참고문헌
- Sebastian Neuner et. al., "Timestamp hiccups: Detecting manipulated filesystem timestamps on NTFS", Proc. of the 12th Int. Conf. on Availability, Reliability and Security(ARES '17), Aug. 29, 2017.
- Gyu-Sang Cho, "A Computer Forensic Method for Detecting Timestamp Forgery in NTFS", Computer & Security, Vol. 34, pp. 36-46, 2013. 3] https://doi.org/10.1016/j.cose.2012.11.003
- X. Ding, H. Zou, "Reliable Time Based Forensics in NTFS", 2010 Annual Computer Security Applications Conference, Dec. 6-10, 2010.
- P. Zdzichowski et.al., "Anti-Forensic Study", NATO CCDCOE(NATO Cooperative Cyber Defence Centre of Excellence), www.ccdcoe.org, 2015.
- Wicher Minnaard, "Timestomping NTFS," IMSc final research project report, University of Amsterdam, Faculty of Natural Sciences, Mathematics and Computer Science, 2014.
- Gyu-Sang Cho, "Data Hiding in NTFS Timestamps for Anti-Forensics", International Journal of Internet, Broadcasting and Communication, vol. 8, no. 3, pp. 31-40, 2016.8 https://doi.org/10.7236/IJIBC.2016.8.3.31
- Gyu-Sang Cho, "A Steganographic Data Hiding Method in Timestamps by Bit Correction Technique for Anti-Forensics", Journal of The Korea Society of Computer and Information, Vol. 23 No. 8, pp. 75-84, August 2018.8 https://doi.org/10.9708/JKSCI.2018.23.08.075
- Neuner, S. et. al., "Time is on my side: stegano- graphy in filesystem metadata," Digital Investigation, 18, pp. S76-S86. 2016. https://doi.org/10.1016/j.diin.2016.04.010
- T. Gobel and H. Baier, "Anti-forensics in ext4: On secrecy and usability of timestamp-based data hiding," Digital Investigation, 24, pp. S111-S120, 2018. https://doi.org/10.1016/j.diin.2018.01.014
- INFO: Working with the FILETIME Structure, https://support.microsoft.com/en-us/help/188768/info-working-with-the-filetime-structure
- Microsoft Windows Dev Center, "SetFileTime function", https://docs.microsoft.com/en-us/windows/win32/api/fileapi/nf-fileapi-setfiletime
- A. Gungor, "Date Forgery Analysis and Timestamp Resolution", https://www.meridiandiscovery.com/articles/date-forgery-analysis-timestamp-resolution/, August 11, 2014
- Microsoft Hardware Dev Center, "NtSetInformation File function", https://docs.microsoft.com/ko-kr/windows-hardware/drivers/ddi/content/ntfs/nf-ntifs-ntsetinformationfile
- Microsoft Hardware Dev Center, "FILE_BASIC_INFORMATION sturcture", https://docs.microsoft.com/en-us/windows-hardware/drivers/ddi/content/wdm/ns-wdm-file_basic_information
- Metasploit Anti Forensics Project, http://www.metasploit.com/research/projects/antiforensics
- SetMace, "https://github.com/jschicht/SetMace"
- Microsoft Hardware Dev Center, "IRP_MJ_WRITE", https://docs.microsoft.com/ko-kr/windows-hardware/drivers/ifs/irp-mj-write
- Ahmed A. Bahjat and Jim Jones, "Deleted file fragment dating by analysis of allocated neighbors", Digital Investigation, Vol.28, pp. S60-S67, 2019. https://doi.org/10.1016/j.diin.2019.01.015
- Gyu-Sang Cho, "Digital Forensic Analysis of Timestamp Change Tools: An Anti-Forensics Perspective", Proceedings of KSCI Summer Conference 2019 Vol. 27 No. 2, pp. 391-392, July 2019.
- FileTouch, "http://www.softtreetech.com/24x7/archive/47.htm"
- chtime, "https://github.com/Loadmaster/chtime-win32"
- SKTimeStamp, https://tools.stefankueng.com/SKTimeStamp.html
- eXpress TimeStamp Toucher, "https://www.softpedia.com/get/System/File-Management/TimeStamp-Toucher.shtml
- NewFileTime,"https://www.softwareok.com/?seite=Microsoft/NewFileTime"
- Bulk File Changer, "https://www.nirsoft.net/utils/bulk_file_changer.html"