Browse > Article
http://dx.doi.org/10.7236/JIIBC.2016.16.3.21

Analysis of File Time Change by File Manipulation of Linux System  

Yoo, Byeongyeong (Dept. of Computer Science, Agency for Defense Development)
Publication Information
The Journal of the Institute of Internet, Broadcasting and Communication / v.16, no.3, 2016 , pp. 21-28 More about this Journal
Abstract
File Time information has a significant meaning in digital forensic investigation. File time information in Linux Ext4 (Extended File System 4) environment is the Access Time, Modification Time, Inode Change Time, Deletion Time and Creation Time. File time is variously changed by user manipulations such as creation, copy and edit. And, the study of file time change is necessary for evidence analysis. This study analyzes the change in time information of files or folders resulting from user manipulations in Linux operating system and analyzes ways to determine real time of malware infection and whether the file was modulation.
Keywords
Digital Forensic; File System; File Time;
Citations & Related Records
Times Cited By KSCI : 3  (Citation Analysis)
연도 인용수 순위
1 Jewan Bang, Byeongyeong Yoo, Sangjin Lee, "Analysis of changes in file time attributes with file manipulation", Digital Investigation, Vol. 7, Issues 3-4, pp. 135-144, 2011.   DOI
2 Jewan Bang, Byeongyeong Yoo, Jongsung Kim, Sangjin Lee, "Analysis of Time Information for Digital Investigation" INC, IMS and IDC, 2009. NCM '09. Fifth International Joint Conference on, pp. 1858-1864, 2009.
3 Val Henson, Zach Brown, Theodore Ts'o, and Arjan van de Ven, "Reducing fsck time for ext2 file systems," Proceeding of the Linux Symposium, Vol. 1, 2006.
4 Philip Craiger, "Recovering Digital Evidence from Linux Systems," IFIP The International Federation for Information Processing, Vol. 194, pp. 233-244, 2005.
5 SANS Information, Network, Computer Security Training, Research, Resources, http://www.sans.org.
6 Hal Pomeranz, "EXT3 File Recovery via Indirect Blocks," http://computer-forensics.sans.org/summit-archives/2011/EXT3-file-recovery.pdf.
7 Gregorio Narvaez, "Taking advantage of Ext3 journaling file system in a forensic investigation," SANS Institute Reading Room, 2007.
8 Kevin D. Fairbanks, "An analysis of Ext4 for digital forensics," Digital Investigation, Vol. 9, pp. 118-130, 2012.   DOI
9 Dohyun Kim, Jungheum Park, Keun-gi Lee, and Sangjin Lee, "Forensic Analysis of Android Phone using Ext4 File System Journal Log," Lecture Notes in Electrical Engineering, Vol. 164, pp. 435-446, 2012.
10 Dohyun Kim, Jungheum Park, Sangjin Lee, "File Carving for Ext4 File System on Android OS", Journal of The Korea Institute of Information Security & Cryptology(JKIISC), Vol. 23, No. 3, 2013.
11 Soeui Kim, Duri Choi, Beongku An, "Detection and Prevention Method by Analyzing Malignant Code of Malignant Bot,, The Journal of The Institute of Internet, Broadcasting and Communication(JIIBC), Vol. 8, No. 2, pp. 199-207, 2013.
12 Operation Windigo Analysis Report, http://www.welivesecurity.com/wp-content/uploads/2014/03/operation_windigo.pdf.
13 Se-Ryoung Kim, Huy-Kang Kim, "Fuzzy Expert System for Detecting Anti-Forensic Activities", Journal of Internet Computing and Services, Volume 12, Issue 5, pp. 47-61, 2011