. Hayat, A. Rextin, A. Idris, and M. Nasim, "Text and phone calls: user behaviour and dual-channel communication prediction," Human-centric Computing and Information Sciences, vol. 10, article no. 11, 2020. https://doi.org/10.1186/s13673-020-00217-x
  21. J. Jeong, D. Kim, B. Lee, and Y. Son, "Design and implementation of a digital evidence management model based on Hyperledger Fabric," Journal of Information Processing Systems, vol. 16, no. 4, pp. 760-773, 2020. https://doi.org/10.3745/JIPS.04.0178