The IRMA Community
Newsletters
Research IRM
Click a keyword to search titles using our InfoSci-OnDemand powered search:
|
A Model Based Approach to Timestamp Evidence Interpretation
Abstract
Timestamps play an important role in digital investigations, since they are necessary for the correlation of evidence from different sources. Use of timestamps as evidence can be questionable due to the reference to a clock with unknown adjustment. This work addresses this problem by taking a hypothesis based approach to timestamp investigation. Historical clock settings can be formulated as a clock hypothesis. This hypothesis can be tested for consistency with timestamp evidence by constructing a model of actions affecting timestamps in the investigated system. Acceptance of a clock hypothesis with timestamp evidence can justify the hypothesis, and thereby establish when events occurred in civil time. The results can be used to correlate timestamp evidence from different sources, including identifying correct originators during network trace.
Related Content
|
Shakir A. Mehdiyev, Tahmasib Kh. Fataliyev.
© 2024.
17 pages.
|
|
Fuhai Jia, Yanru Jia, Jing Li, Zhenghui Liu.
© 2024.
13 pages.
|
|
Dawei Zhang.
© 2024.
16 pages.
|
|
Yuwen Zhu, Lei Yu.
© 2023.
16 pages.
|
|
Vijay Kumar, Sahil Sharma, Chandan Kumar, Aditya Kumar Sahu.
© 2023.
14 pages.
|
|
Wenjun Yao, Ying Jiang, Yang Yang.
© 2023.
20 pages.
|
|
Dawei Zhang.
© 2023.
14 pages.
|
|
|