|
Einrichtungen >> Technische Fakultät (TF) >> Department Informatik (INF) >> Lehrstuhl für Informatik 1 (IT-Sicherheitsinfrastrukturen) >>
|
Timestamp Forensics on Linux and BSD
- Art der Arbeit:
- Studien-/Bachelor-/Diplom-/Masterarbeit
- Betreuer:
- Thierry, Aurelien
Müller, Tilo Lehrstuhl für Informatik 1 (IT-Sicherheitsinfrastrukturen) E-Mail: tilo.mueller@cs.fau.de
- Beschreibung der Arbeit:
- Each file has timestamps indicating when it was last modified (M), read (A), changed (C) and, for some file systems, created (B). Knowing how each operation (file copy, move, etc.) updates MACB timestamps, provides additional forensic information, for instance, when this file was probably moved from another file system.
We published profiling results [1] and implementation [2] for Unix-like OSes (Linux, OpenBSD, FreeBSD) and are looking for useful forensics artifacts derived from the timestamps. What can be inferred from this file's MACB timestamps?
This is an exploratory project which aims include improving the existing profiling implementation (profile libc, desktop software libraries like GNOME or Qt, text editors, etc.), documenting the underlying OS behavior that drives these MACB updates, and finding actionable forensics artifacts.1 https://medium.com/@quoscient/mac-b-timestamps-across-posix-implementations-linux-openbsd-freebsd-1e2d5893e4f
2 https://github.com/quoscient/os_timestamps/
- Schlagwörter:
- Digital Forensics
- Bearbeitungszustand:
Die Arbeit ist bereits abgeschlossen. |
Bearbeiter: | Temgoua Dibanda Berenger |
Abgegeben am: |
13.01.2021 |
|
|
|
|
UnivIS ist ein Produkt der Config eG, Buckenhof |
|
|