Bruce Nikkel timelines.pdf
Bruce Nikkel timelines.pdf
Bruce Nikkel timelines.pdf
11
0.0 (0)
Kartei Details
| Karten | 11 |
|---|---|
| Sprache | English |
| Kategorie | Informatik |
| Stufe | Universität |
| Erstellt / Aktualisiert | 20.06.2019 / 01.07.2020 |
| Lizenzierung | Keine Angabe |
| Weblink |
https://card2brain.ch/box/20190620_bruce_nikkel_timelines_pdf
|
| Einbinden |
<iframe src="https://card2brain.ch/box/20190620_bruce_nikkel_timelines_pdf/embed" width="780" height="150" scrolling="no" frameborder="0"></iframe>
|
Why are timelines important in digital forensics and why are timelines used?
Timelines are used for:
- digital archaelogy
- reconstruction past events
- Used to answer questions of: Who, What, Where, When, How
- to understand what happend exactly
what can be is the problem with time stamps and what can be done against the problem?
We have a lot of differnt timestamps, this is very useful
- but accuracy is not always perfect
What can be done against this
- correlation with multiple other sources helps
What is the "correct" way to write numeric dates?
YYYY-MM-DD
What are the typical timestamps on a filesystem?
MACB
- Modify - last ime contents of a file where modified
- Access - last time contents of a file were accessed
- Change - last time attributes (inode or mft) were changed
- Birth - time the file was originally created
[MFT = managed file transfer]
