Abstract
The law enforcement community has faced difficulties on how best to tackle the complex and dynamic developments on the internet, cloud services, or communications technology. This creates difficulties in the consistency of handling a digital crime scene. Offenders could use cloud storage service as a media to save others’ data through the internet. This study explores the challenges of digital investigation on Windows file system, and proposes an iterative management model to explore date-time stamps in the file metadata of Windows system. We further observe the file metadata and compare their differences in the date-time stamp issues. The analysis techniques of this study may help establish event timeline, and clarify the offender’s actions to the file. It will be useful in investigations and mitigate the impact of time bias across multiple systems.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
ACPO (Association of Chief Police Officers), ACPO Good Practice Guide for Digital Evidence (2012). http://www.digital-detective.net/digital-forensics-documents/ACPO_Good_Practice_Guide_for_Digital_Evidence_v5.pdf
Arpaci-Dusseau, R.H., Arpaci-Dusseau, A.C.: Operating Systems: Three Easy Pieces. Arpaci-Dusseau Books Inc, Madison (2014)
Casey, E.: Digital Evidence and Computer Crime Forensic Science Computers, and the Internet, 3rd edn. Elsevier Inc, London (2011)
Casey, E.: Handbook of Digital Forensics and Investigation. Elsevier, New York (2010)
Conrad, C.: 2BrightSparks.: Understanding File Attributes (2014). http://www.2brightsparks.com/resources/articles/understanding-file-attributes.html
Denscombe, M.: Good Research Guide for Small-Scale Social Research Projects, 4th edn. Open University Press, Berkshire (2010)
Federici, C.: Cloud data imager: a unified answer to remote acquisition of cloud storage areas. Digit. Invest. 11(1), 30–42 (2014). Elsevier Ltd., New York
Microsoft Corporation, File System Algorithms (2014). http://msdn.microsoft.com/en-us/library/ff469524.aspx
Microsoft Corporation, File System Behavior in the Microsoft Windows Environment (2014). http://download.microsoft.com
NIST Cloud Computing Forensic Science Working Group, NIST Cloud Computing Forensic Science Challenges (Draft NISTIR 8006) (2014). http://csrc.nist.gov/publications/drafts/nistir-8006/draft_nistir_8006.pdf
SAS Institute Inc., A Survey of Shared File Systems- Determining the Best Choice for your Distributed Applications (2013)
Thorpe, S., Ray, I., Grandison, T., Barbir, A.: Cloud log forensics metadata analysis, In: IEEE 36th Annual on Computer Software and Applications Conference Workshops (COMPSACW), pp. 194−199, Izmir, Turkey (2012)
Zawoad, S. Hasan, R.: Cloud Forensics: A Meta-Study of Challenges, Approaches, and Open Problems, University of Alabama at Birmingham (2013)
Acknowledgements
This research was partially supported by the Ministry of Science and Technology of the Republic of China under the Grants MOST 103-2221-E-015-003-.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Kao, DY., Chiu, YH. (2015). An Iterative Management Model of Exploring Windows Date-Time Stamps in Cloud Storage Forensics. In: Shi, YQ., Kim, H., Pérez-González, F., Yang, CN. (eds) Digital-Forensics and Watermarking. IWDW 2014. Lecture Notes in Computer Science(), vol 9023. Springer, Cham. https://doi.org/10.1007/978-3-319-19321-2_38
Download citation
DOI: https://doi.org/10.1007/978-3-319-19321-2_38
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-19320-5
Online ISBN: 978-3-319-19321-2
eBook Packages: Computer ScienceComputer Science (R0)