Abstract
Timestamps stored on digital media play an important role in digital investigations. However, the evidentiary value of timestamps is questionable because timestamps can be manipulated or they could refer to a clock that is erroneous or improperly adjusted. This paper presents a formalism for defining clock hypotheses based on historical adjustments to clocks, and for testing the consistency of the hypotheses with respect to stored timestamps. Two consistency tests are proposed for justifying clock hypotheses without having to rely on timestamps from external sources.
Chapter PDF
Similar content being viewed by others
References
C. Boyd and P. Forster, Time and date issues in forensic computing - A case study, Digital Investigation, vol. 1(1), pp. 18-23, 2004.
B. Carrier, A hypothesis-based approach to digital forensic investigations, Technical Report 2006-06, Center for Education and Research in Information Assurance and Security, Purdue University, West Lafayette, Indiana, 2006.
C. Fidge, Logical time in distributed computing systems, IEEE Computer, vol. 24(8), pp. 28-33, 1991.
P. Gladyshev and A. Patel, Formalizing event time bounding in digital investigations, International Journal of Digital Evidence, vol. 4 (2),2005.
L. Lamport, Time, clocks and the ordering of events in a distributed system, Communications of the ACM, vol. 21(7), pp. 558-565, 1978.
B. Schatz, G. Mohay and A. Clark, A correlation method for establishing the provenance of timestamps in digital evidence, Digital Investigation, vol. 3(S1), 98-107, 2006.
M. Weil, Dynamic time and date stamp analysis, International Journal of Digital Evidence, vol. 1(2), 2002.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2008 IFIP International Federation for Information Processing
About this paper
Cite this paper
Willassen, S. (2008). Hypothesis-Based Investigation of Digital Timestamps. In: Ray, I., Shenoi, S. (eds) Advances in Digital Forensics IV. DigitalForensics 2008. IFIP — The International Federation for Information Processing, vol 285. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-84927-0_7
Download citation
DOI: https://doi.org/10.1007/978-0-387-84927-0_7
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-84926-3
Online ISBN: 978-0-387-84927-0
eBook Packages: Computer ScienceComputer Science (R0)