Welcome to the InfoSci Platform
Reference Hub3
A Model Based Approach to Timestamp Evidence Interpretation

A Model Based Approach to Timestamp Evidence Interpretation

Svein Yngvar Willassen
Copyright: © 2009 |Volume: 1 |Issue: 2 |Pages: 12
ISSN: 1941-6210|EISSN: 1941-6229|ISSN: 1941-6210|EISBN13: 9781615202201|EISSN: 1941-6229|DOI: 10.4018/jdcf.2009040101
Cite Article Cite Article

MLA

Willassen, Svein Yngvar. "A Model Based Approach to Timestamp Evidence Interpretation." IJDCF vol.1, no.2 2009: pp.1-12. http://doi.org/10.4018/jdcf.2009040101

APA

Willassen, S. Y. (2009). A Model Based Approach to Timestamp Evidence Interpretation. International Journal of Digital Crime and Forensics (IJDCF), 1(2), 1-12. http://doi.org/10.4018/jdcf.2009040101

Chicago

Willassen, Svein Yngvar. "A Model Based Approach to Timestamp Evidence Interpretation," International Journal of Digital Crime and Forensics (IJDCF) 1, no.2: 1-12. http://doi.org/10.4018/jdcf.2009040101

Export Reference

Mendeley
Favorite Full-Issue Download

Abstract

Timestamps play an important role in digital investigations, since they are necessary for the correlation of evidence from different sources. Use of timestamps as evidence can be questionable due to the reference to a clock with unknown adjustment. This work addresses this problem by taking a hypothesis based approach to timestamp investigation. Historical clock settings can be formulated as a clock hypothesis. This hypothesis can be tested for consistency with timestamp evidence by constructing a model of actions affecting timestamps in the investigated system. Acceptance of a clock hypothesis with timestamp evidence can justify the hypothesis, and thereby establish when events occurred in civil time. The results can be used to correlate timestamp evidence from different sources, including identifying correct originators during network trace.

Request Access

You do not own this content. Please login to recommend this title to your institution's librarian or purchase it from the IGI Global bookstore.