1 |
eXpress TimeStamp Toucher, "https://www.softpedia.com/get/System/File-Management/TimeStamp-Toucher.shtml
|
2 |
NewFileTime,"https://www.softwareok.com/?seite=Microsoft/NewFileTime"
|
3 |
Bulk File Changer, "https://www.nirsoft.net/utils/bulk_file_changer.html"
|
4 |
SKTimeStamp, https://tools.stefankueng.com/SKTimeStamp.html
|
5 |
Sebastian Neuner et. al., "Timestamp hiccups: Detecting manipulated filesystem timestamps on NTFS", Proc. of the 12th Int. Conf. on Availability, Reliability and Security(ARES '17), Aug. 29, 2017.
|
6 |
Gyu-Sang Cho, "A Computer Forensic Method for Detecting Timestamp Forgery in NTFS", Computer & Security, Vol. 34, pp. 36-46, 2013. 3]
DOI
|
7 |
X. Ding, H. Zou, "Reliable Time Based Forensics in NTFS", 2010 Annual Computer Security Applications Conference, Dec. 6-10, 2010.
|
8 |
P. Zdzichowski et.al., "Anti-Forensic Study", NATO CCDCOE(NATO Cooperative Cyber Defence Centre of Excellence), www.ccdcoe.org, 2015.
|
9 |
Gyu-Sang Cho, "Data Hiding in NTFS Timestamps for Anti-Forensics", International Journal of Internet, Broadcasting and Communication, vol. 8, no. 3, pp. 31-40, 2016.8
DOI
|
10 |
Wicher Minnaard, "Timestomping NTFS," IMSc final research project report, University of Amsterdam, Faculty of Natural Sciences, Mathematics and Computer Science, 2014.
|
11 |
Gyu-Sang Cho, "A Steganographic Data Hiding Method in Timestamps by Bit Correction Technique for Anti-Forensics", Journal of The Korea Society of Computer and Information, Vol. 23 No. 8, pp. 75-84, August 2018.8
DOI
|
12 |
Neuner, S. et. al., "Time is on my side: stegano- graphy in filesystem metadata," Digital Investigation, 18, pp. S76-S86. 2016.
DOI
|
13 |
A. Gungor, "Date Forgery Analysis and Timestamp Resolution", https://www.meridiandiscovery.com/articles/date-forgery-analysis-timestamp-resolution/, August 11, 2014
|
14 |
T. Gobel and H. Baier, "Anti-forensics in ext4: On secrecy and usability of timestamp-based data hiding," Digital Investigation, 24, pp. S111-S120, 2018.
DOI
|
15 |
INFO: Working with the FILETIME Structure, https://support.microsoft.com/en-us/help/188768/info-working-with-the-filetime-structure
|
16 |
Microsoft Windows Dev Center, "SetFileTime function", https://docs.microsoft.com/en-us/windows/win32/api/fileapi/nf-fileapi-setfiletime
|
17 |
Microsoft Hardware Dev Center, "NtSetInformation File function", https://docs.microsoft.com/ko-kr/windows-hardware/drivers/ddi/content/ntfs/nf-ntifs-ntsetinformationfile
|
18 |
Microsoft Hardware Dev Center, "FILE_BASIC_INFORMATION sturcture", https://docs.microsoft.com/en-us/windows-hardware/drivers/ddi/content/wdm/ns-wdm-file_basic_information
|
19 |
SetMace, "https://github.com/jschicht/SetMace"
|
20 |
Metasploit Anti Forensics Project, http://www.metasploit.com/research/projects/antiforensics
|
21 |
Microsoft Hardware Dev Center, "IRP_MJ_WRITE", https://docs.microsoft.com/ko-kr/windows-hardware/drivers/ifs/irp-mj-write
|
22 |
Ahmed A. Bahjat and Jim Jones, "Deleted file fragment dating by analysis of allocated neighbors", Digital Investigation, Vol.28, pp. S60-S67, 2019.
DOI
|
23 |
Gyu-Sang Cho, "Digital Forensic Analysis of Timestamp Change Tools: An Anti-Forensics Perspective", Proceedings of KSCI Summer Conference 2019 Vol. 27 No. 2, pp. 391-392, July 2019.
|
24 |
FileTouch, "http://www.softtreetech.com/24x7/archive/47.htm"
|
25 |
chtime, "https://github.com/Loadmaster/chtime-win32"
|