• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2001.10a
• /
• pp.541-544
• /
• 2001

The difference of transfer mode between TDMA and ATM causes cell delay variation(CDV) to be generated in the receiving station. I proposed a optimization method of timestamps for discrete-timestamps mechanism to compensate CDV and an application method in multiple timestamps mechanism.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.10 no.2
• /
• pp.91-105
• /
• 2014

This paper proposes a digital forensic method by an evaluation function based on timestamp changing patterns. Operations on file or folder leave changed timestamps, which give the ways to know what operations were executed. Changes of timestamps of ten operations of a file and eight operations of a folder were examined. Analyses on the changes on the eight folder operations are newly added in this paper, which are not performed in the previous works. Based on the timestamps changes of the file and the folder, two evaluation functions are proposed. The first evaluation function checks whether timestamps are changed by file and folder operations, and the second evaluation function checks whether timestamps are originated from a source file or other attribute field. By the two output values from these evaluation functions, a digital forensic investigation on the file or the folder is performed. With some cases, i. e. file copy and folder creation operations, the proposed forensic method is tested for its usefulness.

• International Journal of Internet, Broadcasting and Communication
• /
• v.8 no.3
• /
• pp.31-40
• /
• 2016

In this paper, we propose a new anti-forensic method for hiding data in the timestamp of a file in the Windows NTFS filesystem. The main idea of the proposed method is to utilize the 16 least significant bits of the 64 bits in the timestamps. The 64-bit timestamp format represents a number of 100-nanosecond intervals, which are small enough to appear in less than a second, and are not commonly displayed with full precision in the Windows Explorer window or the file browsers of forensic tools. This allows them to be manipulated for other purposes. Every file has $STANDARD_INFORMATION and $FILE_NAME attributes, and each attribute has four timestamps respectively, so we can use 16 bytes to hide data. Without any changes in an original timestamp of "year-month-day hour:min:sec" format, we intentionally put manipulated data into the 16 least significant bits, making the existence of the hidden data in the timestamps difficult to uncover or detect. We demonstrated the applicability and feasibility of the proposed method with a test case.

• The Transactions of the Korea Information Processing Society
• /
• v.7 no.9
• /
• pp.2980-2993
• /
• 2000

In order to achieve the rapid deployment of services. B-ISON network is being combined with terrestrial ATM and satellite network. Cell delay variation (CDV) generated by the difference of transfer mode between TOMA and ATM deteriorates transmission quality of the network system. We proposed the Partial Timestamps algorithm to supplement the problems of existing COV compensation methods. To minimize CDV and to utilize the satellite channels efficiently. only the optimized timestamps of a few cells within a control unit time of TDMA are selected and transmitted to the receiving earth station. The COV compensating efficiency of Partial Timestamps is evaluated by simulation. It is confirmed that CDV compensation capability of the proposed mechanism is superior to the other methods.

• Journal of the Korea Society of Computer and Information
• /
• v.23 no.8
• /
• pp.75-84
• /
• 2018

In this research, a bit correction technique of data hiding method in timestamp of MFT entry in NTFS file system is proposed. This method is proposed in two ways, depending on the number of bytes of data to hide. A basic data hiding method using a bit correction technique to solve the problems of the conventional 2-byte technique is proposed. In order to increase the capacity of the data, a 3-byte data hiding method using an extended bit correction technique is proposed. The data hiding method in the timestamps is based on the fact that is not revealed in the Windows explorer window and the command prompt window even if any data is hidden in the timestamp area of less than one second. It is shown that the validity of the proposed method through the experimental two cases of the basic data hiding method by the bit correction method and the 3-byte data hiding method by the extended bit correction method.

• Journal of Information Processing Systems
• /
• v.18 no.3
• /
• pp.402-410
• /
• 2022

Digital data can be manipulated easily, so information related to the timestamp is important in establishing the reliability of the data. The time values for a certain file can be extracted following the analysis of the filesystem metadata or file internals, and the information can be utilized to organize a timeline for a digital investigation. Suppose the reversal of a timestamp is found on a mobile device during this process. In this case, a more detailed analysis is required due to the possibility of anti-forensic activity, but little previous research has investigated the handling and possible manipulation of timestamps on mobile devices. Therefore, in this study, we determine how time values for multimedia files are handled according to the operating system or filesystem on mobile devices. We also discuss five types of timestamps-file created (C), last modified (M), last accessed (A), digitalized (Di), and filename (FN) of multimedia files, and experimented with their operational features across multiple devices such as smartphones and cameras.

• Journal of Communications and Networks
• /
• v.6 no.4
• /
• pp.376-386
• /
• 2004

In ad hoc networks, loss-based congestion window progression by the traditional means of duplicate ACKs and timeouts causes high network buffer utilization due to large bursts of data, thereby degrading network bandwidth utilization. Moreover, network-oriented feedbacks to handle route disconnection events may impair packet forwarding capability by adding to MAC layer congestion and also dissipate considerable network resources at reluctant intermediate nodes. Here, we propose a new TCP scheme that does not require the participation of intermediate nodes. It is a purely end-to-end scheme using TCP timestamps to deduce link conditions. It also eliminates spurious reductions of the transmission window in cases of timeouts and fast retransmits. The scheme incorporates a receiver-oriented rate controller (rater), and a congestion window delimiter for the 802.11 MAC protocol. In addition, the transient nature of medium availability due to medium contention during the connection time is addressed by a freezing timer (freezer) at the receiver, which freezes the sender whenever heavy contention is perceived. Finally, the sender-end is modified to comply with the receiver-end enhancements, as an optional deployment. Simulation studies show that our modification of TCP for ad hoc networks offers outstanding performance in terms of goodput, as well as throughput.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.17 no.2
• /
• pp.7-13
• /
• 2017

Many systems rely on reliable timestamps to determine the time of a particular action or event. This is especially true in digital investigations where investigators are attempting to determine when a suspect actually committed an action. The challenge, however, is that objects are not updated at the exact moment that an event occurs, but within some time-span after the actual event. In this work we define a simple model of digital systems with objects that have associated timestamps. The model is used to predict object update patterns for objects with associated timestamps, and make predictions about these update time-spans. Through empirical studies of digital systems, we show that timestamp update patterns are not instantaneous. We then provide a method for calculating the distribution of timestamp updates on a particular system to determine more accurate action instance times.

• ETRI Journal
• /
• v.31 no.4
• /
• pp.466-468
• /
• 2009

In this letter, we propose a one-way ranging algorithm that is based on wireless synchronization with measured timestamps and clock frequency offsets. In our proposed algorithm, an active mobile node initiates a ranging procedure by transmitting a ranging frame, and the anchor nodes report their timestamps for the received ranging frame to a reference anchor node. The synchronization of a pair of nodes is provided with instantaneous time information, and the corresponding difference of distances can be calculated.

• Journal of the Korea Society of Computer and Information
• /
• v.24 no.9
• /
• pp.51-58
• /
• 2019

Temporal analysis is very useful and important for digital forensics for reconstructing the timeline of digital events. Forgery of a file's timestamp can lead to inconsistencies in the overall temporal relationship, making it difficult to analyze the timeline in reconstructing actions or events and the results of the analysis might not be reliable. The purpose of the timestamp change is to hide the data in a steganographic way, and the other purpose is for anti-forensics. In both cases, the time stamp change tools are requested to use. In this paper, we propose a classification method based on the behavior of the timestamp change tools. The timestamp change tools are categorized three types according to patterns of the changed timestamps after using the tools. By analyzing the changed timestamps, it can be decided what kind of tool is used. And we show that the three types of the patterns are closely related to API functions which are used to develop the tools.