Browse > Article
http://dx.doi.org/10.3745/JIPS.04.0245

A Study on the Processing of Timestamps in the Creation of Multimedia Files on Mobile Devices  

Han, Jaehyeok (School of Cybersecurity, Institute of Cyber Security & Privacy (ICSP), Korea University)
Lee, Sangjin (School of Cybersecurity, Institute of Cyber Security & Privacy (ICSP), Korea University)
Publication Information
Journal of Information Processing Systems / v.18, no.3, 2022 , pp. 402-410 More about this Journal
Abstract
Digital data can be manipulated easily, so information related to the timestamp is important in establishing the reliability of the data. The time values for a certain file can be extracted following the analysis of the filesystem metadata or file internals, and the information can be utilized to organize a timeline for a digital investigation. Suppose the reversal of a timestamp is found on a mobile device during this process. In this case, a more detailed analysis is required due to the possibility of anti-forensic activity, but little previous research has investigated the handling and possible manipulation of timestamps on mobile devices. Therefore, in this study, we determine how time values for multimedia files are handled according to the operating system or filesystem on mobile devices. We also discuss five types of timestamps-file created (C), last modified (M), last accessed (A), digitalized (Di), and filename (FN) of multimedia files, and experimented with their operational features across multiple devices such as smartphones and cameras.
Keywords
Digital forensics; Filesystem; Multimedia; OS; Reversal; Smartphone; Timestamp;
Citations & Related Records
Times Cited By KSCI : 2  (Citation Analysis)
연도 인용수 순위
1 J. O. Nelson, "Comparative analysis of iPhone image data across various transfer methods," Ph.D. dissertation, University of Colorado, Denver, CO, 2020
2 M. A. Alqarni, S. H. Chauhdary, M. N. Malik, M. Ehatisham-ul-Haq, and M. A. Azam, "Identifying smartphone users based on how they interact with their phones," Human-centric Computing and Information Sciences, vol. 10, article no. 7, 2020. https://doi.org/10.1186/s13673-020-0212-7   DOI
3 A. Nieto and R. Rios, "Cybersecurity profiles based on human-centric IoT devices," Human-centric Computing and Information Sciences, vol. 9, article no. 39, 2019. https://doi.org/10.1186/s13673-019-0200-y   DOI
4 Microsoft, "MS-DOS Date and Time," 2021 [Online]. Available: https://docs.microsoft.com/enus/windows/win32/sysinfo/ms-dos-date-and-time.
5 C. Chen, X. Zhao, and M. C. Stamm, "Mislgan: an anti-forensic camera model falsification framework using a generative adversarial network," in Proceedings of 2018 25th IEEE International Conference on Image Processing (ICIP), Athens, Greece, 2018, pp. 535-539.
6 H. Pomeranz, "Understanding EXT4 (Part 4): Demolition Derby," 2011 [Online]. Available: https://www.sans.org/blog/understanding-ext4-part-4-demolition-derby/.
7 D. Palmbach and F. Breitinger, "Artifacts for detecting timestamp manipulation in NTFS on windows and their reliability," Forensic Science International: Digital Investigation, vol. 32, article no. 300920, 2020. https://doi.org/10.1016/j.fsidi.2020.300920   DOI
8 Digital Detective, "DCode version 5.2," 2022 [Online]. Available: https://www.digital-detective.net/dcode/.
9 E. Antsilevich, "Capturing timestamp precision for digital forensics," James Madison University, Harrisonburg, VA, Report No. JMU-INFOSEC-TR-2009-002, 2009.
10 J. Jeong, D. Kim, B. Lee, and Y. Son, "Design and implementation of a digital evidence management model based on Hyperledger Fabric," Journal of Information Processing Systems, vol. 16, no. 4, pp. 760-773, 2020.   DOI
11 T. Knutson, "Filesystem timestamps: what makes them tick?," 2016 [Online]. Available: https://www.sans.org/white-papers/36842/.
12 S. Garfinkel, "Digital forensics XML and the DFXML toolset," Digital Investigation, vol. 8, no. 3-4, pp. 161-174, 2012.   DOI
13 Microsoft, "File times," 2021 [Online]. Available: https://docs.microsoft.com/en-us/windows/win32/sysinfo/file-times.
14 P. Harvey, "ExifTool version 12.14," 2022 [Online]. Available: https://exiftool.org/.
15 P. Yacovetta, "Benefits of using multiple timestamps during timeline analysis in digital forensics," 2010 [Online]. Available: https://www.sans.org/blog/benefits-of-using-multiple-timestamps-during-timeline-analy sis-in-digital-forensics/.
16 T. Gobel and H. Baier, "Anti-forensics in ext4: on secrecy and usability of timestamp-based data hiding," Digital Investigation, vol. 24, pp. S111-S120, 2018.   DOI
17 Date and time-Representations for information interchange-Part 1: Basic rules, ISO 8601-1:2019, 2019.
18 Wikipedia, "Comparison of file systems," 2015 [Online]. Available: https://en.wikipedia.org/wiki/Comparison_of_file_systems.
19 B. Carrier, File System Forensic Analysis. Upper Saddle River, NJ: Addison-Wesley, 2005.
20 C. G. Lim, Y. S. Jeong, and H. J. Choi, "Survey of temporal information extraction," Journal of Information Processing Systems, vol. 15, no. 4, pp. 931-956, 2019.   DOI
21 S. Hayat, A. Rextin, A. Idris, and M. Nasim, "Text and phone calls: user behaviour and dual-channel communication prediction," Human-centric Computing and Information Sciences, vol. 10, article no. 11, 2020. https://doi.org/10.1186/s13673-020-00217-x   DOI